Adventures In CyberSecurity: CYSA+ CS0-002 Study Area

Chapter 4

Software Assessment Tools and Techniques

This is a non exhaustive list of some of the tools and techniques a Cyber Security Analyst should be familiar with!

• Web Vulnerability Scanner - a type of scanner used to assess the security posture of web applications
• Synthetic Transaction Monitoring - a type of proactive monitoring that uses external agents to run scripted transactions against an application
• Real User Monitoring (RUM) - a monitoring method that captures and analyzes every transaction of every application or website user
• OWASP ZED Attack Proxy (ZAP) - an application that stands between the web server and the client and passes all request and responses back and forth while analyzing the information to test the security of the web application
• Nikto - a vulnerablility scanner that is dedicated to web servers
• Arachni - a Ruby framework for assesing the security of a web application
• Nessus Professional - a proprietary network scanner developed by Tenable Network Security
• OpenVAS - an open source scanner developed from the nessus code base. OpenVAS is available as a package for many Linux Distros
• Qualys - a cloud based vulenrability scanner

---

SDLC Software Development Life Cycle

SDLC provides a predictable framework of procedures designed to identify all requirements with regard to functionality, cost, reliability, and delivery schedule; and ensure that each is met in the final solution

Static Cose Analysis

Code analysis that is coducted without the code executing

Dynamic Code Analysis

Cose analysis that is conducted with the code executing

Reverse Engineering

The process of taking something apart to discover how it works and to replicate it; Retracing the steps in an incident as seen from the logs

Fuzzing

Injecting invalid or unexpected input (Faults) into an application to test the reaction

Enumeration

The process of discovering what is in the network along with any other pieces of information that might be helpful in a network attack or compromise

Nmap

a tool that can be used to scan for open ports and perfom many other operations including performing some attacks

Null Scan

a scan that is a series of TCP packets that contain a sequence number of 0 and no set flags

Fin Scan

a scan that sets the FIN bit only

Xmas Scan

a scan that sets the FIN, PSH, and URG flags

Host Scanning

a process that involves indentifying the live host on a network or in a domain namespace

SYN Flood

an attack where the target is overwhelmed with unanswered SYN/ACK pakcets

Active Enumeration

the technique of sending packets of some sort to the network and analyzing the responses

Passive Enumeration

capturing network traffic and making assumtions based on the traffic

Responder

a tool that can be used to answer NBT and LLMNR name request

AIRCRACK NG

a set of command line tools for sniffing and attacking wireless networks

Reaver

a package and a tool within the package that is used to attack WPS

HashCat

a General Purpose Computing on Graphics Processing Units (GPCGPU) based multi hash cracker using brute force attack

ScoutSuite

a data collection tool that allows you to use longitidinal survey panels to track and monito the cloud environment

Prowler

a tool that creates reports that list the gaps found between the best practices of AWS as stated in CIS Amazon Web Services Benchmark literature

Pacu

an exploit framework used to asses and attack AWS Cloud environments