1.

Explain in detail the various ways by which software vulnerabilities could be

explored. Also proffer solution to the identified security holes.

If you want to protect your customers and your brand, it’s important to identify and
prevent software security vulnerabilities before shipping software. In order to do so, you
first need to be aware of the different types of security weaknesses and ways to avoid
them.Here are a few
⦁ Bugs
⦁ Exposure of sensitive data
⦁ Flaws in Injection
⦁ Buffer overflow
⦁ Security misconfiguration
⦁ Broken access control
⦁ Insecure deserialization
⦁ Broken/Missing Authentication

⦁ Bugs
Software bugs are an error or failure in software and they’re very common. Some bugs
will result in serious issues like information theft and some will lead to system failure.
But some less serious bugs will result in error messages or incorrect results. Bugs, in
general, cause the software to behave in an unexpected manner. Pretty much all
software contains minor (or major) bugs. Hackers can easily take advantage of some
software bugs and cause much harm if you do not fix security vulnerabilities. While it’s
usually impossible to ship software with 0 bugs, it’s important to find and fix any serious
bugs, especially ones that could pose a security risk.

⦁ Exposure of sensitive data

Sensitive data includes things such as account numbers, addresses, financial data,
health information, usernames, and passwords. All this data must be protected to keep
it from falling into the wrong hands. Personal or sensitive data has to be protected with
encryption and access controls to prevent unauthorized people from accessing it. If the
software fails to protect this personal data due to security vulnerabilities, hackers who
gain access to this information can use it to commit fraud and other crimes.
⦁ Flaws in Injection
Injection flaws result in cyber attackers injecting malicious code into an application.
This kind of software security vulnerability occurs when untrusted data is sent along
with a query or command to an interpreter, which in turn will make the targeted system
to execute unexpected commands. This kind of attack can also result in hackers
gaining access to protected data stored in the database without the right authorization.
⦁ Buffer overflow
Yet another common type of software security weakness, buffer overflow occurs when
an attempt is made to store data that is too big for the memory space allocated.
Attackers can use this software coding mistake, where the storage capacity of a
program is overwritten, to take control of or to access your system. This vulnerability
tends to be more common in software written in C and C++. Many programming
languages have automatic protection against buffer overflow attacks.
⦁ Security misconfiguration
One of the most common issues in software development, security misconfiguration is
a result of incomplete configurations and default configurations that are not secure. For
example, open cloud storage or misconfigured HTTP headers. In order to avoid this kind
of software security weakness, you need to make sure you have properly configured
your OS, frameworks, and applications. Likewise, all this must be updated whenever
necessary.
⦁ Broken access control

Broken user restrictions can cause severe software weaknesses. For example, if you
have an admin panel for your website, you want to restrict that area so only admin users
can access it. If such restrictions are not enforced properly, hackers and other
unauthorized people can easily take advantage of that vulnerability and access sensitive
data or gain control of your system.
⦁ Insecure deserialization
Insecure deserialization is a security weakness that is used by hackers to carry out
injection attacks and DDoS attacks. In this type of vulnerability, untrusted data is used
to implement attacks.
⦁ Broken/Missing Authentication
Weaknesses in session management and credential management result in broken
authentication, which means an attacker is able to compromise passwords or other
information to access a user’s account. Improperly implemented authentication and
session management can result in this kind of software vulnerability.
There are a lot of adverse effects that can occur as a result of software security
weaknesses. But you can prevent these problems if you take all the necessary security
precautions while developing the software. It’s important for software developers to use
different methods to detect weaknesses in their software automatically. The following
are good ways to prevent software security vulnerabilities.(The Committee on National
Security Systems of United States of America 2008 ).
How to Prevent Software Vulnerabilities
⦁ Test Your Software
It’s a good practice to test your software often as this will help you find and get rid of
vulnerabilities quickly. You can test your software using code analysis tools, white box
testing, black box testing, and other techniques.
⦁ Update the Software Regularly
It is important to regularly update software as outdated software is prone to
vulnerabilities. By making sure your software uses up to date components and
dependencies, you can prevent security issues and software vulnerabilities.

⦁ Set Up Software Design Requirements

Define a set of principles that need to be followed while developing each software
release. These principles will show the developers how to write, inspect, and
demonstrate their code to ensure security best practices are followed. Following the
latest information from organizations such as CWE, OWASP, and CERT will also help
you detect and prevent vulnerabilities.
⦁ Use a Code Signing Certificate
Digitally signing your code using a code signing certificate will make your code tamper-
proof, making it impossible for third parties to tamper with your code. A code signing
certificate will make sure your files remain secure and it will also prevent hackers from
adding security vulnerabilities to your code.

