{"id":37806,"date":"2022-01-20T11:42:56","date_gmt":"2022-01-20T06:12:56","guid":{"rendered":"https:\/\/www.wikitechy.com\/technology\/?p=37806"},"modified":"2022-01-22T14:05:12","modified_gmt":"2022-01-22T08:35:12","slug":"vulnerability-analysis-in-ethical-hacking","status":"publish","type":"post","link":"https:\/\/www.wikitechy.com\/technology\/vulnerability-analysis-in-ethical-hacking\/","title":{"rendered":"Vulnerability Analysis in Ethical Hacking"},"content":{"rendered":"<h2 id=\"what-is-vulnerability\" style=\"text-align: justify;\"><strong>What is Vulnerability ?<\/strong><\/h2>\n<p style=\"text-align: justify;\">It is defined as an issue in the software code that a hacker can exploit to damage the systems. It can be a gap in the execution of <a href=\"https:\/\/www.wikitechy.com\/interview-questions\/networking\/what-is-cyber-security\/\">cyber security<\/a> events or a weakness in the controls.<\/p>\n<h2 id=\"examples-of-vulnerability\" style=\"text-align: justify;\">Examples of Vulnerability<\/h2>\n<ul style=\"text-align: justify;\">\n<li>Illegal network access by Hackers due to a weak Firewall<\/li>\n<li>Cracking of Wi-Fi Passwords<\/li>\n<li>Misconfiguration of passwords<\/li>\n<li>Insecure cryptographic storage<\/li>\n<li>Exposure of sensitive data due to lack of application security<\/li>\n<\/ul>\n<h2 id=\"what-is-vulnerability-analysis\" style=\"text-align: justify;\"><strong>What is Vulnerability Analysis ?<\/strong><\/h2>\n<p style=\"text-align: justify;\">It is the next phase of <a href=\"https:\/\/www.wikitechy.com\/tutorials\/ethical-hacking\/\">Ethical hacking<\/a> to find the security holes or vulnerabilities in your system or network.<\/p>\n<p style=\"text-align: justify;\">A vulnerability assessment is a process of defining, identifying, classifying and prioritizing vulnerabilities in systems, network infrastructures, and applications.<\/p>\n<p style=\"text-align: justify;\">This process provides organizations with the knowledge to know threats to their environment and react consequently which provides a way to detect and resolve security problems by ranking the vulnerabilities before someone or something can exploit them. It is important for the security of the organization.<\/p>\n<h2 id=\"objectives-of-the-vulnerability-analysis\" style=\"text-align: justify;\"><strong>Objectives of the Vulnerability analysis<\/strong><\/h2>\n<ul style=\"text-align: justify;\">\n<li>To identify vulnerabilities \u2013 Configuration, system, Design, Code, Process<\/li>\n<li>Supporting the vulnerabilities<\/li>\n<li>Preparation of guidance to mitigate the vulnerabilities<\/li>\n<\/ul>\n<h2 id=\"importance-of-vulnerability-analysis\" style=\"text-align: justify;\"><strong>Importance of Vulnerability Analysis<\/strong><\/h2>\n<ul style=\"text-align: justify;\">\n<li>Deep dive visions of the security issues<\/li>\n<li>Helps us know the risks related with the entire ecosystem\n<ul>\n<li>For security breaches<\/li>\n<\/ul>\n<\/li>\n<li>Assets that are prone to cyber attacks<\/li>\n<\/ul>\n<h2 id=\"steps-for-the-vulnerability-analysis\" style=\"text-align: justify;\"><strong>Steps for the vulnerability Analysis<\/strong><\/h2>\n<h3 id=\"step-1-assess-critical-value-of-each-device\" style=\"text-align: justify;\">Step 1 : Assess Critical Value of each device<\/h3>\n<ul style=\"text-align: justify;\">\n<li>Review all the devices in the network<\/li>\n<li>Who are the people accessing the devices<\/li>\n<li>Capture the below information<\/li>\n<li>Risk Impact<\/li>\n<li>Risk threshold<\/li>\n<li>Risk strategy planning<\/li>\n<li>Mitigation<\/li>\n<li>Business Impact Analysis<\/li>\n<\/ul>\n<h3 id=\"step-2-detailed-of-the-installed-systems\" style=\"text-align: justify;\"><strong>Step 2: Detailed of the Installed systems<\/strong><\/h3>\n<ul>\n<li style=\"text-align: justify;\">Systems \u2013 What they do<\/li>\n<li