Chapter 9 - 04 - Application Security Testing Techniques and Tools - 06_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
Tags
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Application Security What is Patch Management? - [ @ “Patch management is a process...
Certified Cybersecurity Technician Exam 212-82 Application Security What is Patch Management? - [ @ “Patch management is a process used to fix known vulnerabilities by ensuring that the appropriate patches are installed on a system” An automated patch management process Detect Use tools to detect missing security patches Assess Asses the issue(s) and associated severities by mitigating the factors that may influence the decision Acquire Download the patch for testing Test Install the patch first on a testing machine to verify the consequences of the update Deploy Deploy the patch to the computers and ensure that the applications are not affected Maintain Subscribe to get notifications about vulnerabilities as they get detected Copyright © by EC Al Rights Reserved. Reproductionis Strictly Prohibited What is Patch Management? According to https://searchenterprisedesktop.techtarget.com, patch management is an area of systems management that involves acquiring, testing, and installing multiple patches (code changes) in an administered computer system. Patch management is a method of defense against vulnerabilities that cause security weaknesses or corrupt data. It is a process of scanning for network vulnerabilities, detecting missed security patches and hotfixes, and then deploying the relevant patches as soon as they are available to secure the network. It involves the following tasks: = Choosing, verifying, testing, and applying patches = Updating previously applied patches with current patches = Listing patches applied previously to the current software = Recording repositories or depots of patches for easy selection = Assigning and deploying the applied patches An automated patch management process includes the following steps. = Detect: Use tools to detect missing security patches. = Assess: Asses the issue(s) and its associated severity by mitigating the factors that may influence the decision. = Acquire: Download the patch for testing. = Test: Install the patch first on a test machine to verify the consequences of the update. = Deploy: Deploy the patch to computers and ensure that applications are not affected. = Maintain: Subscribe to receive notifications about vulnerabilities when they are reported. Module 09 Page 1218 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Application Security Patch Management Tools GFI GFI LanGuard's patch management automatically scans your network Symantec Client Management Suite LanGuard andinstalls and manages security and non-security patches https://www.broadcom.com Solarwinds Patch Manager https://www.solarwinds.com o Kaseya Patch Management https://www.kaseya.com Software Vulnerability Manager https://www.flexera.com Ivanti Patch for Endpoint Manager https://www.ivanti.com Patch Management Tools = GFIl LanGuard Source: https://www.gfi.com The GFI LanGuard patch management software scans the user’s network automatically as well as installs and manages security and non-security patches. It supports machines across Microsoft®, MAC OS X®, and Linux® operating systems, as well as many third- party applications. It allows auto-downloads of missing patches as well as patch rollback, resulting in a consistently configured environment that is protected from threats and vulnerabilities. Module 09 Page 1219 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Application Security GFl LanGuard Q vv ALL ALL DEVICES Entire Network - 70 Computers ~ Installed Installed Security S rity Updates Updat Q S 275 Patch name Y Date poste I' © FOXITRE140217: Foxit Reader 6 ® O Javast Javanst ®® OO nmm ® O W “4 ® O VNN 4 45t o) oA ®® OO WM dat at --\ Upd ® O ) O\ -o™ ol ®® OO\ \ pdat pdat IU Instalied Security Installed Security Updates 4& ® O W [v] © Instalied Non-Security Undates ® O » pdat dat oO, - ® O Mv 4 2R oo oM ®® OO » pdat ®® OO ot pdat ® O\ atot ® O 0 0! 4 Figure 9.29: Screenshot of GFI LanGuard patch management software The following are some additional patch management tools: = Symantec Client Management Suite (https.//www.broadcom.com) = Solarwinds Patch Manager (https://www.solarwinds.com) = Kaseya Patch Management (https://www.kaseya.com) = Software Vulnerability Manager (https://www.flexera.com) * |vanti Patch for Endpoint Manager (https.//www.ivanti.com) Module 09 Page 1220 Certified Cybersecurity Technician Copyright © by EC-Council EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Application Security Web Application Firewall (WAF) OQ A web-application firewall (WAF) provides a security layer that protects the web server from malicious traffic QO A conventional firewall cannot secure web servers from malicious traffic attacks as the attack occurs at layer 7 of the network stack O WAF is either appliance-based or cloud-based and is deployed through a proxy placed ahead of the web application QO It uses a rule-based filter that monitors and analyzes the traffic before it reaches the web application — — — — - — — —| Placement of WAF and Its Working Scope of Protection in Different Security Products Web application vulnerability Web application vulnerability attack Web v,_“b. LSl it - application WAF — Web Application Waob Web Firowall Web sarver DosS (service interruption) attacks el Non-HTTP Attacks IDS/IPS Legitimate Use (o} 0s HTTP Attack Network vulnerability attacks Firewall Standard Packot Network Firowall Web application attacks cannot be completely prevented by an existing firewall and IDS/IPS Copyright Copyright ©© by by k.I. All All Rights Rights Reserved. Reserved. Reproduction Reproduction isis Strictly Strictly Prohibited Prohibited. Web Application Firewall (WAF) WAF provides a security layer that protects a web server from malicious traffic. A conventional firewall cannot secure web servers from a malicious traffic attack as the attack occurs at layer 7 of the network stack. WAF is either appliance-based or cloud-based and is deployed through a proxy placed ahead of the web application. It uses a rule-based filter that monitors and analyzes the traffic before it reaches the web application. Web Application Firewall Bl) Non-HTTP Attacks Legitimate Use HTTP Attack Standard Packet www Server www Firewall Figure 9.30: Placement of WAF and its working Module 09 Page 1221 EC-Council Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Application Security Web application vulnerability attack \:\.Iel:. WAE application Web T ;i server DoS (service interruption) attacks IDS/IPS 0S Network vulnerability attacks ] Firewall Network Web application attacks cannot be completely prevented by an existing firewall and IDS/IPS Figure 9.31: Working and features of WAF Benefits of WAF The benefits of WAF that can help an organization strengthen its web application security from evolving threats include the following: WAF implementation secures existing and productive web applications. Many WAFs have functionalities that can be used in the design process to minimize the workload. It provides cookies protection with encryption and signature methodology. It secures applications from cross-site request forgery and negates parameter tampering by URL encryption. A WAF can detect data-validation issues through the in-depth testing of characters, character length, the range of a value, etc. It allows network defender to illustrate compliance with regulatory standards such as Payment Card Industry (PCl), Health Insurance Portability and Accountability Act (HIPAA), and General Data Protection Regulation (GDPR). Module 09 Page 1222 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.