Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6114
Education Archives - Page 2 of 2 - Cyber Security News
Secure Socket Layer (SSL) and its successor, Transport Layer Security (TLS), are widely used protocols for secure online communication. They provide encryption and authentication between two applications over a network, ensuring the confidentiality and integrity of data transmitted between them.
However, SSL/TLS is not invulnerable, and over the years, several vulnerabilities have been discovered that can compromise the security of online transactions. One of the most significant vulnerabilities is the POODLE attack, discovered in 2014, which affects the older versions of SSL/TLS. This vulnerability allows an attacker to exploit the way SSL/TLS handles padding in the encryption process, enabling them to read encrypted information, including sensitive information such as passwords and credit card numbers.
Another vulnerability is the BEAST attack, which exploits a vulnerability in the way SSL/TLS handles block ciphers in older versions of the protocol. This attack allows an attacker to intercept and decrypt secure HTTPS cookies, potentially giving them access to sensitive data.
A third vulnerability is known as the DROWN attack, which can exploit weak encryption protocols such as SSLv2. The attack allows an attacker to read encrypted data transmitted over an SSL/TLS connection by exploiting a flaw in the SSLv2 protocol. Even though SSLv2 is now considered obsolete and no longer used, some older systems may still have it enabled, leaving them vulnerable to attack.
To ensure the maximum security of your online transactions, it’s essential to be aware of the potential vulnerabilities of SSL/TLS and to take necessary precautions. To start with, it’s recommended to use the latest version of TLS, which is currently TLS 1.3, and to disable support for older, insecure protocols like SSLv2 and SSLv3.
It’s also important to use strong encryption ciphers and to regularly test your TLS configuration for potential vulnerabilities. This can be done using tools like SSL Labs’ SSL Server Test, which can check the strength of your TLS configuration and identify any potential vulnerabilities.
Another crucial step is to regularly update your TLS certificates, which verify the identity of the server you’re communicating with and ensure that your data is not intercepted by an attacker. TLS certificates have an expiration date, so it’s essential to keep them up to date to ensure maximum security.
Finally, consider using other security measures like firewalls, antivirus software, and two-factor authentication to provide an additional layer of protection.
By taking these necessary precautions, you can significantly reduce the risk of SSL/TLS vulnerabilities and ensure the maximum security of your online transactions.
CWE (Common Weakness Enumeration) is a list of common types of hardware and software defects that have security implications. The CWE list can be used as a framework to describe and communicate such vulnerabilities in terms of CWEs.
The goal is to support all those methods (including automatic ones) to control and prevent software errors. It can be used at the development stage, during the Code Review activity, and later on during the penetration test activity to classify and communicate the vulnerability type to developers. The system is at version 4.7 and contains over 600 categories of weaknesses and vulnerabilities
The CWE Top 25 Most Dangerous Software Weakness List is a list of the most common programming errors that can lead to software vulnerabilities. Vulnerabilities present in the CWE Top 25 are usually easy to detect and exploit. For example, the CWE-79 is related to Cross-Site Scripting while the CWE-89 to SQL Injection. A similar project is Top Ten Owasp (Open Web Application Security Project). Compared to the CWE Top 25, the Top Ten OWASP focuses solely on vulnerabilities of web applications. The CWE Most Important Hardware Weakness List serves the same purpose, but it focuses on hardware defects.
Description The software receives input from an upstream component, but it does not account for byte ordering (e.g. big-endian and little-endian) when processing the input, causing an incorrect number or value to be used. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-188 Consequences Integrity: Unexpected State Potential Mitigations CVE…
Description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. Modes of Introduction: – Architecture and Design Likelihood of Exploit: High Related Weaknesses CWE-707 CWE-345 CWE-22 CWE-41 CWE-74 CWE-119 CWE-770 Consequences…
Description The software does not properly handle the characters that are used to mark the beginning and ending of a group of entities, such as parentheses, brackets, and braces. Modes of Introduction: – Implementation Related Weaknesses CWE-138 Consequences Integrity: Unexpected State Potential Mitigations Phase: Description: Developers should anticipate that grouping elements…
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes NUL characters or null bytes when they are sent to a downstream component. As data is parsed, an injected NUL character or null byte may cause the software to believe the input is terminated earlier than it actually…
Description The product does not properly filter, remove, quote, or otherwise manage the invalid use of special elements in user-controlled input, which could cause adverse effect on its behavior and integrity. Modes of Introduction: – Implementation Related Weaknesses CWE-138 Consequences Integrity: Unexpected State Potential Mitigations Phase: Description: Developers should anticipate that…
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes leading special elements that could be interpreted in unexpected ways when they are sent to a downstream component. As data is parsed, improperly handled leading special elements may cause the process to take unexpected actions that result in…
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes multiple leading special elements that could be interpreted in unexpected ways when they are sent to a downstream component. As data is parsed, improperly handled multiple leading special elements may cause the process to take unexpected actions that…
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes trailing special elements that could be interpreted in unexpected ways when they are sent to a downstream component. As data is parsed, improperly handled trailing special elements may cause the process to take unexpected actions that result in…
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes multiple trailing special elements that could be interpreted in unexpected ways when they are sent to a downstream component. As data is parsed, improperly handled multiple trailing special elements may cause the process to take unexpected actions that…
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes internal special elements that could be interpreted in unexpected ways when they are sent to a downstream component. As data is parsed, improperly handled internal special elements may cause the process to take unexpected actions that result in…
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes multiple internal special elements that could be interpreted in unexpected ways when they are sent to a downstream component. As data is parsed, improperly handled multiple internal special elements may cause the process to take unexpected actions that…
