University of Carthage

*****
National Institute of Applied Science and
Technology

Ethical Hacking and Countermeasures:

Course based on EC-Council CEH

Chapter 5: Vulnerability Analysis

Instructor : Alyssa Berriche

Year : 2023/2024
 Vulnerability Assessment Concepts
Vulnerability Research
• The process of analyzing protocols, services, and configurations to
discover vulnerabilities and design flaws that will expose an operating
system and its applications to exploit, attack, or misuse.

CEH Study Guide Instructor : Alyssa Berriche

 Vulnerability Assessment Concepts
Resources for Vulnerability Research
• The following are some of the online websites used to perform
vulnerability research

CEH Study Guide Instructor : Alyssa Berriche

 Vulnerability Assessment Concepts
Vulnerability Assessment
• Vulnerability Assessment is an in-depth examination of the ability of a system or
application, including current security procedures and controls, to withstand the
exploitation.
• It recognizes, measures, and classifies security vulnerabilities in a computer system,
network and communication channels

CEH Study Guide Instructor : Alyssa Berriche

 Vulnerability Assessment Concepts
Vulnerability Scoring Systems and databases
• Due to growing severity of cyber-attacks, vulnerability research has
become critical as it helps to mitigate against attacks.
• Vulnerability scoring systems and vulnerability databases are used to
rank information system vulnerabilities and to provide a composite
score of the overall severity and risk associated with identified
vulnerabilities.
• Vulnerability databases collect and maintain information about various
vulnerabilities present in information systems.

CEH Study Guide Instructor : Alyssa Berriche

 Vulnerability Assessment Concepts
Vulnerability Databases: CVE
• CVE = Common Vulnerabilities
and Exposures
• A publicly available and
free-to-use list or dictionary of
standardized identifiers for
common software vulnerabilities
and exposures.

CEH Study Guide Instructor : Alyssa Berriche

 Vulnerability Assessment Concepts
Vulnerability Databases: NVD
• NVD = National Vulnerability Database
• A U.S government repository of
standards-based vulnerability management
data represented using the Security Content
Automation Protocol (SCAP).
• These data enable the automation of
vulnerability management, security
measurement and compliance.
• The NVD included databases of security
checklist references, security-related
software flaws, misconfigurations, product
names, and impact metrics.

CEH Study Guide Instructor : Alyssa Berriche

 Vulnerability Assessment Concepts
Vulnerability Databases : CWE
• CWE = Common Weakness Enumeration
• A category system for software vulnerabilities and
weaknesses.
• It is sponsored by the National Cybersecurity FFRDC,
which is owned by the MITRE Corporation, with support
from US-CERT and the National Cyber Security
Division of the U.S Department of Homeland Security.
• It has over 600 categories of weaknesses, which
enable CWE to be effectively employed by the
community as a baseline for weakness identification,
mitigation and prevention efforts.

CEH Study Guide Instructor : Alyssa Berriche

 Vulnerability Assessment Concepts
Vulnerability Scoring System: CVSS
• CVSS = Common Vulnerability Scoring
System
• CVSS provides an open framework for
communicating the characteristics and
impacts of IT vulnerabilities.
• Its quantitative model ensures
repeatable accurate measurement,
while enabling users to view the
underlying vulnerability characteristics
used to generate the scores.

