Wouldn’t it be an easier life if we didn’t have to worry about the exploitation of vulnerabilities in solutions and software on which we have spent good time and resources? A world where correctly configured systems configured were left alone to perform their functions until they became redundant and/or needed replacing?
It is a beautiful dream. Sadly, it’s also a highly unrealistic one.
Adobe, Microsoft, Debian, Chrome and Fedora are all software producers that are likely to show up in your network in some shape or form. They also all feature in the 2019 list of the top 10 vendors with the highest reported security vulnerabilities.
MITRE, the company which maintains the CVE list of vulnerabilities, counts a whopping 1,370 vulnerabilities shared between the 10 of them this year alone.
With so many vulnerabilities in well-used software and solutions, it can be hard to know on which types of vulnerabilities to concentrate your security efforts. But I’m all for making life a little easier. That being said, here are 6 types of vulnerabilities which we think you should be aware of.
1. Buffer Attacks
Buffers are queue spaces which software uses as temporary storage before processing or transmission. Unfortunately, early programmers failed to protect them, and some still struggle with this. Which explains why buffer attacks are one of the most well-known attack vectors even today.
There are two common buffer attacks:
- The buffer overflow, where a buffer is filled with data that is larger than its maximum size. This causes the software to crash or in some cases, initiate a reboot.
- Out-of-bounds read/writes, where reading and writing functions can take place outside of the buffer memory location. This can allow for unauthorized access and writing to other areas of the software, which can have unintended outcomes.
2. SQL Injection
It is frustrating that with so many examples and high-profile exploits using this method that SQL Injection still remains a common problem.
Both incredibly easy to perform and understand, database scripts known as SQL are placed into input fields and URLs. These scripts are then executed on the underlying database. The results of this can be as severe as providing full administrative access to the database or changing the contents.
SQL injection can be prevented with input field cleaning functions in the code of the application or software in question.
3. Cross-Site Scripting
In a similar breath to SQL injection attacks, cross-site scripting, also known as XSS, uses an injection mechanism to implant code into a website. The intended result is that the page or site is modified from its original to contain malicious content.
Common uses are implanting fields into websites to collect banking information from customers, adding crypto-mining scripts to sites and prompting visitors to download files that contain malware or ransomware.
SANS rate XSS as “one of the most prevalent, obstinate and dangerous vulnerabilities in web applications.”
4. Unprotected APIs
Probably the fastest growing exploit in today’s world is the gaining of access or sensitive information through unprotected APIs.
APIs are very popular for automation and integration between systems and networks; however, they are often poorly understood and therefore improperly set up.
There have been numerous high-profile breaches which have been traced back to insecure APIs that provide a level of access you would never dream of providing through a traditional GUI. For example, access without even a basic level of authentication.
5. Third-Party Libraries
Chances are that you have read about a breach that involved a spiked third-party library, sometimes known as supply-chain attacks.
Third-party libraries and frameworks are very popular with software developers as they save a lot of time in not having to re-invent the wheel. However, the reliance on something which you have not created could mean introducing vulnerabilities into the software of which you are unaware.
An example of such a vulnerability is a regular issue found in Oracle’s JRE, a Java-based execution environment used by hundreds of thousands of pieces of software.
6. Directory Traversal
When things function, people often forget to tie up the loose ends. This is something I have witnessed in my career very frequently.
Such vulnerabilities allow an unauthorised party to move between directories on a server or even between servers/devices in your network just by modifying a URL or a connection string. Software running with accounts that have high-level privileges will often receive no resistance.
In some cases, it can be as easy as inserting a backslash into a cookie request script to gain access to another directory.
The Best Way to Find and Attack Vulnerabilities
With over 1,300 vulnerabilities reported in 10 applications this year alone, it can be a tough task to keep up-to-date with developments and to keep your attack surface manageable.
The recommendation for any IT team is to use a software package or solution which is specifically designed to seek out such exploitable vulnerabilities around your network on a pre-determined and repeated schedule.
A great example of such a solution is Tripwire’s IP360, a well-recognized and highly reputable solution which will take all the work away from you by simply providing you with a regular report of vulnerabilities that exist, what risk they pose and how to correct them.
That has to be the closest we will ever get to a world where we can not worry too much about vulnerabilities in our networks.