Description The software receives input from an upstream component, but it does not handle or incorrectly handles when an expected special element is missing. Modes of Introduction: – Implementation Related Weaknesses CWE-159 CWE-703 Consequences Availability: DoS: Crash, Exit, or Restart Potential Mitigations Phase: Description: Developers should anticipate that special elements will…
Description The software receives input from an upstream component, but it does not handle or incorrectly handles when an additional unexpected special element is provided. Modes of Introduction: – Implementation Related Weaknesses CWE-159 CWE-703 Consequences Integrity: Unexpected State Potential Mitigations Phase: Description: Developers should anticipate that extra special elements will be…
Description The software does not properly handle input in which an inconsistency exists between two or more special characters or reserved words. An example of this problem would be if paired characters appear in the wrong order, or if the special characters are not properly nested. Modes of Introduction: – Implementation Related Weaknesses…
Description The software does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator. Null termination errors frequently occur in two different ways. An off-by-one error could cause a null to be written out of bounds, leading to an overflow. Or, a program could use a strncpy() function call…
Description The software does not properly encode or decode the data, resulting in unexpected values. Modes of Introduction: – Implementation Related Weaknesses CWE-707 CWE-22 CWE-41 Consequences Integrity: Unexpected State Potential Mitigations Phase: Implementation Description: Phase: Implementation Description: While it is risky to use dynamically-generated query strings, code, or commands that mix…
Description The software does not properly handle when an input uses an alternate encoding that is valid for the control sphere to which the input is being sent. Modes of Introduction: – Implementation Related Weaknesses CWE-172 CWE-289 Consequences Access Control: Bypass Protection Mechanism Potential Mitigations Phase: Architecture and Design Description: Avoid…
Description The software decodes the same input twice, which can limit the effectiveness of any protection mechanism that occurs in between the decoding operations. Modes of Introduction: – Implementation Related Weaknesses CWE-172 CWE-675 Consequences Access Control, Confidentiality, Availability, Integrity, Other: Bypass Protection Mechanism, Execute Unauthorized Code or Commands, Varies by Context …
Description The software does not properly handle when the same input uses several different (mixed) encodings. Modes of Introduction: – Implementation Related Weaknesses CWE-172 Consequences Integrity: Unexpected State Potential Mitigations Phase: Architecture and Design Description: Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate…
Description The software does not properly handle when an input contains Unicode encoding. Modes of Introduction: – Implementation Related Weaknesses CWE-172 Consequences Integrity: Unexpected State Potential Mitigations Phase: Architecture and Design Description: Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names. Phase: Implementation…
Description The software does not properly handle when all or part of an input has been URL encoded. Modes of Introduction: – Implementation Related Weaknesses CWE-172 Consequences Integrity: Unexpected State Potential Mitigations Phase: Architecture and Design Description: Avoid making decisions based on names of resources (e.g. files) if those resources can…
Description The software does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results. Modes of Introduction: – Implementation Related Weaknesses CWE-706 CWE-706 CWE-433 CWE-289 Consequences Access Control: Bypass Protection Mechanism Potential Mitigations Phase: Architecture and Design Description: Avoid making…
Description The software uses a WebSocket, but it does not properly verify that the source of data or communication is valid. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-346 Consequences Confidentiality, Integrity, Availability, Non-Repudiation, Access Control: Varies by Context, Gain Privileges or Assume Identity, Bypass Protection Mechanism, Read Application Data,…
Description Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka “dead store removal.” Modes of Introduction: – Implementation Related Weaknesses CWE-733 Consequences Confidentiality, Access Control: Read Memory, Bypass Protection Mechanism This weakness will allow data that has…
Description The software does not neutralize or incorrectly neutralizes delimiters. Modes of Introduction: – Implementation Related Weaknesses CWE-138 Consequences Integrity: Unexpected State Potential Mitigations Phase: Implementation Description: Developers should anticipate that delimiters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists…
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as parameter or argument delimiters when they are sent to a downstream component. As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions. Modes of Introduction: –…
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as value delimiters when they are sent to a downstream component. As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions. Modes of Introduction: – Implementation …
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as record delimiters when they are sent to a downstream component. As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions. Modes of Introduction: – Implementation …
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as line delimiters when they are sent to a downstream component. As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions. Modes of Introduction: – Implementation …
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as section delimiters when they are sent to a downstream component. Modes of Introduction: – Implementation Related Weaknesses CWE-140 CWE-93 Consequences Integrity: Unexpected State Potential Mitigations Phase: Description: …
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as expression or command delimiters when they are sent to a downstream component. As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions. Modes of Introduction: –…
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as input terminators when they are sent to a downstream component. For example, a “.” in SMTP signifies the end of mail message data, whereas a null character can be used for…
Description The application does not properly handle when a leading character or sequence (“leader”) is missing or malformed, or if multiple leaders are used when only one should be allowed. Modes of Introduction: – Implementation Related Weaknesses CWE-138 Consequences Integrity: Unexpected State Potential Mitigations Phase: Description: Developers should anticipate that leading…
Description Quotes injected into an application can be used to compromise a system. As data are parsed, an injected/absent/duplicate/malformed use of quotes may cause the process to take unexpected actions. Modes of Introduction: – Implementation Related Weaknesses CWE-138 Consequences Integrity: Unexpected State Potential Mitigations Phase: Description: Developers should anticipate that quotes…