2.With the aid of annotated diagrams, explain the measures of control that could be
used to remove or reduce vulnerabilities.

There are several measures of control that can be used to remove or reduce
vulnerabilities:

1. Input validation:
This involves checking the validity of input data and ensuring that it is of the correct
type, format, and length. Input validation can help prevent malicious input from being
processed by the system, which can help prevent attacks such as SQL injection or
buffer overflow.
Output encoding: This involves converting special characters in output data into a
format that is safe to display. This can help prevent cross-site scripting (XSS) attacks, in
which malicious code is injected into a website and executed by the user's browser.

2. Access controls:
These controls limit access to resources or functions based on a user's role or
permissions. This can help prevent unauthorized access to sensitive data or systems.

3. Authentication:
This involves verifying the identity of a user before granting access to a system. This
can be done through the use of passwords, two-factor authentication, or biometric
factors.
4. Encryption:
This involves converting data into a form that is unreadable without a decryption key.
This can help protect data from being accessed by unauthorized parties, even if it is
intercepted in transit.

5. Firewalls:
These are software or hardware devices that control incoming and outgoing network
traffic based on predetermined security rules. Firewalls can help protect a network from
external threats such as malware or hackers.

6. Patches and updates:

It is important to regularly update software and operating systems to fix known
vulnerabilities. This can help prevent attackers from exploiting these vulnerabilities to
gain access to a system.
7. Security training:
Providing employees with security training can help raise awareness of potential threats
and vulnerabilities, and teach them how to identify and report them. This can help
prevent human error from leading to security breaches.

3. With the aid of diagram, explain in detail five stages of penetration

testing techniques.
The 5 Stages of Penetration Testing
Here is an outline of the 5 penetration testing stages

⦁ Reconnaissance

Testing types vary in how much information the ethical hacker (or penetration testers)
receives beforehand. In a blind or black box test, the strategy is to not give the ethical
hacker any information other than the name of your business so that you can best
approximate real-world attack scenarios. In a white box test, the testing team gets fully
informed about the internal makeup of the system, web application, or network being
tested. Grey box tests lie in the middle of these extremes by providing some limited
information to the testing team.
Reconnaissance involves efforts by the penetration tester to gather information about
the target system being tested and the security vulnerabilities that could be exploited in
a security breach. All types of pen tests call for some degree of reconnaissance, but
black box and grey box tests obviously require more information gathering. Generally,
you can further divide reconnaissance into two forms:

⦁ Passive reconnaissance makes use of observing publicly available information about a

company’s employees or network environment without directly interacting with the
systems, apps, users, or networks in the environment. Hackers glean this information from
online databases, Google searches, social media platforms, by browsing the company
website, and even from dark web forums where employee usernames or passwords may be
available.
⦁ Active reconnaissance directly engages with a target to gather information that may
make it easier to breach. This type of information gathering involves using network
vulnerability scanners and even social engineering tactics, such as phishing.

Reconnaissance is a critical step that’s important not to overlook or downplay in the

testing process. Testers need to probe for as much information as they can in order to
best replicate how real-world threat actors operate and plan their attacks.

⦁ Scanning
The scanning phase of a penetration test attempts to expand the testers’ view of your
infrastructure using a slew of different tools. This phase essentially functions as an
extended form of information gathering but with the possibility of also finding “low
hanging fruit” vulnerabilities to exploit. The types of scans you can expect a good
pentester to use during this phase include:

⦁ Port scanning tools like Nmap to find open ports in your environment

⦁ Pings, traceroute commands, and network mappers to map out the topology of hosts,
IP addresses, firewalls, routers, and operating systems on the network
⦁ Vulnerability scanners to find misconfigurations, default passwords, and
vulnerabilities that can provide access to a system
⦁ Static and dynamic web application analysis to understand an app’s source code,
performance, and behaviour.

The additional and more in-depth information gathered during the scanning phase
proves invaluable in later phases of the test engagement.

⦁ Gaining Access
Gaining access is sometimes referred to as exploitation because this is the phase
where testers use the information at their disposal to attack and breach the target
system. Since many potential entry points ultimately prove unfruitful, the exploitation
phase calls for patience and persistence from the ethical hacker.

