Scribd Logo
Upload

Welcome to Scribd!

  • 43 views

    Vulnerability Analysis

    Uploaded by

    Vinny Sasha

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Vulnerability Analysis

    Uploaded by

    Vinny Sasha
    43 views3 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    43 views3 pages

    Vulnerability Analysis

    Uploaded by

    Vinny Sasha

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 3

    DSF Tutorial – Vineha Selvarajah

    Vulnerability Analysis
    Ms. Vinesha Selvarajah

    Objectives

    The objectives of this tutorial are to:

     To learn the basics threats and vulnerability assessments,


     To gain practical experience in analysis and managing vulnerabilities,
     Demonstrating the critical evaluation of hands-on vulnerability tools,
     Gain experience in preparing for the presentation of vulnerabilities found,
     Gain experience in presenting and public speaking,
     To learn the idea of critically evaluating presentations vulnerabilities.

    This tutorial class involves the following parts:

     Understanding key terms and process in relation to vulnerabilities (~45 mins)


     Identifying vulnerability assessment tools (~30 mins)
     Analyze and critically evaluate the vulnerabilities detected using testing tools (~45 mins)

    Resources

    The resource folder is found under the XX folder in your Moodle, under XXX. You can do this by
    accessing Moodle under this subject’s intake code, save the folder to your computer.

    Preparation

    To effectively prepare for this tutorial class, you should have done the following before coming to your
    tutorial class:

     Revised the slides, materials and examples for this week;


     Read through this tutorial instructions entirely, noting anything unclear.

    Reminder: If you don’t complete these tutorial exercises during your allocated tutorial class, you should
    finish them in your own time, seeking additional assistance as needed.
    DSF Tutorial – Vineha Selvarajah

    PART 1: Understanding Threat, Risks and Vulnerabilities


    This part of the tutorial is designed to test your understanding on Threats, Risk and Vulnerabilities. You
    will learn how to differentiate the terms and how they are interrelated by attempting the questions
    following key questions.
    1. State and describe 3 examples of threats that is likely to occur in a banking institution?
    2. How does threats, risks and vulnerabilities are interrelated, and what is an exploit?
    3. Why is the purpose of vulnerability assessment and how is it different from Penetration Testing?
    4. What do you understand about CVE?

    PART 2: Identifying Vulnerability Assessment Tools


    The goal of this exercise is to familiarize you with some of the commonly available used vulnerability
    assessment tools. While vulnerability assessment can be done via questionnaires in small scare
    companies, it is best to use existing tools which are pre-loaded with vulnerabilities database to test your
    system, networks, websites and etc. This a team activity of groups of 4 that involves critical evaluation on
    the different types of vulnerability assessment tools available. You are required to prepare a table
    comprising of the headers below as part of your evaluation on the some vulnerability assessment tools.

    Types of Vulnerability Payable / Free


    Supported OS /
    Tools Assessment Covered / Software /Price
    Platforms
    Features Range

    You should consider critically evaluating the following tools:


     Nessus
     Retine
     X-Scan
     QualysGuard
     OpenVAS
     Zenmap/Nmap

    PART 3: Identifying Vulnerabilities of Websites using QualysGuard


    By now, you should have completed your evaluation on some of the common tools used to assess
    vulnerabilities. This activity allows you to conduct a simple vulnerability test on Websites using the
    assessment tool (Web application) QualysGuard. Register your details, and follow the instruction in order
    to gain access to the tool. Subsequently, you may also consider trying to run you vulnerability test using
    the online PenTest Tool, to scan for vulnerabilities by scanning the web servers of targeted websites. Be
    DSF Tutorial – Vineha Selvarajah

    sure to note down the types of vulnerability detected and discuss on how to patch/overcome such
    vulnerability. You may want to consider running the assessment for the following website:
     https://www.hackthissite.org/

    Extended Activity:
    This section is only intended for students and teams who finishes early and want an additional challenge.
    It is not intended or necessary for all students to complete.

    You may want to watch some videos related to penetration testing and vulnerability assessment to
    understand the difference between them. Subsequently, you may enhance you experience in SQL
    injection to understand how SQL injection is done as one of the many penetration testing to assess the
    vulnerability of a particular website or system. You may also think about the risks involved in systems that
    are vulnerable to SQL injection.

     Penetration Testing and Vulnerability Assessment Video 1

     Vulnerability Assessment using Nessus

     SQL Injection

    You might also like