Embed Size (px)
Citation preview
Software Security
Presented byEmanuela Boroș
“Al. I. Cuza” University, Faculty of Computer ScienceMaster of Software Engineering, II
Network Security Tools
Audit/Port Scanning Tools
● Nessus (Vulnerability scanner) #3
● SAINT (Vulnerability scanner, Based on SATAN,developed by World Wide Security,Inc.) #110
● Sara (Security Auditor’s Research Assistant, SANS Top 10 Threats, 1 May 2009)
● Nmap, strobe (Port scanners, strobe was one of the earliest port scanning tools, Nmap is the strobe's grandson)
Nessus Scanner
Nessus Scanner
● Available from http://www.nessus.org/products/nessus/● The world leading vulnerability scanner● Free for home users, licensed on a yearly subscription
for commercial businesses● Easy-to-use tool● Linux/Solaris/Windows/Android/iPhone● Provides HTML based reports ● Client/server architecture: clients (Windows, Unix,
Android, iPhone) & servers (Unix only)
Pros/Cons
Pros ● Free vulnerability scanning● Easy to install and use● Up-to-date security vulnerability database● Free for home users● Powerful plug-in architecture
Cons● Needs activation code● Some UI issues
Policies
A Nessus “policy” consists of configuration options related to performing a vulnerability scan.
● External Network Scan ● scans externally facing hosts● XSS plugin families● all 65,535 ports are scanned
● Internal Network Scan● scans large internal networks with many hosts, several exposed services, and
embedded systems such as printers● standard set of ports is scanned
● Web App Tests● scans for vulnerabilities present in each of the parameters, including XSS,
SQL, command injection● Prepare for PCI DSS audits
● enables the built-in PCI DSS compliance checks that compare scan results with the PCI standards and produces a report on your compliance posture
Server
Pros/Cons
Client
Case Studies
Version: 4.4.1 Feed Type: Home OS: Windows 7/Android
Internal Network Scan
● Default policy● scans large internal networks with many hosts, several exposed services, and
embedded systems such as printers● standard set of ports is scanned
Web Application Scanning With Credentials
Steps
● App that requires authentication
● Create a policy● General - Port 80● Preferences
● HTTP login page● Login page and login form (may be a different form)● Look into you html and see what name fields or you can
use a sniffer What it is used into a post request● Ability to check for auth – login successfully with a timer
– go to this page every delay to see if you're still logged – with a 120 seconds and you should see a regex Logout
● Web mirroring – regular expressions to exclude things – web spider to exclude logout.php cause that would log you out
Windows Scanning
Conclusions
Using Android Nessus app
Nmap
Nmap
● Insecure.Org
● free utility which can quickly scan broad ranges of devices and provide valuable information about the devices on your network
● uses raw IP packets to determine what hosts are available on the network
● used by attackers to scan a network and perform reconnaisance about the types and quantities of targets available and what weaknesses exist
Nmap with Nessus
Advantages
● smart penetration testing
● nmap the best scanner ever and nessus one of our favorite vulnerability scanner
● effective and less time consumer
Case Study
Steps
● used nmap for a quick scan on the local network to all the hosts in the subnet
● after the scan there will be different hosts and their open ports