style=\"text-align: justify;\">For whom the devices are installed<\/li>\n<li style=\"text-align: justify;\">Review \u2013 Device open ports<\/li>\n<li style=\"text-align: justify;\">Configuration of the devices<\/li>\n<li style=\"text-align: justify;\">Drivers of the devices which are certified<\/li>\n<li style=\"text-align: justify;\">Device vendor, version details<\/li>\n<li style=\"text-align: justify;\">Software installed on the devices<\/li>\n<\/ul>\n<h3 id=\"step-3-vulnerability-scanning\" style=\"text-align: justify;\"><strong>Step 3: Vulnerability Scanning<\/strong><\/h3>\n<ul style=\"text-align: justify;\">\n<li>Compilance requirements checking<\/li>\n<li>Scan policy formation<\/li>\n<li>Scanning \u2013 Single or Multiple time<\/li>\n<\/ul>\n<h3 id=\"step-4-report-creation\" style=\"text-align: justify;\"><strong>Step 4: Report Creation<\/strong><\/h3>\n<ul style=\"text-align: justify;\">\n<li>Vulnerability name<\/li>\n<li>Vulnerability Discover date<\/li>\n<li>Common Vulnerabilities<\/li>\n<li>Risk Score,Systems affected<\/li>\n<li>Method to fix them<\/li>\n<\/ul>\n<h2 id=\"types-of-vulnerability-assessment\" style=\"text-align: justify;\"><strong>Types of Vulnerability Assessment<\/strong><\/h2>\n<p><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-full wp-image-37821 aligncenter\" src=\"https:\/\/www.wikitechy.com\/technology\/wp-content\/uploads\/2022\/01\/vulnerability-assessment.png\" alt=\"\" width=\"800\" height=\"323\" srcset=\"https:\/\/www.wikitechy.com\/technology\/wp-content\/uploads\/2022\/01\/vulnerability-assessment.png 800w, https:\/\/www.wikitechy.com\/technology\/wp-content\/uploads\/2022\/01\/vulnerability-assessment-300x121.png 300w, https:\/\/www.wikitechy.com\/technology\/wp-content\/uploads\/2022\/01\/vulnerability-assessment-768x310.png 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify;\"><strong>Network Based Scans<\/strong><\/p>\n<ul style=\"text-align: justify;\">\n<li>To identify network vulnerabilities. This scan helps to find the weak systems in the wired and wireless networks<\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><strong>Host Based Scans<\/strong><\/p>\n<ul style=\"text-align: justify;\">\n<li>To identify vulnerabilities in the ports, configuration, server workstations, other hosts and patch history<\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><strong>Wireless Network Scans<\/strong><\/p>\n<ul style=\"text-align: justify;\">\n<li>Complete scan on wireless networks to find the vulnerabilities<\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><strong>Application Scans<\/strong><\/p>\n<ul style=\"text-align: justify;\">\n<li>To test all gateways and mobile applications for vulnerabilities<\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><strong>Database Scans<\/strong><\/p>\n<ul style=\"text-align: justify;\">\n<li>To scan all the databases for potential vulnerabilities.<\/li>\n<\/ul>\n<h2 id=\"models-of-vulnerability-in-ethical-hacking\" style=\"text-align: justify;\"><strong>Models of Vulnerability in Ethical Hacking<\/strong><\/h2>\n<p style=\"text-align: justify;\"><strong>Firewall model<\/strong><\/p>\n<ul style=\"text-align: justify;\">\n<li>Insider attacks &#8211; \u00a0A Outside firewall should be decided and this can take care of the outside attacks<\/li>\n<li>Missed security patches\n<ul>\n<li>When the patch management of firewall has not happened<\/li>\n<\/ul>\n<\/li>\n<li>Configuration issues\n<ul>\n<li>If there are faults in the configuration of firewall<\/li>\n<\/ul>\n<\/li>\n<li>DDOS attacks\n<ul>\n<li>Only allow genuine traffic to avoid these attacks<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><strong>Password model<\/strong><\/p>\n<p style=\"text-align: justify;\">Dictionary, Hybrid model and Brute force is used to crack the password by the hacker.