top of page
Writer's pictureSai Narayan

Class Notes Day 2 - How does VAPT work and tools like Zap proxy and more




Download Material here


  1. How does a Enterprise VAPT takes place ?

  2. What is a report and its findings.

  3. Detailed discussion on : False Positive, False Negative, True Positive, True Negative.

  4. Two things for Penetration Testing:

1. Manual Penetration Testing ( No tooling, manual security test cases).

2. Automated scanning (Tools based)(Vulnerability Management).

5. Introduction to Zap proxy scanner.

6. A look at the website cookies, setting a cookie and cookie manipulation.


Detailed Notes down below:


### 1. How does Enterprise VAPT take place?


**Vulnerability Assessment and Penetration Testing (VAPT)** in an enterprise context is a comprehensive approach to securing a company's network and application infrastructure. The process typically involves the following steps:


1. **Scoping** - Identifying the boundaries and objectives of the assessment. This includes defining the systems, networks, and applications to be tested.

2. **Reconnaissance** - Gathering information about the target system to find ways to infiltrate it. It could involve identifying IP addresses, domain details, and network services.

3. **Vulnerability Assessment** - Utilizing various tools and techniques to identify vulnerabilities in the system. The vulnerabilities could be existing flaws, bugs, or misconfigurations.


4. **Penetration Testing** - Actively exploiting identified vulnerabilities to understand the extent of a potential breach. This step tests the defensive measures of the system.

5. **Reporting** - Documenting the findings, including vulnerabilities, data that was accessed, and recommendations for securing the system.


6. **Remediation** - Based on the report, fixing the identified vulnerabilities to prevent potential breaches.


7. **Retesting** - After remediation, retesting to ensure that the vulnerabilities are adequately addressed.


### 2. Report and Its Findings


A VAPT report usually comprises the following sections:


1. **Executive Summary**: Overview of the assessment, including objectives, scope, and methodology.

2. **Findings**:

- **Vulnerabilities**: Detailed information about identified vulnerabilities.

- **Impact**: The potential impact of each vulnerability.

- **Risk Level**: The risk level associated with each vulnerability.

- **Recommendations**: Suggestions for mitigating identified vulnerabilities.


3. **Technical Details**: Detailed technical information about the vulnerabilities, including proof of concept, if any.


4. **Conclusion**: A wrap-up of the assessment, emphasizing critical findings and next steps.


5. **Appendix**: Additional information and data supporting the report findings.


### 3. Detailed Discussion on False Positive, False Negative, True Positive, True Negative


These terms are commonly used to describe the results of security assessments:


1. **True Positive**: A real vulnerability or issue was detected, and the alert or finding is correct.

2. **True Negative**: No vulnerabilities were detected, and indeed no vulnerabilities exist.


3. **False Positive**: The assessment tool incorrectly identified a vulnerability or issue, which in fact, does not exist. This could lead to wasting resources on non-existing issues.


4. **False Negative**: The tool failed to identify an existing vulnerability, which means the system is at risk, but the assessment does not show it. This is a dangerous scenario as it provides a false sense of security.


### 4. Two Things for Penetration Testing


#### 1. Manual Penetration Testing

- **Approach**: Relies on the expertise of the tester to simulate a real-world attack.

- **Techniques**: Social engineering, manual code review, physical security tests.

- **Benefits**: Can identify logical flaws, provides a deeper understanding of the environment.

- **Limitations**: Time-consuming, relies heavily on the expertise of the tester.


#### 2. Automated Scanning

- **Approach**: Uses automated tools to identify vulnerabilities.

- **Tools**: Vulnerability scanners like Nessus, OpenVAS, etc.

- **Benefits**: Faster, can cover a large area in a shorter time, can identify known vulnerabilities quickly.

- **Limitations**: May generate false positives/negatives, may not identify logical flaws.


### 5. Introduction to Zap Proxy Scanner


The ZAP (Zed Attack Proxy) is an open-source web application security scanner. It helps you find vulnerabilities in web applications while you are developing and testing your applications. Its key features include:


1. **Automated Scanners**: Automated scanners to find various vulnerabilities.

2. **Manual Testing**: Allows manual testing of applications.


3. **Web Socket Support**: Supports WebSocket for assessing real-time applications.


4. **Scripting**: Allows the creation of scripts for automated tasks.


5. **API**: Comes with REST API to integrate with other tools and platforms.


### 6. A Look at Website Cookies, Setting a Cookie, and Cookie Manipulation


Website cookies are small pieces of data stored on the user's computer by the web browser while browsing a website. Cookies are used to remember stateful information like login status, shopping cart contents, and more. Here's how cookies can be manipulated:


1. **Setting a Cookie**: Usually, a server sets a cookie through HTTP headers (Set-Cookie header). A cookie can also be set using JavaScript (`document.cookie`).


2. **Cookie Manipulation**:

- **Viewing**: You can view cookies in the browser's developer tools under the Application/Storage tab.

- **Editing**: Cookies can be edited using browser developer tools or JavaScript.


- **Deleting**: Cookies can be deleted from the browser settings or using JavaScript.


3. **Security Concerns**:

- **Cookie Theft**: If cookies are not secured properly, attackers might steal them to impersonate a user.

- **Cross-Site Scripting (XSS)**: An attack where an attacker can manipulate cookies through scripts.


- **Cross-Site Request Forgery (CSRF)**: An attack where an attacker tricks a user's browser into making an unwanted request, potentially leveraging the user's cookies.


4. **Securing Cookies**:

- **HttpOnly**: Prevents JavaScript from accessing the cookie.

- **Secure**: Ensures the cookie is only sent over HTTPS connections.


- **SameSite**: Helps to protect against CSRF attacks by restricting when the cookie is sent.


I hope this information provides a comprehensive view of your requested topics! If you have further queries, feel free to ask.




31 views0 comments

Comments


bottom of page