Security+ SY0-601: 1.6: Vulnerabilities

Chapter 6: Vulnerabilities

Common Vulnerabilities and Exposures

Info
CMITRE: One of the Big Daddies to Know: https://cve.mitre.org/

 

Cloud-Based vs. On-Premises

Weak Configurations

Consider the case of web servers, which have many, many configuration settings often scattered through many config files. One critical piece of configuration is SSL/TLS negotiation. Your site must use TLS 1.2 or later (if TLS 1.3 is more widely deployed by the time you read this). Anything less opens your site to a POODLE attack (Google this, I’m serious).

Here’s a link to a sweet Docker container that runs a POODLE-type attack against web servers you are well permissioned to test. Read the text of this page:

Open Perms

Unsecure root accounts

Error handling and messages

Weak encryption

Unsecure protocols

Default settings

Open ports and services

Third-Party Risks

Vendor management

System integration

Vendor support or lack thereof

EOL

EOSL

Supply chain

Outsourced code development

Data storage

Patch Management

Firmware – yes, patch this too

OS

Apps

Legacy Platforms

Impacts

Data loss

Data breach

Data exfiltration

Identity theft

Financial

Reputation

Availability loss

Want to practice exploiting vulnerabilities?

And know how to use virtual machines?

https://www.vulnhub.com/