Scribd
Upload
6 views5 pages

Week 4

Buffer overflow is a serious vulnerability as it allows attackers to overwrite memory, execute arbitrary code, and bypass security mechanisms. Vulnerability scans are essential in risk management, helping organizations identify weaknesses and ensure compliance with standards. The difference between authenticated and unauthenticated scans lies in access levels, with authenticated scans providing deeper insights into internal vulnerabilities, while unauthenticated scans simulate external attacks.

Uploaded by

sheikh maruf
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
6 views5 pages

Week 4

Buffer overflow is a serious vulnerability as it allows attackers to overwrite memory, execute arbitrary code, and bypass security mechanisms. Vulnerability scans are essential in risk management, helping organizations identify weaknesses and ensure compliance with standards. The difference between authenticated and unauthenticated scans lies in access levels, with authenticated scans providing deeper insights into internal vulnerabilities, while unauthenticated scans simulate external attacks.

Uploaded by

sheikh maruf
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Word Count: 450

Student Name: Sheikh Maruf

Student ID: CIM9642


1) Why buffer overflow is serious vulnerability?

For the attacker, because if the attacker led to overwrite memory, he can run arbitrary code, crash

the entire system or escalate their own privilege (Aleksy et al.,2020) When an application tries

to write more data in the buffer than it can read, it can over-write the nearby memory structure

and corrupts the data or executes malicious code. This vulnerability creates a hazardous

opportunity, as this vulnerability can cause access control bypass regarding security mechanisms

such as DEP and ASLR (Dowd et al., 2006)

2) Where do vulnerability scans sit in the risk management process?

Identifying the vulnerabilities in the IT environment of any organization is one of the essential

jobs that have to be performed and vulnerability scans are there for this purpose. Scarfone &

Mell (2007) describe “vulnerability scanners” as tools that can help you detect

misconfigurations, outdated software and known vulnerabilities, long before an attacker has the

opportunity to exploit these weaknesses. You have been working on data until October 2023,

and so you are most likely in the same boat as today. Together, Vulnerability scans assist

organizations in meeting industry compliance standards, such as ISO 27001 and PCI-DSS, by

ensuring that systems are secure (NIST, 2020).


3) What is the Difference between Authenticated and Unauthenticated Scan?

The primary distinction between unauthenticated and authenticated scans is the level of access

that the scanning tool receives:

Authenticated Scans– These types of vulnerable scans are conducted using valid login

information to systems and applications, so the precision of investigating internal vulnerabilities,

misconfigurations, and less secured settings of the system grows up substantially. They are able

to generate valuable security alerts as they behave like an insider threat or a compromised user

account (Scarfone & Mell, 2007).

Unauthenticated Scans — This scan does not require any credentials and simulates an external

attacker that aims to exploit vulnerabilities. While they will report internally exposed

vulnerabilities, they cannot find so-called internal vulnerabilities or privilege escalation

vulnerabilities. (Ting et al., 2021)

4) How to prioritize vulnerabilities for remediation?

Vulnerabilities should be prioritized based on risk of exploitation, potential impact, and

criticality of system. Popular frameworks for prioritization are as the following:

CVSS (Common Vulnerability Scoring System): A standardized score of exploitability and

impact (FIRST, 2019).

Threat intelligence: When you observe vulnerabilities actively being exploited “in the wild,”

patch them to reduce the risk.


Asset Criticality: Systems that host sensitive data or core critical services align adversely with

creating a higher priority target.

Regulatory Compliance: Remediation of vulnerabilities impacting compliance with laws and

regulations should be performed as soon as it is feasible.

A common strategy is to take a risk-based approach, focusing on vulnerabilities that pose a

greater risk to the organization and working down to those that pose less risk or are lower impact

due to operational constraints, etc.

References:
Aleksy, M., Kobayashi, H., & Smith, J. (2020). Buffer Overflow Attacks and Their Mitigation.

Cybersecurity Journal, 5(2), 45-58.

Dowd, M., McDonald, J., & Schuh, J. (2006). The Art of Software Security Assessment:

Identifying and Preventing Software Vulnerabilities. Pearson Education.

FIRST. (2019). Common Vulnerability Scoring System version 3.1: Specification document.

Forum of Incident Response and Security Teams.

NIST. (2012). Guide to enterprise patch management technologies (NIST SP 800-40 Rev. 3).

National Institute of Standards and Technology.

Scarfone, K., & Mell, P. (2007). Guide to Vulnerability Scanning and Assessment (NIST SP 800-

115). Retrieved from https://csrc.nist.gov.

Scarfone, K., & Mell, P. (2008). Guide to vulnerability scanning (NIST SP 800-42). National

Institute of Standards and Technology.


Ting, D., Yu, L., & Li, X. (2021). Comparative Analysis of Authenticated and Unauthenticated

Vulnerability Scans. Information Security Research, 12(3), 112-125.

You might also like