Introduction
There are various types of diagnosis such as targets and items, even if it is called security diagnosis. Here are two typical diagnoses. One is “Web Application Diagnostics” and the other is “Platform Diagnostics”
Web application development is often overdue, and it may not be possible to spend enough time on website security measures. However, in recent years, the targets of cyber-attacks are not limited to government offices and large corporations. Since the number of cyber attacks is increasing year by year regardless of the size of the company or website, it can be said that server and network security measures are indispensable for any company.
This time, we will explain the types of security diagnosis and how to select security/vulnerability diagnosis tools.
Typical security diagnosis and precautions
There are various types of diagnosis such as targets and items, even if it is called security diagnosis. Here are two typical diagnoses. One is “Web Application Diagnostics” and the other is “Platform Diagnostics”.
Web application diagnosis is to diagnose the vulnerability of the application or the site itself. If a web application is vulnerable, it may be exploited by the weakness of its structure to extract important customer information or rewrite the information on the application site. Typical cyber-attack methods that cause this situation include SQL injection, cross-site scripting, and session hijacking.
To prevent these damages, the main diagnostic method is to generate pseudo-typical cyber attacks and check whether they can be dealt with.
However, if the diagnostic content does not match the structure of the web application or website, countermeasures may not be sufficient. To protect a web application/website from the above cyber attacks, it is necessary to understand the design and structure of the site and application, and it is better to select a diagnostic method that suits the internal mechanism each time. ..
Platform diagnostics
Platform diagnosis is to diagnose vulnerabilities in middleware, servers, networks, operating systems, etc. For example, if a malicious user invades an in-house file management server or mail server from the outside or inside, there is a risk that important information will be leaked or the information will be falsified. Platform diagnostics prevent this from happening.
Currently, the spread of firewalls has made it possible to prevent certain cyber attacks, but attacks cannot be prevented if there is a setting error or if there is an intrusion from a terminal that is allowed access to which the firewall does not work.
Platform diagnostics addresses vulnerabilities resulting from the nature of these platforms in two approaches. One is “remote diagnosis”, which diagnoses via the Internet assuming an attack from the outside, and the other is “on-site diagnosis”, which diagnoses from an internal segment assuming an attack from a malicious internal user. From these different aspects, it is better to reproduce the means of intrusion, and accessibility, and measure the degree of impact of actual damage.
Security diagnostic techniques
Security diagnostics can be broadly divided into two types depending on how they are carried out. This is a “manual diagnosis” performed manually and a “tool diagnosis” performed using a dedicated tool.
Both have advantages and disadvantages, so it is best to use them properly depending on the situation and the purpose of the test.
Advantages and disadvantages of manual diagnosis
Manual diagnosis is the most effective method in terms of simulating the procedure performed by a person who makes a cyber attack. There are always malicious hackers behind cyber attacks, and they can use their knowledge and know-how to launch an attack. Therefore, manual diagnosis, which can flexibly reproduce the attack method assumed manually and flexibly investigate suspicious parts in consideration of the situation at the time, tends to have a high quality of diagnosis.
However, on the other hand, manual diagnosis needs to be carried out by appointing personnel with security knowledge and taking some time. It cannot be carried out unless man-hours and human resources can be secured, and since it depends on people, misdiagnosis may occur due to human error.
Advantages and disadvantages of tool diagnosis
Diagnostic tools can implement predetermined content comprehensively and at high speed, so the cost is generally low and the difficulty of implementation tends to be low. Since it does not depend on people, it is possible to guarantee the contents guaranteed by the tool in the long term and surely by executing it at night or regularly.
On the other hand, tools have the property of conducting relatively shallow investigations comprehensively, so more complex vulnerabilities may be overlooked. Since the fixed items are checked mechanically, it may not be possible to detect the damage that may occur as a result of multiple vulnerabilities, for example.
Also, depending on the type, there are cases where the tool itself is expensive. You must always consider the long-term operation and cost-effectiveness when deciding to deploy a tool.
