Till now we have covered too much about information gathering once we had gather information
we have to move to our next step and that is vulnerability scanning.in this article we will cover what is vulnerability and blah blah.
What is vulnerability?
vulnerability is something we called a loophole in system or configuration or code,where attacker can attack.
vulnerability scanning can be done by programs or manually.
The Basic Vulnerability Scan
A vulnerability scanner is an automated program designed to look for weaknesses in computers, computer systems, networks, and applications. The program probes a system by sending data to it over a network and analyzing the responses received, in an
effort to enumerate any vulnerabilities present on the target by using its vulnerability database as reference.
Types of vulnerability
Their are 10 type of vulnerability (most common and dangerous)
- Sql injection attack.
- Broken authentication/session management
- XSS (cross site scripting)
- Insecure direct object reference
- Security misconfiguration
- Sensitive data exploser
- Missing function level access control
- CSRF (cross site scripting forgery)
- using component with known vulnerability
- unvalidated redirects and forewords
These are the top 10 vulnerability
Their are certain ways to doing it we will explore more in our next article, in upcoming article we will cover how to scan for vulnerability by tools and manually
Use google for more deatils
Post a Comment