Skilled pen testers employ a range of attack vectors in an effort to gain access to a
network, app, or system. These vectors include code injection, social engineering,
network-based attacks, and web application exploits.

Toolkits like Cobalt Strike and Metasploit feature heavily in the gaining access phase of
penetration tests by assisting with exploiting weaknesses. Unfortunately, many threat
actors purchase these toolkits for their own nefarious uses.

Successfully gaining access may or may not provide administrative control over the
infiltrated device or system. It’s for this reason that the exploitation stage often extends
to privilege escalation. The tester tries to find further vulnerabilities that provide
complete control over the host system. Thorough testers will also pivot from an
affected system and show how compromising one system can be used to attack other
systems in your environment.

⦁ Maintaining Access
After gaining initial access, ethical hackers then attempt to establish persistence in your
environment and maintain that access until they exploit it to its fullest possible extent.
Maintaining access often requires installing trojan horses, backdoors, keyloggers,
rootkits, and other forms of malware on compromised hosts. These malicious scripts
and software can be installed on user systems, web services, apps, and more.

Real-world threat actors regularly lurk undetected inside a network environment for
weeks or even months before achieving their goal, whether that’s gathering intelligence,
exfiltrating data, or locking down systems and demanding a ransom. In the now-
infamous Solarwinds attack, hackers managed to roam networks, including some
belonging to the US government, for nine months while evading detection. To maintain
access, the Solarwinds hackers used a DLL backdoor script.

While time constraints obviously limit an ethical hacker from maintaining access for
nine months, the point of this stage is to not only show that it’s possible to exploit
particular vulnerabilities in your target systems, but also that adversaries could feasibly
maintain access and cause even more damage.

⦁ Report Generation
Generating a clear and actionable report is arguably the most important part of the test
for your security team in strengthening the security of your organization’s network. The
recommendations and findings in a pen test report provide the information needed to
prevent future attacks. The report should include all identified vulnerabilities along with
measurements that rank their potential impact and a timeline for remediation.

Since other stakeholders beyond security teams might need a pen test report, it’s
important that the testers you hire are able to tailor their reports to different audiences.
This might mean simply providing an executive summary that highlights key report
findings and business impacts without going into technical details.

A hurried approach to reporting reveals itself in an imprecise, confusing document that

doesn’t help your business improve its cyber defences. Ethical hackers who combine
the ability to use technical tools with strong reporting skills are worth searching for.
4. Distinguish between the following penetrating tests: “white-box”,
“gray-box”, and “black-box”

When you develop a web application, before hosting to the web, testing is very
important to prevent the hackers. There are three types of tests, Black, gray and white
box tests which are conducted to ensure that an attacker cannot reach your application
code.

White Box (or glass box) testing

⦁ White Box (or glass box) testing is the process of giving input code to the system and
checking how the system processes it how the output is generated using that code. This is
the test where the team tests the internal logic of the code written.

⦁ It is the process of checking how the system processes input to give a suitable output
by giving it the required input.
⦁ It involves testing a system with full access to source code and other

architecture documents. This testing reveals bugs and vulnerabilities as quickly as

possible. In comparison to an authentic trial and error method, this white box testing

is way quicker.

⦁ By exactly knowing what to test, more testing coverage is ensured. This type

of testing involves testing of the application. It needs knowledge of code and test

cases chosen if the system is implemented as expected it is verified.

⦁ It is basically checking whether the given code gives out expected results.
E.g. In electrical appliances the internal circuit testing.

Black Box testing

⦁ Black box testing is a method of testing where the input is given to the system

and the output is checked, no matter how it was generated. It is done at an outer

level.

⦁ It can be done without any knowledge of the system as of how it works.

However, it is a less good way of testing when compared to white box testing as no

internal knowledge is concerned it this. Any glitch cannot be corrected as there is no

architectural or code knowledge involved.

⦁ The system is tested by the team just for the suitable output for the given

input. Hence the application is tested here.

Gray Box Testing

⦁ This is the combination of both white box and black box testing.

⦁ In this type of testing the tester has limited knowledge of the system and the

internal applications. Just the output is checked as per the given inputs.

⦁ Gray Box testing is a combination of White Box and Glass Box Testing. In

this Gray box testing, the tester need not have the knowledge about the internal

working of the software.

⦁ Only the output, the process of how the output has arrived is tested in this

method.