Description One or more system settings or configuration elements can be externally controlled by a user. Allowing external control of system settings can disrupt service or cause an application to behave in unexpected, and potentially malicious ways. Modes of Introduction: – Implementation Related Weaknesses CWE-642 CWE-610 CWE-20 Consequences Other: Varies by Context…
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component. As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions. Modes of…
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as comment delimiters when they are sent to a downstream component. Modes of Introduction: – Implementation Related Weaknesses CWE-138 Consequences Integrity: Unexpected State Potential Mitigations Phase: Description: Developers…
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as macro symbols when they are sent to a downstream component. Modes of Introduction: – Implementation Related Weaknesses CWE-138 Consequences Integrity: Unexpected State Potential Mitigations Phase: Implementation Description: …
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as substitution characters when they are sent to a downstream component. Modes of Introduction: – Implementation Related Weaknesses CWE-138 Consequences Integrity: Unexpected State Potential Mitigations Phase: Description: Developers…
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as variable name delimiters when they are sent to a downstream component. As data is parsed, an injected delimiter may cause the process to take unexpected actions that result in an attack.…
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as wildcards or matching symbols when they are sent to a downstream component. As data is parsed, an injected element may cause the process to take unexpected actions. Modes of Introduction: –…
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as whitespace when they are sent to a downstream component. This can include space, tab, etc. Modes of Introduction: – Implementation Related Weaknesses CWE-138 Consequences Integrity: Unexpected State …
Description The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely. Modes of Introduction: – System Configuration Related Weaknesses CWE-668 Consequences Availability: DoS: Amplification Potential Mitigations Phase: System Configuration Effectiveness: High Description: Assign IP addresses that are not 0.0.0.0. Phase: System…
Description Security-version number in hardware is mutable, resulting in the ability to downgrade (roll-back) the boot firmware to vulnerable code versions. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-285 CWE-757 Consequences Confidentiality, Integrity, Authentication, Authorization: Other Impact includes roll-back or downgrade to a vulnerable version of the firmware or DoS…
Description The product contains a component that cannot be updated or patched in order to remove vulnerabilities or significant bugs. Modes of Introduction: – Requirements Related Weaknesses CWE-1357 CWE-664 Consequences Confidentiality, Integrity, Access Control, Authentication, Authorization, Other: Gain Privileges or Assume Identity, Bypass Protection Mechanism, Execute Unauthorized Code or Commands, DoS: Crash,…
Description Confidential information stored in memory circuits is readable or recoverable after being cleared or erased. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-1301 CWE-1301 Consequences Confidentiality: Modify Memory, Read Memory Confidential data are readable to untrusted agent. Potential Mitigations Phase: Architecture and Design Description: CVE References CVE-2019-8575 Firmware…
Description The Network On Chip (NoC) does not isolate or incorrectly isolates its on-chip-fabric and internal resources such that they are shared between trusted and untrusted agents, creating timing channels. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-653 CWE-668 CWE-1189 Consequences Confidentiality, Availability: DoS: Resource Consumption (Other), Varies by Context,…
Description The device is missing or incorrectly implements circuitry or sensors that detect and mitigate the skipping of security-critical CPU instructions when they occur. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-1384 CWE-1247 Consequences Confidentiality, Integrity, Authentication: Bypass Protection Mechanism, Alter Execution Logic, Unexpected State Depending on the context, instruction…
Description The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles. Some regular expression engines have a feature called “backtracking”. If the token cannot match, the engine “backtracks” to a position that may result in a different token that can match. Backtracking becomes a weakness if…
Description An unauthorized agent can inject errors into a redundant block to deprive the system of redundancy or put the system in a degraded operating mode. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-284 Consequences Integrity, Availability: DoS: Crash, Exit, or Restart, DoS: Instability, Quality Degradation, DoS: Resource Consumption (CPU),…
Description An integer value is specified to be shifted by a negative amount or an amount greater than or equal to the number of bits contained in the value causing an unexpected or indeterminate result. Modes of Introduction: – Implementation Related Weaknesses CWE-682 Consequences Integrity: DoS: Crash, Exit, or Restart Potential…
Description The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-94 Consequences…
Description A hardware device is missing or has inadequate protection features to prevent overheating. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-693 Consequences Availability: DoS: Resource Consumption (Other) Potential Mitigations Phase: Architecture and Design Description: Temperature maximum and minimum limits should be enforced using thermal sensors both in silicon…
Description The program processes a real number with an implementation in which the number’s representation does not preserve required accuracy and precision in its fractional part, causing an incorrect result. There are three major ways to store real numbers in computers. Each method is described along with the limitations of how they store their numbers.…
Description The software uses a function that accepts a format string as an argument, but the format string originates from an external source. Modes of Introduction: – Implementation Likelihood of Exploit: High Related Weaknesses CWE-668 CWE-668 CWE-123 CWE-20 Consequences Confidentiality: Read Memory Format string problems allow for information disclosure which can severely…
Description The product attempts to close or release a resource or handle more than once, without any successful open between the close operations. Modes of Introduction: – Implementation Related Weaknesses CWE-675 CWE-672 Consequences Availability, Integrity: DoS: Crash, Exit, or Restart Potential Mitigations Phase: Implementation Description: Change the code’s logic so that…
Description The processor does not properly clear microarchitectural state after incorrect microcode assists or speculative execution, resulting in transient execution. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-226 CWE-226 Consequences Confidentiality, Integrity: Modify Memory, Read Memory, Execute Unauthorized Code or Commands Potential Mitigations Phase: Architecture and Design, Requirements Effectiveness:…
Description The software does not correctly calculate the length of strings that can contain wide or multi-byte characters. Modes of Introduction: – Implementation Related Weaknesses CWE-682 Consequences Integrity, Confidentiality, Availability: Execute Unauthorized Code or Commands This weakness may lead to a buffer overflow. Buffer overflows often can be used to execute arbitrary…
