Vulnerability management: not just for scanning known vulnerabilities

By  

However this does not mean that the details of those vulnerabilities are not known by anyone. When malware writers get their hands on a vulnerability details before the developers do, they create and distribute zero-day exploits targeting that vulnerability. When the first attack takes place, there is no patch available for that vulnerability, and there are no security tools that can detect the attacks. They often happen undetected, time and time again.

The best way to discover unknown vulnerabilities is Fuzzing, a form of attack simulation, in which vulnerabilities are triggered by abnormal inputs. When the abnormal inputs cause an abnormal reaction, a vulnerability is found. It makes no difference if the vulnerability is known or previously unknown, it can be found by fuzz testing. The beauty of it is, that there are no false positives: since the testing is done using the external interfaces, the only bugs found are the one that pose an actual risk. If the bugs are not accessible through external interfaces, they do not represent an actual vulnerability or threat, and fixing them is waste of money and energy.

To sum it up: vulnerability management is important, but never ignore the effect of unknown vulnerabilities. Do not rely only on known vulnerability databases and network scanners to secure systems, as that will leave all zero-day vulnerabilities with no existing patches open to exploit.

Let me know if you have questions regarding the Unknown Vulnerability Management process or how zero-day vulnerabilities can be caught, or come and listen to the guest analyst speaker in the next Fuzzing 101 webinar.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question