CEH Study Guide Instructor : Alyssa Berriche

 Vulnerability Assessment Concepts
Vulnerability Management Lifecycle

CEH Study Guide Instructor : Alyssa Berriche

 Vulnerability Classification and Assessment Types
Classification

CEH Study Guide Instructor : Alyssa Berriche

 Vulnerability Classification and Assessment Types
Classification
• Misconfiguration
• The most common vulnerability and mainly caused by human error
• It affects web servers, application platforms, databases, and networks.
• Default installations
• Failing to change the default settings while deploying the software or
hardware allows the attacker to guess the settings to break into the system.
• Buffer overflows
• In a buffer overflow attack, the attackers undermine the functioning of
programs and try to take control of the system by writing content beyond the
allocated size of the buffer.
• Insufficient bounds checking in the program is the root cause.
CEH Study Guide Instructor : Alyssa Berriche
 Vulnerability Classification and Assessment Types
Classification
• Unpatched servers
• Unpatched servers are a hub for the attackers, they serve as an entry point into
the network.
• This can lead to the exposure of private data, financial loss, and discontinuation
of operations.
• Design flaws
• Design vulnerabilities such as incorrect encryption or the poor validation of
data refer to logical flaws in the functionality of the system that attackers
exploit to bypass the detection mechanism and acquire access to a secure
system.
• Operating systems flaws
• Attackers can use malicious code, script, or unwanted software, which results in
the loss of sensitive information and control of computer operations.
CEH Study Guide Instructor : Alyssa Berriche
 Vulnerability Classification and Assessment Types
Classification
• Application flaws
• Flawed applications pose security threats such as data tampering and
unauthorized access to configuration stores.
• If applications are not secured, sensitive information may be list or corrupted.
• Open services
• Open ports and services may lead to the loss of data or DoS attacks and allow
attackers to perform further attacks on other connected devices.
• Default passwords
• When use forget to update the default/initial passwords, they make devices
and systems vulnerable to various attacks, such as bruteforce and dictionary
attacks.

CEH Study Guide Instructor : Alyssa Berriche

 Vulnerability Classification and Assessment Types
Assessment types

CEH Study Guide Instructor : Alyssa Berriche

 Vulnerability Classification and Assessment Types
Assessment types

CEH Study Guide Instructor : Alyssa Berriche

 Vulnerability Assessment Solutions and Tools
Working Vulnerability Scanning Solutions
1. Locate live 3. Test for known
hosts in the target vulnerability
2. Enumerate associated with
network the open ports identified services
and services and their versions
+OS

CEH Study Guide Instructor : Alyssa Berriche

 Vulnerability Assessment Solutions and Tools
Types Of Vulnerability Assessment Tools

CEH Study Guide Instructor : Alyssa Berriche

 Vulnerability Assessment Solutions and Tools
Criteria for Choosing a Vulnerability Assessment Tool

1. Types of vulnerabilities being assessed

2. Testing capability of scanning
3. Ability to provide accurate reports
4. Efficient and accurate scanning
5. Capability to perform a smart search
6. Functionality for writing its own tests
7. Test run scheduling
CEH Study Guide Instructor : Alyssa Berriche
 Vulnerability Assessment Solutions and Tools
Qualys vulnerability Management
• A cloud-based service that
offers immediate global
visibility into IT system areas
that might be vulnerable to
the latest internet threats
and how to protect them.

CEH Study Guide Instructor : Alyssa Berriche

 Vulnerability Assessment Solutions and Tools
Tenable and Nessus
• Tenable.io is managed in the
cloud and powered by
Nessus technology.
• Tenable.io is a cloud-based
vulnerability management for
complete visibility into the
assets and vulnerabilities
within an organization.

CEH Study Guide Instructor : Alyssa Berriche

 Vulnerability Assessment Solutions and Tools
OpenVas
• A framework of several
services and tools offering
a comprehensive and
powerful vulnerability
scanning and vulnerability
management solution.

CEH Study Guide Instructor : Alyssa Berriche

 Vulnerability Assessment Solutions and Tools
Nikto
• A web server assessment
tool that examines a web
server to discover potential
problems and security
vulnerabilities.

CEH Study Guide Instructor : Alyssa Berriche

 Vulnerability Assessment Reports
• In the vulnerability assessment process, once all the phases are completed,
the security team will review the results and process the information to
prepare the final report.
• The vulnerability assessment report discloses the risks detected after scanning
a network.
• The alerts the organization of possible attacks and suggests countermeasures.
• Information available in the reports is used to fix security flaws

CEH Study Guide Instructor : Alyssa Berriche