Description A hardware device, or the firmware running on it, is missing or has incorrect protection features to maintain goals of security primitives when the device is cooled below standard operating temperatures. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-1384 Consequences Integrity, Authentication: Varies by Context, Unexpected State Consequences of…
Description The product’s design or architecture is built from multiple separate components, but one or more components are not under complete control of the developer, such as a third-party software library or a physical component that is built by an original equipment manufacturer (OEM). Modes of Introduction: – Requirements Related Weaknesses CWE-710 …
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as control elements or syntactic markers when they are sent to a downstream component. Most languages and protocols have their own special elements such as characters and reserved words. These special elements…
Description The product does not properly detect and handle extreme conditions in the product’s physical environment, such as temperature, radiation, humidity, power, or other physical phenomena. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-703 Consequences Confidentiality, Integrity, Availability: Varies by Context, Unexpected State Consequences of this weakness are highly dependent…
Description The product performs a power save/restore operation, but it does not ensure that the integrity of the configuration state is maintained and/or verified between the beginning and ending of the operation. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-284 CWE-345 CWE-1271 Consequences Confidentiality, Integrity: DoS: Instability, DoS: Crash, Exit,…
Description The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow. Modes of Introduction: – Implementation Likelihood of Exploit: High Related Weaknesses CWE-682 CWE-682 CWE-682 CWE-682 CWE-119 Consequences Integrity, Availability, Confidentiality: DoS: Crash, Exit, or Restart, Execute Unauthorized Code or…
Description Missing an ability to patch ROM code may leave a System or System-on-Chip (SoC) in a vulnerable state. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-1329 Consequences Other: Varies by Context, Reduce Maintainability When the system is unable to be patched, it can be left in a vulnerable state.…
Description The bridge incorrectly translates security attributes from either trusted to untrusted or from untrusted to trusted when converting from one fabric protocol to another. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-284 Consequences Confidentiality, Integrity, Access Control: Modify Memory, Read Memory, Gain Privileges or Assume Identity, Bypass Protection Mechanism,…
Description The firewall in an on-chip fabric protects the main addressed region, but it does not protect any mirrored memory or memory-mapped-IO (MMIO) regions. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-284 CWE-1251 Consequences Confidentiality, Integrity, Access Control: Modify Memory, Read Memory, Bypass Protection Mechanism Potential Mitigations Phase: Architecture…
Description During runtime, the hardware allows for test or debug logic (feature) to be activated, which allows for changing the state of the hardware. This feature can alter the intended behavior of the system and allow for alteration and leakage of sensitive data by an adversary. Modes of Introduction: – Architecture and Design …
Description The device does not write-protect the parametric data values for sensors that scale the sensor value, allowing untrusted software to manipulate the apparent result and potentially damage hardware or cause operational failure. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-862 CWE-1299 Consequences Availability: Quality Degradation, DoS: Resource Consumption (Other)…
Description The bus controller enables bits in the fabric end-point to allow responder devices to control transactions on the fabric. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-284 Consequences Access Control: Modify Memory, Read Memory, Bypass Protection Mechanism Potential Mitigations Phase: Architecture and Design Description: For responder devices, the…
Description The address map of the on-chip fabric has protected and unprotected regions overlapping, allowing an attacker to bypass access control to the overlapping portion of the protected region. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-284 Consequences Confidentiality, Integrity, Access Control, Authorization: Bypass Protection Mechanism, Read Memory, Modify Memory…
Description A bridge that is connected to a fabric without security features forwards transactions to the slave without checking the privilege level of the master. Similarly, it does not check the hardware identity of the transaction received from the slave interface of the bridge. Modes of Introduction: – Architecture and Design Related Weaknesses…
Description On-chip fabrics or buses either do not support or are not configured to support privilege separation or other security features, such as access control. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-693 Consequences Confidentiality, Integrity, Access Control, Availability: DoS: Crash, Exit, or Restart, Read Memory, Modify Memory Potential…
Description The device is susceptible to electromagnetic fault injection attacks, causing device internal information to be compromised or security mechanisms to be bypassed. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-693 Consequences Confidentiality, Integrity, Access Control, Availability: Modify Memory, Read Memory, Gain Privileges or Assume Identity, Bypass Protection Mechanism, Execute…
Description This entry has been deprecated because it was a duplicate of CWE-170. All content has been transferred to CWE-170. Modes of Introduction: Related Weaknesses Consequences Potential Mitigations CVE References
Description Untrusted agents can disable alerts about signal conditions exceeding limits or the response mechanism that handles such alerts. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-284 Consequences Availability: DoS: Instability, DoS: Crash, Exit, or Restart, Reduce Reliability, Unexpected State Potential Mitigations Phase: Architecture and Design Description: Alert signals…
Description The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-915 CWE-913 CWE-471 Consequences Integrity: Modify Application Data…
Description The product uses a non-blocking model that relies on a single threaded process for features such as scalability, but it contains code that can block when it is invoked. Modes of Introduction: – Implementation Related Weaknesses CWE-834 CWE-835 Consequences Availability: DoS: Resource Consumption (CPU) An unexpected call to blocking code can…
Description Trace data collected from several sources on the System-on-Chip (SoC) is stored in unprotected locations or transported to untrusted agents. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-284 Consequences Confidentiality: Read Memory An adversary can read secret values if they are captured in debug traces and stored unsafely. …
Description Sensitive information in clear text on the JTAG interface may be examined by an eavesdropper, e.g. by placing a probe device on the interface such as a logic analyzer, or a corresponding software technique. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-300 Consequences Confidentiality: Read Memory, Read Files or…
