How Vulnerability Scanners Work:
Vulnerability scanners test a server for vulnerable scripts and exploits including Operating System, service, firewall, Remote Procedure Call, and remote administration vulnerabilities. The scanner tests for these vulnerabilities by trying to connect to each service using either a standard method that the service exposes, or by exploiting a bug in the connection method.
Most vulnerability scanners rely on a database of constantly growing known exploits. This database contains all the information required to check a server or exposed PC for a vulnerability including port, service, packet construction, or in the case of vulnerable scripts and executables, the path to the vulnerable script or executable.
Scanning for Vulnerable Services
For each known vulnerable script the scanner will attempt to connect to and exploit the targeted service. This may include sending malformed packets, known usernames and passwords, or other methods known to be exploitable.
Constructing Packets
To find security vulnerabilities on ports other than the standard HTTP and HTTPS ports it is necessary for the scanner to try to connect on other ports and send carefully constructed network packets to try to exploit certain vulnerabilities. These packets may include buffer overrun code, commonly used/default username and passwords, and other known methods to access a server on each port. These scanners also attempt to exploit backdoors created by Trojan horse viruses.
Often a network application take for granted the packet form and size; this is especially the case when the application uses a proprietary client. A scanner might try to break both the client and the server by sending malformed packets, which include fragmented, long, short, out of order, or random packets. To mitigate hazardous packets the developer should treat all incoming packets as hostile to ensure size, order, construction and origin of the packet
Many of the serious exploits being found today are the result of unchecked packets.
| <<Previous | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | Next>> |
Provided by: Security Innovation, The Application Security Company