Chapter 9 - 04 - Application Security Testing Techniques and Tools - 06_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Application Security Exam 212-82 What is Patch Management? - [ @ “Patch management is a process used to fix known vulnerabilities by ensuring that the appropriate patches are installed on a system” An automated patch management process Detect Use tools to detect missing security patches Assess Asses the issue(s) and associated severities by mitigating the factors that may influence the decision Acquire Download the patch for testing Test Install the patch first on a testing machine to verify the consequences of the update Deploy Deploy the patch to the computers and ensure that the applications are not affected Maintain Subscribe to get notifications about vulnerabilities as they get detected Copyright © by EC Al Rights Reserved. Reproductionis Strictly Prohibited What is Patch Management? According to https://searchenterprisedesktop.techtarget.com, patch management is an area of systems management changes) against that involves acquiring, in an administered computer system. vulnerabilities that cause security testing, and installing multiple Patch management weaknesses or corrupt patches is a method data. (code of defense It is a process of scanning for network vulnerabilities, detecting missed security patches and hotfixes, and then deploying the relevant patches as soon as they are available to secure the network. It involves the following tasks: = Choosing, verifying, testing, and applying patches = Updating previously applied patches with current patches = Listing patches applied previously to the current software = Recording repositories or depots of patches for easy selection = Assigning and deploying the applied patches An automated patch management process includes the following steps. = Detect: Use tools to detect missing security patches. = Assess: Asses the issue(s) and its associated severity by mitigating the factors that may influence the decision. = Acquire: Download the patch for testing. = Test: Install the patch first on a test machine to verify the consequences of the update. = Deploy: Deploy the patch to computers and ensure that applications are not affected. = Maintain: reported. Module 09 Page 1218 Subscribe to receive notifications about vulnerabilities when they are Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Application Security Exam 212-82 Patch Management Tools GFI LanGuard Symantec Client Management Suite GFI LanGuard's patch management automatically scans your network andinstalls and manages security and non-security patches https://www.broadcom.com Solarwinds Patch Manager https://www.solarwinds.com o Kaseya Patch Management https://www.kaseya.com Software Vulnerability Manager https://www.flexera.com Ivanti Patch for Endpoint Manager https://www.ivanti.com Patch Management Tools = GFIl LanGuard Source: https://www.gfi.com The GFI LanGuard patch management software scans the user’s network automatically as well as installs and manages security and non-security patches. It supports machines across Microsoft®, MAC OS X®, and Linux® operating systems, as well as many third- party applications. It allows auto-downloads of missing patches as well as patch rollback, resulting in a consistently configured environment that is protected from threats and vulnerabilities. Module 09 Page 1219 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Application Security Exam 212-82 GFl LanGuard Q v ALL DEVICES Entire Network - 70 Computers ~ Installed S 275 I' © ® O ® O ® O W ® O N 4 ® O W dat ) ® O ol ® O\ ® O W © Instalied Non-Security O, o oM Undates Date poste Javast Upd & Y m o™ Security Updates Q FOXITRE140217: Foxit Reader 6 -\ Instalied Updat Patch name o) IU rity 4 pdat ® O » ® O v pdat ® O pdat ® O ot ® O\ ® O 4 R ot 0 4 Figure 9.29: Screenshot of GFI LanGuard patch management software The following are some additional patch management tools: = Symantec Client Management Suite (https.//www.broadcom.com) = Solarwinds Patch Manager (https://www.solarwinds.com) = Kaseya Patch Management (https://www.kaseya.com) = Software Vulnerability Manager (https://www.flexera.com) * |vanti Patch for Endpoint Manager (https.//www.ivanti.com) Module 09 Page 1220 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Application Security Exam 212-82 Web Application Firewall (WAF) Q A web-application firewall (WAF) provides a security layer that protects the web server from malicious traffic QO A conventional firewall cannot secure web servers from malicious traffic attacks as the attack occurs at layer 7 of the network stack O WAF is either appliance-based or cloud-based and is deployed through a proxy placed ahead of the web application O It uses a rule-based filter that monitors and analyzes the traffic before it reaches the web application Placement of WAF and Its Working Scope of Protection in Different Security Products Web application vulnerability attack v,_“b. WAF Web Application Firowall DosS (service interruption) attacks Non-HTTP Attacks — Web sarver IDS/IPS Legitimate Use 0s HTTP Attack Network vulnerability attacks Standard Packot Firowall Firewall Network Web application attacks cannot be completely prevented by an existing firewall and IDS/IPS Copyright © by I. All Rights Reserved. Reproduction is Strictly Prohibited. Web Application Firewall (WAF) WAF provides a security layer that protects a web server from malicious traffic. A conventional firewall cannot secure web servers from a malicious traffic attack as the attack occurs at layer 7 of the network stack. WAF is either appliance-based or cloud-based and is deployed through a proxy placed ahead of the web application. It uses a rule-based filter that monitors and analyzes the traffic before it reaches the web application. Web Application Firewall Bl Non-HTTP Attacks Legitimate Use HTTP Attack www Server Standard Packet Firewall Figure 9.30: Placement of WAF and its working Module 09 Page 1221 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Application Security Exam 212-82 Web application vulnerability attack T \:\.Iel:. WAE application Web ;i server DoS (service interruption) attacks IDS/IPS 0S Network vulnerability attacks ] Firewall Network Web application attacks cannot be completely prevented by an existing firewall and IDS/IPS Figure 9.31: Working and features of WAF Benefits of WAF The benefits of WAF that can help an organization strengthen its web application security from evolving threats include the following: WAF implementation secures existing and productive web applications. Many WAFs have functionalities that can be used in the design process to minimize the workload. It provides cookies protection with encryption and signature methodology. It secures applications from cross-site request forgery and negates parameter tampering by URL encryption. A WAF can detect data-validation issues through the in-depth testing of characters, character length, the range of a value, etc. It allows network defender to illustrate compliance with regulatory standards such as Payment Card Industry (PCl), Health Insurance Portability (HIPAA), and General Data Protection Regulation (GDPR). Module 09 Page 1222 and Accountability Act Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.