Description The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit the total amount of memory that is consumed by all of the combined objects. Modes of Introduction: – Implementation Related Weaknesses CWE-770 CWE-789 CWE-476 Consequences Availability: DoS:…
Description A missing immutable root of trust in the hardware results in the ability to bypass secure boot or execute untrusted or adversarial boot code. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-693 Consequences Authentication, Authorization: Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands, Modify Memory Potential…
Description The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. Modes of Introduction: – Implementation Related Weaknesses CWE-20 CWE-843 Consequences Other: Varies by Context Potential Mitigations Phase: Implementation Effectiveness: High…
Description The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent. Modes of Introduction: – Implementation Related Weaknesses CWE-20 Consequences Other: Varies by Context Potential Mitigations Phase: Implementation Effectiveness:…
Description The product receives an input value that is used as a resource identifier or other type of reference, but it does not validate or incorrectly validates that the input is equivalent to a potentially-unsafe value. Modes of Introduction: – Implementation Related Weaknesses CWE-20 CWE-41 CWE-178 Consequences Other: Varies by Context …
Description The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array. Modes of Introduction: – Implementation Likelihood of Exploit: High Related Weaknesses CWE-1285 CWE-20 CWE-119 CWE-823 CWE-789 Consequences…
Description The product implements a decoding mechanism to decode certain bus-transaction signals to security identifiers. If the decoding is implemented incorrectly, then untrusted agents can now gain unauthorized access to the asset. Modes of Introduction: – Implementation Related Weaknesses CWE-284 CWE-1294 Consequences Confidentiality, Integrity, Availability, Access Control: Modify Memory, Read Memory, DoS:…
Description The same public key is used for signing both debug and production code. Modes of Introduction: – Implementation Related Weaknesses CWE-693 CWE-321 Consequences Confidentiality, Integrity, Availability, Access Control, Accountability, Authentication, Authorization, Non-Repudiation, Other: Read Memory, Modify Memory, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Varies by Context …
Description The product implements a conversion mechanism to map certain bus-transaction signals to security identifiers. However, if the conversion is incorrectly implemented, untrusted agents can gain unauthorized access to the asset. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-284 CWE-1294 Consequences Confidentiality, Integrity, Availability, Access Control: Modify Memory, Read Memory,…
Description The software relies on one source of data, preventing the ability to detect if an adversary has compromised a data source. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-345 CWE-654 Consequences Confidentiality, Integrity: Read Application Data, Modify Application Data, Gain Privileges or Assume Identity An attacker that may be…
Description The System-on-Chip (SoC) implements a Security Identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Identifiers are not correctly implemented. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-284 Consequences Confidentiality, Integrity, Availability, Access Control: Modify Memory, Read Memory,…
Description The product fails to adequately prevent the revealing of unnecessary and potentially sensitive system information within debugging messages. Modes of Introduction: – Implementation Related Weaknesses CWE-200 CWE-209 Consequences Confidentiality, Integrity, Availability, Access Control, Accountability, Authentication, Authorization, Non-Repudiation: Read Memory, Bypass Protection Mechanism, Gain Privileges or Assume Identity, Varies by Context …
Description The product does not adequately protect confidential information on the device from being accessed by Outsourced Semiconductor Assembly and Test (OSAT) vendors. Modes of Introduction: – Implementation Related Weaknesses CWE-285 Consequences Confidentiality, Integrity, Access Control, Authentication, Authorization, Availability, Accountability, Non-Repudiation: Gain Privileges or Assume Identity, Bypass Protection Mechanism, Execute Unauthorized Code…
Description A race condition in the hardware logic results in undermining security guarantees of the system. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-362 Consequences Access Control: Bypass Protection Mechanism, Gain Privileges or Assume Identity, Alter Execution Logic Potential Mitigations Phase: Architecture and Design Description: Adopting design practices that…
Description The lack of protections on alternate paths to access control-protected assets (such as unprotected shadow registers and other external facing unguarded interfaces) allows an attacker to bypass existing protections to the asset that are only performed against the primary path. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-1191 CWE-420 CWE-288…
Description Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource making them an easy target for attackers. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-260 Consequences Access Control: Gain Privileges or Assume Identity Potential Mitigations Phase: Implementation Description: …
Description The software parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data. If an attacker can manipulate the length parameter associated with an input such that it is inconsistent with the actual length of the input,…
Description The device does not contain sufficient protection mechanisms to prevent physical side channels from exposing sensitive information due to patterns in physically observable phenomena such as variations in power consumption, electromagnetic emissions (EME), or acoustic emissions. Modes of Introduction: – Implementation Related Weaknesses CWE-203 CWE-203 Consequences Confidentiality: Read Memory, Read Application…
Description The product’s data removal process does not completely delete all data and potentially sensitive information within hardware components. Modes of Introduction: – Implementation Related Weaknesses CWE-226 Consequences Confidentiality: Read Memory, Read Application Data Potential Mitigations Phase: Architecture and Design Description: Apply blinding or masking techniques to implementations of cryptographic algorithms.…
A vulnerability is a weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.
Vulnerability analysis includes the detection, assessment, classification and treatment based on the risk they pose to the company.
Vulnerability Identification
A security team can detect vulnerabilities following different approaches. As part of a vulnerability management process, it is good practice to subscribe to the mailing lists in which vulnerabilities and related countermeasures are disclosed. This service is usually offered by the vendor or, if not available, through third parties. It is a very time expensive but necessary task. You must perform it on a daily basis to promptly detect vulnerabilities and to comply with several standards/regulations. Other inputs could derive from the analysis of the hardening procedures reports/tasks, the periodic review of the access rules and of the company policies and procedures.
