Chapter 6: Vulnerabilities
Common Vulnerabilities and Exposures
Cloud-Based vs. On-Premises
Weak Configurations
Consider the case of web servers, which have many, many configuration settings often scattered through many config files. One critical piece of configuration is SSL/TLS negotiation. Your site must use TLS 1.2 or later (if TLS 1.3 is more widely deployed by the time you read this). Anything less opens your site to a POODLE attack (Google this, I’m serious).
Here’s a link to a sweet Docker container that runs a POODLE-type attack against web servers you are well permissioned to test. Read the text of this page:
KBID XXX – TLS Downgrade: https://github.com/blabla1337/skf-labs/blob/master/kbid-xxx-tls-downgrade.md
Open Perms
Unsecure root accounts
Error handling and messages
Weak encryption
Unsecure protocols
Default settings
Open ports and services
Third-Party Risks
Vendor management
System integration
Vendor support or lack thereof
EOL
EOSL
Supply chain
Outsourced code development
Data storage
Patch Management
Firmware – yes, patch this too
OS
Apps
Legacy Platforms
Impacts
Data loss
Data breach
Data exfiltration
https://www.youtube.com/watch?v=tBgG4-at7Io
Identity theft
Financial
Reputation
Availability loss
Want to practice exploiting vulnerabilities?
And know how to use virtual machines?