<\/p>\n<p style=\"text-align: justify;\"><strong>Logical Bombing<\/strong><\/p>\n<p style=\"text-align: justify;\">When the hacker uses a malicious code to inject the web application or the cloud infrastructure<\/p>\n<p style=\"text-align: justify;\"><strong>Web Hijacking<\/strong><\/p>\n<p style=\"text-align: justify;\">when an unauthorized user tries to access the application bypassing the authorization mechanism<\/p>\n<h2 id=\"protection-from-hacking\" style=\"text-align: justify;\"><strong>Protection from Hacking<\/strong><\/h2>\n<p style=\"text-align: justify;\">Here are the steps to prevent hacking<\/p>\n<ul>\n<li style=\"text-align: justify;\">Updating of Operating systems<\/li>\n<li style=\"text-align: justify;\">Installation of the proper firewall to prevent intrusion<\/li>\n<li style=\"text-align: justify;\">Destroying all personal information from all the web sources<\/li>\n<li style=\"text-align: justify;\">No use of Open Wi-Fi<\/li>\n<li style=\"text-align: justify;\">Password \u2013 Strong password which is not easy to find out<\/li>\n<li style=\"text-align: justify;\">Smart emailing \u2013 Avoid opening of phishing mails<\/li>\n<li style=\"text-align: justify;\">Keep the sensitive data in the protected environment<\/li>\n<li style=\"text-align: justify;\">Ignore spam<\/li>\n<li style=\"text-align: justify;\">Shut down the systems after use<\/li>\n<li style=\"text-align: justify;\">Secure the network<\/li>\n<li style=\"text-align: justify;\">Back up the data<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>What is Vulnerability ? It is defined as an issue in the software code that a hacker can exploit to damage the systems. It can be a gap in the execution of cyber security events or a weakness in the controls. Examples of Vulnerability Illegal network access by Hackers due to a weak Firewall Cracking [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29859],"tags":[101072,101087,101084,101035,101073,101089,101083,101091,101081,101080,101079,101065,101075,101074,101086,101076,101077,101082,101078,101071,101085,101088,101090],"class_list":["post-37806","post","type-post","status-publish","format-standard","hentry","category-hacking","tag-certified-ethical-hacker-ceh-vulnerability-analysis","tag-cybersecurity-vulnerability-assessment","tag-deliverable-in-ethical-hacking","tag-enumeration-in-ethical-hacking","tag-ethical-hacking-vulnerability-analysis","tag-how-hackers-find-vulnerabilities","tag-how-to-prevent-scanning-in-ethical-hacking","tag-system-hacking-in-ethical-hacking","tag-types-of-vulnerability-in-ethical-hacking","tag-vulnerability-analysis","tag-vulnerability-analysis-course-for-ethical-hacking","tag-vulnerability-analysis-in-ethical-hacking","tag-vulnerability-analysis-through-ethical-hacking-techniques","tag-vulnerability-assessment","tag-vulnerability-assessment-process","tag-vulnerability-assessment-vs-penetration-testing","tag-vulnerability-assessments-in-ethical-hacking","tag-vulnerability-in-ethical-hacking","tag-what-is-a-vulnerability-assessment","tag-what-is-a-vulnerability-assessment-in-ethical-hacking","tag-what-is-ethical-hacking-explain-with-example","tag-what-is-the-importance-of-vulnerability-assessment","tag-what-is-vulnerability-in-hacking"],"_links":{"self":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/posts\/37806","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/comments?post=37806"}],"version-history":[{"count":4,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/posts\/37806\/revisions"}],"predecessor-version":[{"id":37823,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/posts\/37806\/revisions\/37823"}],"wp:attachment":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/media?parent=37806"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/categories?post=37806"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/tags?post=37806"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}