Tools
Thanks to tools like Nessus and OpenVAS, it is possible to partially automate the discovery and analysis of vulnerabilities. After verifying the active hosts and the related services, we can deepen our analysis and determine the operating system and application versions.
As shown in the figure, Nessus provides the list of vulnerabilities to which each analyzed host is potentially vulnerable. Potentially because the scanner does not attempt to exploit the vulnerability. This phase, often manual, is not part of the vulnerability analysis process and is normally carried out within a penetration test.
CVSS
In the report, vulnerabilities are classified according to the CVSS (Common Vulnerability Scoring System), a framework used to classify software vulnerabilities. CVSS is an important tool that simplifies the vulnerability management process.
Let’s pretend you are in a meeting with the company management and you have to share the results of your vulnerability analysis. The test results were not good: you need at least three system administrators for one month to implement the remediation plan. You need to install patches, implement countermeasures, and you have to do it fast. During the meeting, you could try to tell management that you found several RCE-type vulnerabilities on systems deployed in your DMZ. Attackers do not need system/applications credentials to perform the attack and exploits are readily available on the Internet. Or you could report the presence of several CVSS 10 vulnerabilities on critical systems. For more information on CVSS, in its two versions 2.0 and 3.0, I suggest reading our article.
CVE & NVD
Each vulnerability has a Common Vulnerability and Exposures (CVE) ID, in the form of CVE-YYYY-NNNN. The assignment of an ID to each vulnerability allows one to keep track of it and to automate/simplify the integration of the different tools available to an analyst.
Let’s say you have just detected a vulnerability on your firewall appliance. Since it is a well-known vulnerability, it has got a specific CVE-ID. Assuming that your firewall vendor catalogues their vulnerabilities and patches by CVE, it is going to be easy to ask the vendor for additional information, search for the relevant patches and to minimize the possible impacts of applying remediation on the infrastructure. Furthermore, it is going to be easy to find the relevant signature in your IDS/IPS. CVE is operated by “The Mitre Corporation“. More details can be obtained on the cve.org website.
NVD (National Vulnerability Database) is managed by NIST (National Institute of Standards and Technology). NVD is a vulnerability database: for each CVE information such as countermeasure, criticality and impact is provided.
CWE & OWASP
CWE (Common Weakness Enumeration) is a list of common types of hardware and software defects that have security implications. The CWE list can be used as a framework to describe and communicate such vulnerabilities in terms of CWEs. The CWE Top 25 Most Dangerous Software Weakness List is a list of the most common programming errors that can lead to software vulnerabilities. Vulnerabilities present in the CWE Top 25 are usually easy to detect and exploit. For example, the CWE-79 is related to Cross-Site Scripting while the CWE-89 to SQL Injection. A similar project is Top Ten Owasp (Open Web Application Security Project). Compared to the CWE Top 25, the Top Ten OWASP focuses solely on vulnerabilities of web applications. The CWE Most Important Hardware Weakness List serves the same purpose, but it focuses on hardware defects.
Vulnerabilty Analysis steps
Vulnerability analysis comprehends different phases.
Preparatory phase
it is not possible to carry out a thorough and reliable analysis without having a deep knowledge of the infrastructure/application under examination. If the procedure for managing IT services and their related assets is not implemented, it is not going to be possible to classify and prioritize vulnerabilities. Let’s say our vulnerability scanner found 300 vulnerabilities on approximately 30 hosts. Which vulnerabilities should I prioritize? Which one shall I remediate immediately? The answer relies not only on the vulnerability severity but also on how important are the hosts and services affected by it.
Discovery and analysis of vulnerabilities
You performed vulnerability scans, you analysed security advisories, system configurations, your company policies and procedures. You have a comprehensive list of vulnerabilities. You can now prioritise them, identify false positives (and false negatives), and improve the results with your knowledge of the infrastructure/application. At the end of this phase, your security team will produce a vulnerability scan report.
Post assessment
It is now possible to define a remediation plan. The remediation plan is not a mere list of the patches, countermeasures and IPS rules: if your analysis has shown the presence of several SQL Injection, CRSF and XSS vulnerabilities in the software developed internally (or by a specific supplier), you must immediately schedule secure programming training classes for your developers.
If these kinds of vulnerabilities are found on software purchased from third parties, you must tell the service owner to look for a new vendor.
While the first scenario is a symptom of a poor security awareness policy, the second one highlights a poor supplier policy: do you review your supplier security policies after you sign a contract? Do you ask to review their development procedures? Do they regularly perform code reviews? Is security fully integrated into their development life-cycle? Outsourcing has hidden costs that you always need to consider.
Once the remediation plan has been implemented, the security team shall verify it has been properly implemented. Depending on its size, the implementation of the remediation activities can take several weeks, if not months. It is crucial to plan periodic meetings to keep the team focused and to check the progress.
What’s next?
In the next articles, we will analyse the vulnerability management process and its implications for regulations like ISO27001 and PCI-DSS. In the meantime, we suggest reading our articles about CVSS and the Metasploit lab.
Regardless of your motivations (attacker or defender), you need to know the ports, hosts and services available within a network.
From a defender’s point of view, the task is a precondition of several keys procedure:
Asset Management – whoever manages the infrastructure (and its security) must know which devices are active and present within our infrastructure. Furthermore, it helps to detect unauthorized hosts that could derive from malicious activities (or more commonly, your system administrators forgot to document them… and maybe to apply the company’s hardenization procedures).
