ProSec GmbH

+49 261 45093090

  • About us
  • Services
    • Detection services
      • Classic penetration testing
      • Pentest as a service
      • Web application pentest
      • Vulnerability analysis
      • Red teaming
    • Solution services
      • IT security consulting
      • Data protection
        • GDPR
    • Education services
      • User awareness
      • Trainings
        • Junior penetration tester
        • Penetration tester web
        • Penetration tester network
  • Wiki
  • Jobs
  • Contact

Successfully identify vulnerabilities

vulnerabilities in your company

Vulnerability

The term vulnerability refers to an error, weakness, or deficiency in a system that makes it possible to overcome or circumvent the security mechanisms of an IT system or network. Vulnerabilities can lie in the design, implementation, configuration, operation, or organization of IT systems. The existence of a vulnerability implies the possibility of exploiting it. Whether a vulnerability is exploited by an attack depends on the following factors:

  • Complexity of exploitation of the vulnerability,
  • Existence of one or more threats to the system in which the vulnerability exists,

Exploitation of weak points

Depending on these two factors is the probability of vulnerability exploitation. For example, low complexity and the presence of numerous threats to a system lead to a high probability that an existing vulnerability will be exploited. If you also consider the impact that exploiting the vulnerability would have, you get the risk.

In IT security, when a vulnerability can be exploited, it is referred to as an exploit. One of the most well-known vulnerabilities became public in 2017 in the SMB protocol. This protocol used in Microsoft Windows was vulnerable to attacks.

This became known after the US intelligence agency NSA lost a large number of exploits in a leak. One of these exploits was codenamed ETERNALBLUE and subsequently caused cyber attacks and damage worldwide. Microsoft released a security update to fix the vulnerability before ETERNALBLUE became public, but because many systems are often updated too late or not at all, many systems were still vulnerable when the exploit became public.

Wiki Bild Eternal Blue

This vulnerability was subsequently exploited by the WannaCry and NotPetya cyberattacks, which infected hundreds of thousands of computers worldwide. This caused damage in the double-digit billions.

Your IT system has no vulnerabilities?

Have an IT vulnerability analysis performed now!

For IT vulnerability assessment

Evaluation criteria and naming methods for identifying vulnerabilities

In order to successfully identify vulnerabilities, there are various evaluation criteria and naming methods in IT security. Common Weakness Enumeration (CWE) describes types and kinds of vulnerabilities in order to categorize them and describe basic remediation and avoidance strategies.

Common Vulnerabilities and Exposures (CVE) describes specific vulnerabilities in products so that they can be clearly identified. For example, CVE-2017-0144 identifies the SMB Remote Windows Kernel Pool Corruption vulnerability and thus the vulnerability to ETERNALBLUE.

The Common Vulnerability Scoring System is used to assess criticality and risk, assigning a value between 0 and 10 to a vulnerability. A rating of 10 here means the highest possible criticality of a vulnerability.

Bild des stellvertretenden Geschäftsführers Immanuel Bär

You have vulnerabilities in your IT system?

We actively support you and help you with the right steps!

Inquire now

Vulnerabilities must be checked regularly

To protect against the exploitation of any vulnerabilities that may exist within an organization’s IT, it should be regularly checked for vulnerabilities. To this end, it is advisable to conduct regular penetration tests and to regularly check IT networks, systems, and applications using vulnerability scanners.

If these measures reveal vulnerabilities, it is essential to take targeted measures to eliminate them. This requires a coordinated approach in the form of so-called vulnerability management, in which detection, assessment, and remediation are carried out as part of patch management or change management.

In addition to simply eliminating vulnerabilities, which can often be symptoms of deeper-lying problems, findings from pentests and vulnerability scans should be analyzed in order to then address fundamental improvements in IT security.

This may involve, for example, the introduction of configuration management, in which the occurrence of vulnerabilities can be prevented by centrally controlling the configuration of IT systems. This often requires a fundamental rethinking of procedures and processes within IT. External expertise can be very valuable here.

Zuletzt aktualisiert am May 26, 2021

OUR LOCATIONS

  • Headquarters:
  • ProSec GmbH
  • Robert-Koch-Straße 1-9,
    D-56751 Polch, Germany

  • Berlin office:
  • ProSec GmbH
  • Friedrichstr. 123,
    D-10117 Berlin, Germany

 

  • Munich office:
  • ProSec GmbH
  • Franz-Joseph-Str. 11,
    D-80801 München, Germany

TOP-SERVICES

  • Penetration testing

  • Vulnerability analysis

  • Trainings

  • IT security consulting

  • Social engineering

All rights reserved. © 2022 ProSec GmbH | Imprint | Privacy policy | Sitemap