Vulnérabilités qui ne sont pas (toujours) bien détectées de façon automatique, qui nécessitent un test manuel (après le balayage).
Vulnerabilities that that scanners don't (always) find reliably, that warrant a manual test
- CWE-285 Improper Access Control (Authorization)
- CWE-306 Missing Authentication for Critical Function
- CWE-311 Missing Encryption of Sensitive Data [A06]
- CWE-352 Cross-Site Request Forgery (CSRF) [A08]
- CWE-434 Unrestricted Upload of File with Dangerous Type
- CWE-798 Use of Hard-coded Credentials
- CWE-840 Business Logic Errors
- A02 Broken Authentication and Session Management
- A04 Insecure Direct Object References
- A05 Security Misconfiguration
- A06 Sensitive Data Exposure
- A08 Cross-Site Request Forgery (CSRF)
- A10 Unvalidated Redirects and Forwards
Celles qui son moins applicable or vérifiables. | Those that are less applicable (everywhere) or testable via black-box methods:
- CWE-494 Download of Code Without Integrity Check
- CWE-732 Incorrect Permission Assignment for Critical Resource
- CWE-754 Improper Check for Unusual or Exceptional Conditions
- CWE-770 Allocation of Resources Without Limits or Throttling
- CWE-807 Reliance on Untrusted Inputs in a Security Decision
- [...]
Évidemment, cette liste est plutôt générique. On doit faire des choix selon le contexte, valider les problèmes relevés par les balayeurs (identifier les faux positifs, augmenter la sévérité/priorité selon l'exposition), essayer d'exploiter les certaines vulnérabilités récentes, essayer des nouvelles techniques, etc.
Of course, this is just a generic list. We still need to adapt our approach based on context, validate findings from scanners (identify false positives, adjust severity/priority based on exposure), try to exploit new vulns, try new techniqeus, etc.
No comments:
Post a Comment