Network scanning is a fundamental step of a company vulnerability management procedure. Here is a non-comprehensive list of its possible benefits:
it allows the detection of unauthorized services and the presence of obsolete systems;
it helps to verify the correspondence between the specifications document and the actual implementation;
it helps to verify the correct application of the hardening procedures.
Penetration test – independently from the approach in use, it is necessary to determine the active hosts and the exposed services. You have to do it even in a white-box penetration test to confirm your client/colleagues inputs.
From an attacker point of view… Well, that goes without saying 🙂
The network scanning procedure aims to identify active hosts. On the other hand, port scanning seeks to detect the ports that hosts disclose and with which it is possible to interact. Starting from the output of a network/port scanning, an attacker, or a newly hired CISO, can outline different traits of a company security posture.
In these articles we will see:
the different steps of a network scan;
some examples with the NMAP tool.
Host discovery
Port scanning involves sending several packets to the host and verifying its response. Usually, the analysis is restricted to the 1024 most common ports (it depends on the available time and the final goal of the analysis). As you may expect, performing this task for all the hosts within a network/infrastructure is time-expensive and generates a lot of noise.
In most cases, only a tiny fraction of IP addresses are active at any given moment. To avoid wasting time, the tester first perform the host discovery phase to determine the active hosts in the tested networks and infrastructure.
There are several techniques:
ARP Ping scan;
ICMP Ping scan;
UDP Ping Scan;
TCP SYN/ACK Ping scan;
IP Protocol Ping scan.
As stated in the official documentation, the default NMAP host discovery strategy involves sending an ICMP echo request (-PE), a TCP SYN segment to port 443 (-PS443), a TCP ACK segment to port 80 (-PA80), and an ICMP timestamp request (-PP).
ARP ping scans are the most effective method to detect active hosts inside a LAN. Its limits are the impossibility of applying the technique on the subnet to which it does not belong. Even if you supply other -P* options to NMAP, the tool performs by default an ARP/Neighbor Discovery against targets on a local Ethernet network since it is the fastest and more reliable technique.
An ICMP scan consists of sending ICMP echo requests to hosts on the network. If a host is found to be active, it will return an ICMP echo response. The technique has limited usability as blocking ICMP requests is part of firewalls and systems’ basic hardening rules.
A TCP scan consists in sending TCP segment to the hosts and analysing the host response. There are two different modes: TCP SYN Ping scan and TCP ACK Ping Scan.
TCP SYN SCAN
As illustrated in the figure, a TCP Syn ping scan consists of the following steps:
The tester sends a TCP SYN segment to port 80.
If the port is closed, the host responds with an RST segment.
If the port is open, the host responds with a TCP SYN/ACK segment indicating that a connection can be established.
Afterwards, an RST segment is sent to reset this connection.
Since it is a normal attempt to establish a TCP connection, traffic is not blocked by firewalls and does not require administrator permissions.
A TCP ACK ping scan instead consists of the following steps:
The tester sends an empty TCP segment with the ACK flag set to port 80 (the nmap default port, but another port can be used).
If the host is offline, it should not respond to this request.
Otherwise, it will return an RST segment and will be treated as online. An RST is sent because the TCP ACK is not associated with any valid existing connection.
ACK Ping Scan requires administrator privileges. Since it is recognized and blocked by a stateful firewall, its main goal is to get information about the filter configurations, not port status.
Port Scan
Once the active hosts within a network have been determined, a portscan can be performed to determine exposed ports and services.
Several techniques are available:
TCP Scan (Connect and Half Open Scan);
UDP Scanning;
SCTP Scanning;
SSDP Scanning.
Only the first two strategies will be considered. Please see the NMAP manual for additional information on SCTP and SSDP Scanning.
TCP Scan
With a TCP Connect scan, a TCP connection is established with the host. That is, the whole 3-way handshake is performed.
The least expensive and most performing variant, the TCP Half Open scan (TCP SYN Scan) sends the SYN segment. If an open SYN+ACK segment is received, the port will be identified as open. In case of RST, the door will be judged closed.
A third typology, foresees the TCP FIN, NULL and Xmas Scans, foresees the modification of the flags of the TCP segment (FIN, URG, PSH, NULL) in an attempt to induce a response from the server.
The technical functionality exclusively on operating systems with implementations of the TCP/IP suite compliant with RFC793. For example, it does not work with Windows systems as these return an RST in both cases.
THE SEGMENT IS COMING
If the state is CLOSED (i.e., TCB does not exist), then all data in the incoming segment is deleted. An on the way the segment containing an RST is deleted. An incoming segment no containing an RST causes an RST to be sent in response. The confirmation and sequence field values are selected to render the recovery sequence acceptable to the TCP that sent the error segment.
If the port is open, the system will not produce any while the response will return an RST/ACK segment if it is closed.
To understand the origin of the name, just look at the image below. Nmap’s -sX flag “Sets the FIN, PSH, and URG flags, illuminating the package like a Christmas tree.”
UDP scan
UDP connection does not involve a handshake. If a UDP packet is sent to a port on which no service is listening, the system will respond with an ICMP Port Unreachable. In case of no answer, the port can be considered closed or filtered.
Contermeasures
To detect and prevent network scanning attempts, we suggest the following countermeasures:
carefully design your services to reduce your attack surface; exposing only necessary services and always keep in mind the principles of least privileges and need to know.
Configure your firewalls to block all traffic that has not got a business justifications;
Periodic reviews your firewall ruleset to keep it aligned to your business needs;
Harden your servers, disabling all unused services;
Perform network and port scans to ensure your firewall/server policies are aligned to your business needs.
