Saturday, May 18, 2024

A Repository of Widespread Penetration-Testing Weaknesses

Penetration testing is a crucial step in figuring out weaknesses in a company’s IT infrastructure. It’s a essential evaluation exercise for organizations to make use of when defending their environments in opposition to cyberattacks. The SEI conducts cybersecurity assessments for organizations and designs and develops purposes that facilitate the gathering and automation of the reporting of findings recognized on assessments.

This submit introduces a penetration-testing findings repository that’s now publicly obtainable on GitHub. Findings discuss with the vulnerabilities and weaknesses recognized throughout a penetration-testing evaluation. The repository standardizes the language of findings and minimizes the effort and time for report writing. Furthermore, the standardized finding-name format assists in analyzing aggregated information throughout a number of penetration-testing assessments.

This repository was created in response to the naming inconsistency of findings on penetration-testing assessments and to create a big assortment of standardized weaknesses for assessors to make use of. Assessors would identify findings in another way on assessments. Some assessors would identify a discovering after a cyberattack whereas others would identify it after a course of. The penetration-testing findings repository focuses on naming a discovering after the vulnerability and weaknesses that had been recognized on an evaluation quite than cyberattacks or processes. To assist assessors find findings extra rapidly throughout an evaluation, the repository makes use of an affinity-grouping method to categorize weaknesses, which will increase usability by sorting the findings right into a hierarchical three-tier construction. Furthermore, the findings repository consists of sources to assist assessed organizations remediate the findings recognized on a penetration-testing evaluation.

A key step in securing organizational methods is figuring out and understanding the particular vulnerabilities and weaknesses that exist in a company’s community. As soon as recognized, the vulnerabilities and weaknesses have to be put into context and sure questions have to be answered, as outlined within the weblog submit How you can Get the Most Out of Penetration Testing:

  • Which vulnerabilities and weaknesses do you have to spend finite sources addressing?
  • Which vulnerabilities and weaknesses are simply exploitable, and which aren’t?
  • Which vulnerabilities and weaknesses put essential property in danger?
  • Which vulnerabilities and weaknesses have to be addressed first?

With out this context, a company would possibly dedicate sources to addressing the fallacious vulnerabilities and weaknesses, leaving itself uncovered elsewhere. The repository gives a default finding-severity degree to assist an assessed group prioritize which findings to remediate first. An assessor can modify the default severity degree of the findings relying on the opposite safety controls in place in a company’s surroundings.

Repository Overview

The penetration-testing findings repository is a set of Lively Listing, phishing, mobile-technology, system, service, web-application, and wireless-technology weaknesses which may be found throughout a penetration check. The repository comprises default names, descriptions, suggestions for remediation, references, mappings to numerous frameworks, and severity ranges for every discovering. This repository and its construction serve 4 major functions:

  • standardization—The repository standardizes the reporting course of by offering outlined findings for an assessor to pick from throughout an evaluation.
  • streamlined reporting—Offering pre-populated attributes (discovering identify, description, remediation, sources, and severity degree) saves important time in the course of the reporting course of, permitting assessors to concentrate on operations.
  • comprehensiveness—The repository’s layered construction provides assessors flexibility in how they current their findings because the vulnerability panorama evolves. When doable, assessors choose a particular discovering. If no particular discovering precisely describes what was found, assessors can choose a basic discovering and tailor it accordingly.
  • ease of navigation—To make the repository simpler to navigate, it makes use of a tiered classification construction. Findings are grouped by the findings classes, permitting assessors to report on each basic and particular findings when creating experiences.

As talked about above, the findings repository is a hierarchical construction containing the next three tiers:

  • Discovering Class Tier—lists the overarching classes: Lively Listing Weak point, Phishing Weak point, Cellular Expertise Weak point, System or Service Weak point, Internet Software Weak point, Wi-fi Expertise Weak point.
  • Common Discovering Tier—lists 27 high-level findings which can be like subcategories of the overarching Discovering Class. Common Findings can be utilized as a person discovering on an evaluation when there isn’t an acceptable Particular Discovering.
  • Particular Discovering Tier—lists 111 low-level findings that pinpoint a definite weak spot that may be exploited throughout an evaluation. The precise findings encompass frequent findings continuously recognized throughout assessments.

As proven within the desk beneath, there are six Discovering Classes:

Discovering Classes



Lively Listing Weak point

Lively Listing (AD) is configured improperly. Some misconfigurations embrace pointless service accounts and permissions, insecure encryption ciphers, weak password insurance policies, and/or insecure person or pc accounts. Attackers have numerous strategies of pursuing AD weaknesses, together with Kerberoasting, Golden Ticket assaults, Move the Hash, or Move the Ticket, which might result in a complete takeover of the infrastructure.

Phishing Weak point

A phishing weak spot permits an attacker to ship a weaponized e mail by the community border that executes on the native host when a person performs an motion. These emails can include a number of luring attachments, Uniform Useful resource Locators (URLs), scripts, and macros. Insufficient protections enable malicious payloads to be executed.

Cellular Expertise Weak point

Cellular applied sciences are more and more used to ship companies and information. The quantity of knowledge saved on cell units makes their purposes targets for assault. In comparison with conventional computer systems, the performance on cell units is harder to manage, and cell units help extra complicated interfaces (e.g., mobile, Wi-Fi, Bluetooth, International Positioning System [GPS]), that expose extra surfaces to assault. Insecure cell expertise has vulnerabilities that attackers can exploit to achieve entry to delicate data and sources.

System or Service Weak point

Weaknesses inside a system or service can lead to lacking essential safety controls that depart the group weak to assaults. These weaknesses can embrace weak configuration steering that insecurely configures methods and companies all through the group, inadequate or lacking configuration administration that leads to advert hoc or default configurations, and so on.

Internet Software Weak point

The safety of internet sites, internet purposes, and internet companies (e.g., utility programming interfaces [APIs]) is known as internet utility safety. Internet purposes will be attacked by exploiting vulnerabilities on the utility layer, transport layer, and software program provide chain. Internet utility weaknesses are usually vulnerabilities, system flaws, or misconfigurations in a web-based utility. Attackers typically exploit these weaknesses to both manipulate supply code or achieve unauthorized entry to data or capabilities. Attackers could possibly discover vulnerabilities even in a reasonably sturdy safety surroundings.

Wi-fi Expertise Weak point

Wi-fi applied sciences enable cell units (e.g., laptops, sensible telephones, Web of Issues [IoT] units, and printers) to hook up with the enterprise community. Wi-fi networks can introduce potential vulnerabilities to a company by weak insurance policies that enable insecure wi-fi expertise (e.g., insecure units, insecure configurations, weak authentication processes, insecure encryption) on the community.

The repository additionally maps every discovering to the three following frameworks:

Future Work

The plan is to replace the repository as new frequent vulnerabilities and weaknesses are recognized. Because the repository is open supply, nevertheless, the cybersecurity neighborhood can entry the repository and add to it.

Along with the Penetration Testing Findings Repository, a repository of frequent dangers that may be recognized throughout high-value asset (HVA) assessments is within the works. The aim of this repository is to standardize the language amongst dangers reported by assessors, in flip minimizing effort and time for report writing on assessments. Just like the penetration-testing repository, this new repository will include threat statements, descriptions, and proposals for mitigation of dangers recognized on HVA assessments.

Extra Assets

How you can Get the Most Our of Penetration Testing by Michael Prepare dinner

7 Pointers for Being a Trusted Penetration Tester by Karen Miller

Related Articles


Please enter your comment!
Please enter your name here

Stay Connected

- Advertisement -spot_img

Latest Articles