5 Vulnerability Diagnosis Tools
Although the vulnerability diagnostic tool has its disadvantages, it can still be used effectively if you select the one that suits your purpose. However, the higher the quality of the diagnosis, the more expensive the vulnerability diagnosis tool is. However, some of them are free and can be used to improve security quality.
Here are some of the famous tools and their features.
In addition, since security/vulnerability diagnosis carries out a pseudo attack and confirms the response to make a judgment, no matter which tool you use, if you use it for an environment, site, or application that is not under your control, it violates the law. Please note that it may be done. Therefore, use it only locally and under your control.
Furthermore, if you are using a general public cloud such as AWS, you need to confirm with the cloud operator whether you can perform a security diagnosis in advance.
OWASP ZAP
A diagnostic tool for investigating vulnerabilities in web applications. There are mainly three types of approaches available: “simple scan”, “static scan”, and “dynamic scan”. With either method, the tool sends a request to the web application, sees the application’s reaction to it, and detects and reports the vulnerability.
Although it is limited to a very simple survey, it can be used for free, so it is a good idea to try it when embarking on security measures.
Burp Suite
A proxy tool that checks the communication content between the web server and the browser. Among web applications, it is possible to check for vulnerabilities specifically for communication between the web server and the browser. For example, if you send a request in which the parameters in the request are tampered with by incorporating a query or script, you can check whether the server malfunctions.
This is effective for checking for vulnerabilities such as SQL injection and cross-site scripting. There is a free version with some functions and a paid version with all functions.
Nikto
Nikto is an open tool (GPL) security diagnostic tool for web applications and middleware. Since it is a tool that can check websites from a comprehensive perspective such as apps and middleware, many types of vulnerabilities can be detected, and the coverage of investigation is also high.
Since it is open-source, you can extend the plugin and it is available free of charge.
Nmap
An open-source port scan tool for network investigation and vulnerability diagnosis. Specifically, you can investigate via the network, check the OS with the port scan function, and scan services. The tool itself can scan information on the site without the administrator’s knowledge, and may be used by cyber attackers. It can be used free of charge, but if you use it illegally, you may be subject to legal action from the viewpoint of security protection, so do not do it unnecessarily.
Nessus
A vulnerability scanner tool that verifies that the server is vulnerable. It is compatible with various platforms other than Windows, Mac, and Linux, and it is highly convenient because it can detect a wide range of vulnerabilities, from basic vulnerabilities to misconfigurations and password vulnerabilities. Flexible verification is also possible, such as outputting a list of scan results and changing the verification settings.
A paid license contract is required for use within the company, but there is also a trial version before the contract. On the other hand, there is a free license, but the number of implementations and some functions is limited.
How to choose a vulnerability diagnostic tool
Various vulnerability tools are depending on the method and the purpose you want to achieve. However, given the time and cost, it will be difficult to carry out all security diagnostics on an ongoing basis.
To strategically perform security diagnosis
To carry out security diagnosis strategically, it is better to effectively introduce a tool that can perform vulnerability diagnosis automatically. If the tool can be introduced, it will not be necessary to adjust the frequency and time of diagnosis and internal resources, so it is best to automate where it can be automated.
In choosing a vulnerability diagnostic tool
When choosing a tool, it is important to understand your system and IT services and determine the impact of possible risks. Vulnerabilities, especially those in web applications, are largely due to the structure and design of the system. Therefore, vulnerabilities that can cause accidents are also due to their internal structure.
Before introducing the tool, it is important to first have an expert investigate your system or application to detect the internal structure and the risk of vulnerabilities. Once this research reveals possible security incidents and their implications, it will be easier to choose tools that can help minimize those risks.
In conclusion
In this article, I introduced how to diagnose security and vulnerabilities and tools that can automate the diagnosis. It is a security diagnosis method that can be roughly divided into the target to be diagnosed and the method, but which method to select depends on the Web system to be diagnosed and the problems faced in the company.
It is better to re-recognize the problem to be solved by introducing security diagnosis and the purpose of introducing it and to introduce appropriate tools and methods. At that time, the key point is to know that there are useful tools and to make good use of automation to reduce costs and improve quality wisely.
If you ever want to know about similar things, check out the Facebook page Maga Techs.