Chapter 6: Vulnerabilities
Common Vulnerabilities and Exposures
Cloud-Based vs. On-Premises
Weak Configurations
Consider the case of web servers, which have many, many configuration settings often scattered through many config files. One critical piece of configuration is SSL/TLS negotiation. Your site must use TLS 1.2 or later (if TLS 1.3 is more widely deployed by the time you read this). Anything less opens your site to a POODLE attack (Google this, I’m serious).
Here’s a link to a sweet Docker container that runs a POODLE-type attack against web servers you are well permissioned to test. Read the text of this page:
KBID XXX – TLS Downgrade: https://github.com/blabla1337/skf-labs/blob/master/kbid-xxx-tls-downgrade.md
Open Perms
Unsecure root accounts
Error handling and messages
Weak encryption
Unsecure protocols
Default settings
Open ports and services
Third-Party Risks
Vendor management
System integration
Vendor support or lack thereof
EOL
EOSL
Supply chain
Outsourced code development
Data storage
Patch Management
Firmware – yes, patch this too
OS
Apps
Legacy Platforms
Impacts
Data loss
Data breach
Data exfiltration
Identity theft
Financial
Reputation
Availability loss
Want to practice exploiting vulnerabilities?
And know how to use virtual machines?