DEV Community

Timothy Imanuel
Timothy Imanuel

Posted on

Week 6

#cybersecurity #infosec #security #testing

Ethical Hacking Week 6: Vulnerability Mapping

This week in Ethical Hacking and Penetration Testing, we go into the critical phase of Vulnerability Mapping. Once we know our target exists and what services it’s running, we need to find the vulnerabilities that they have.

What is Vulnerability Mapping?

Vulnerability mapping is the process of identifying, classifying, and prioritizing weaknesses in a system. Not all bugs are created equal, and understanding their origin helps us decide how to exploit or fix them.

The Three Main Types of Vulnerabilities

We categorize vulnerabilities based on where they come from:

  • Design Vulnerabilities: Flaws in the actual specifications of the software or protocol. These are "broken by design."
  • Implementation Vulnerabilities: Mistakes made while writing the code, such as poor error handling or logical flaws.
  • Operational Vulnerabilities: Weaknesses caused by improper configuration or poor deployment choices in live environment.

Local vs. Remote Attacks

  • Local Vulnerabilities: The attacker needs physical access or a local account to trigger the flaw. These are often used for Privilege Escalation (moving from a standard user to an Admin/Root access).
  • Remote Vulnerabilities: The attacker can trigger and exploit the flaw over the network without needing any prior access. These are the "holy grail" for external attackers.

Web Application Auditing

A large part of our lab focused on the unique vulnerabilities found in websites. We looked at how to audit applications for:

  • SQL Injection (SQLi): Attacking the database by inserting malicious SQL commands into input fields.
  • Cross-Site Scripting (XSS): Injecting malicious scripts into web pages viewed by other users.
  • Cookie Security: Checking for missing security flags like HttpOnly (prevents JS access) and Secure (prevents transmission over unencrypted connections).

The Pentester's Toolkit

To find these flaws efficiently, we use a variety of specialized auditing tools:

  • Burp Suite: The industry standard for intercepting and modifying web traffic.
  • Nikto / Nikto2: A powerful web server scanner that looks for dangerous files and outdated software.
  • SQLmap: An automated tool that detects and exploits SQL injection flaws.
  • W3af: A web application attack and audit framework.

Vulnerability mapping turns a list of open ports into a prioritized list of targets. By understanding the taxonomy of these flaws, we can move from simple scanning to high-impact exploitation.

Top comments (0)