Configure an IDS/IPS to promptly detect network and port scans.
The first step in a cyberattack, or a penetration test, is footprinting. The attacker/analyst tries to get information about the targeted infrastructure. Thanks to footprinting techniques, attackers can obtain information such as:
personal data, skills, experience and interests of company’s employees;
company headquarters;
technologies in use (middleware, operating systems);
suppliers and consultants who collaborate periodically with the company;
blocks and network topology;
DNS records.
We can divide footprinting techniques into two macro areas:
active: it involves the collection of information with direct interaction with the target. It is a more risky practice than the passive one, as it could leave traces. The systems of the attacked organization could (should) detect the information gathering attempt. Some examples of active footprinting are the use of web spiders, email tracking, traceroute and social engineering techniques.
passive: involves the collection of information without direct interaction with the target. Some examples are the usage of search engines, social networks, job posting sites, analysis of data received from providers that monitor website’s traffic, commercial performance or deliver reports about future commercial operations of the target.
Identifying the technologies adopted by the target drastically simplifies attackers’ jobs. The awareness about the usage of certain technologies, the lack of good security practices, or of a bad security posture increases the attacker’s chances of success.
When we perform a penetration test in which the company aims to identify chances of an attacker completely unrelated to the organization, footprinting activities heavily influence the success of the test.
Footprinting with search engines and social networks
Search engines offer a myriad of information to the attacker. The advanced functions available in Google, Bing and other search engines offer information that companies are not even aware to expose to the public.
The technique, combined with the most used search engine, has taken the name of Google Hacking. For more information, you can consult our article about the Google Hacking Database.
Thanks to search engines, an attacker gets to know technologies in use (web servers, firewalls, IDS, WAF, third-party applications), IoT devices, applications for internal use only and many other information about the target.
Like search engines, social networks provide an enormous quantity of information to attackers.
An attacker can dig LinkedIn to understand who the key people of the organization are, their experience and knowledge. You can get to know their interests, their religious and political beliefs, their weaknesses. Afterwards, attacker can exploit gathered information to perform a social engineering attack.
Tools like theHarvester and sublist3r simplify attackers’ job, reducing the manual work.
Footprinting through job posting sites
The following image shows the information revealed on a job advertisement post. The job post is real. I found it on the platform indeed.com.
The company is looking for an IT System Administrator with knowledge of Linux and Solaris. They even mention the Linux distribution names and the Solaris release version. You can bet they have got some LAMP servers, that they probably monitor their infrastructure using Nagios and are using Oracle and DB2 as RDBMS. Their infrastructure may include J2EE Containers like Glassfish and JBoss and servlet containers like Tomcat. Even if they reached the EOL over 5 and 2 years ago, they are still asking for people with experience on Windows XP and 7.
You are getting information not only about the used technologies but you are also outlining the security posture of the company.
Job posts can tell you a lot more. Are they searching for IT security specialists? Besides tools and countermeasures adopted, they may even tell you how big is their security team. Are they even trying to cover important roles like CIO or CISO?
Tools and services:
We suggest looking at the following tools. We wrote a brief description of them: Sublist3r, theHarvester, Shodan, Sherlock, Burp Suite, Metagofofil, Exitftool, DNSRecon, traceroute.
Contermeasures
Your employees/colleagues’ awareness about attackers’ behaviour and techniques is fundamental for your company’s safety. Every company must adopt a security awareness policy to inform its employees about the security risks they are exposed inside and outside the office.
The adoption of security policies (hardening of the systems, analysis and reviews of IDS/IPS and other monitoring tools, etc.), the definition of roles and responsibilities will allow a company to quickly detect and react to attackers’ attempts to gather information or to exploit the knowledge they previously gained through passive footprinting techniques.
The term hacker often takes on a negative connotation.
In the past, we often focused on the distinction between a hacker, a person with deep security knowledge who explores technologies, systems and related vulnerabilities out of pure passion, and crackers, the “malicious” counterpart, who uses his knowledge to cause damage and steal data. a certain value (for example, credit cards).
RFC1392 provides the following definitions:
hacker
A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular. The term is often misused in a pejorative context, where “cracker” would be the correct term.
cracker
A cracker is an individual who attempts to access computer system without authorization. These individuals are often malicious, as opposed to hackers, and have many means at their disposal for breaking into a system.
Unfortunately, media have never bothered to understand the distinction and, for the masses, there is no difference between crackers and hackers.
In our opinion, here is the correct terminology to be used in the security sector:
Black hats (Crackers)
Crackers, or black hats, have got extraordinary computing skills but they lack ethics. They may violate laws by committing malicious or destructive acts.
Script Kiddies
An unskilled cracker who compromises systems using tools, scripts and software developed by others.
White Hats (Ethical Hacker)
An individual who uses his hacking skill for defensive purposes.
They analyse computer systems or networks to detect security issues and give recommendations for improvement to their owners.
A white hat will penetrate a system only with the authorisation and upon request of the infrastructure owner.
Gray Hats
Gray hats use their skills both offensively and defensively.
They often look for system vulnerabilities without the permission or knowledge of the owner. If they find a security issue, they may reveal it to the owner upon the payment of a small fee. Sometimes, their ultimate goal is to show their skills and create awareness about the intrinsic insecurity of the Internet.
It may be useful to know some additional terms. State-sponsored hackers are employed by the government to penetrate other government systems to damage or gain top-secret information. You have surely heard about Cyber Terrorists, individuals moved by political or religious beliefs to create fear among civilians and influence the policy of the targeted governments.
