Projects
Nessus Vulnerability Scan
Tools: nmap, Nessus Scanner
Process:
Discovery scan
Performed nmap -T4 -A -v in terminal
Vulnerability scan
Process: 10 IP addresses plugged into scanner
Downloaded + analyzed results
Results:
Ports 135, 139, 445, 49664, 49665, 49666, 49668, 49670 were found.
No Risks were found.
High Risk: SSL ciphers that offer medium strength encryption. Meaning key lengths at least 64 bits and less than 112 bits.
Possible risks: Medium strength encryption can be circumvented if the attacker is on the same physical network.
Remediation: Reconfigure the affected application to avoid use of medium strength ciphers.
Medium Risk: Anonymous SSL ciphers.
Possible risks: It can't verify the remote host's identity and renders the service vulnerable to a man-in-the-middle attack.
Remediation: Reconfigure the affected application to avoid use of weak ciphers.
Zap OWASP Web Application Scan
Tools used: Docker, Zap OWASP Scanner
Process:
got docker image
launched container and mounted volume
ran scan
download + analyze results
Results:
Number of Risks: 11
Number of Instances:
Low: 12
Medium: 7
High: 0
Medium Risks: Content Security Policy (CSP) Header Not Set
Possible Risks: Lack of header creates risk of XSS Attack and data injection. Can lead to data theft or site defamation.
Remediation: Reconfigure my web server, application server, load balancer to set the Content-Security-Policy header.
Low Risks: X-Content-Type-Options Header Missing
Possible Risks: Older browsers can use MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type.
Remediation: Set the header X-Content-Type-Options in the response to "nosniff".
AWS Security Assessment Report
Tools Used: AWS Inspector, IAM, ECR, CLI, Docker, Command Prompt
Process:
Create an IAM User or Role
create a custom policy that includes the necessary ECR permissions
Setup Identity Access Management (IAM)
Established permissions that allow Docker container to be pushed into ECR
Install and Configure the AWS CLI
Ran AWS configure to set up my AWS credentials (access key ID and secret access key) and default region.
Create an ECR Repository
Used the AWS CLI to create an ECR repository
Used the AWS CLI to get an authentication token and authenticate Docker client to my Amazon ECR registry
Tagged My Docker Image
Tagged my local Docker image with the ECR repository URI.
Analysis of Results:
Push the Image to ECR
Used Push commands to move image to AWS repository
Enabled Inspector to scan container for risk findings
Results:
Number of Risks Detected: 9
High Risk: 1
Medium Risk: 8
Low Risk: 0
High Risk Identified:
Issue: A bug in the handling of key and initialization vector (IV) lengths during the initialization of certain symmetric encryption ciphers like RC2, RC4, RC5
Possible Risks: less secure encrypted data/Processing errors that lead to overreading or overrunning key or IV data
Remediation: Implement checks to validate and enforce the correct lengths for keys and IVs
Medium Risks Identified:
Issue: The software has trouble reading Diffie-Hellman keys due to large “q parameter”
Possible Risks: A super long encryption key or parameter could be used, causing a DOS attack
Remediation: Update software to limit the parameters to which it will check an encryption
Conclusion:
The security assessment revealed vulnerabilities within the AWS environment.
Remediation efforts are recommended to mitigate identified risks and enhance overall security posture.
Ongoing monitoring and proactive measures are essential to maintain a secure AWS infrastructure.
Next Steps:
Implement remediation actions to address identified vulnerabilities.
Conduct regular security assessments to ensure continued compliance and security of the AWS environment.
The Rapid Reset Vulnerability report sheds light on a critical security issue discovered by AWS on October 10, 2023, termed as the "HTTP/2 Rapid Reset Attack." This report provides a comprehensive overview of the vulnerability, including its definition, identification methods, testing procedures, and mitigation strategies. Rapid reset poses a significant threat to web servers utilizing HTTP/2 and multiplexing, potentially leading to severe security breaches. This report aims to equip individuals in the cybersecurity domain with insights into detecting, testing, and addressing rapid reset vulnerabilities, essential for maintaining the integrity and security of web-based systems.
Learning Journey: Cybersecurity Topics
The items below delve into subjects I've thoroughly explored in cybersecurity. While they aren't tied to specific projects, they represent important topics in my learning journey, complete with lessons and critical takeaways.
Conducting Risk Assessments
Definition: A systematic process of evaluating the potential risks that may be involved in a projected activity or undertaking.
Key Takeaways:
Importance of identifying assets, vulnerabilities, and threats.
Understanding the difference between inherent and residual risks.
Evaluating the likelihood and impact of potential threats.
Benefits of continuous monitoring and periodic reassessment.
Creating Risk Findings
Definition: The documentation and communication of specific vulnerabilities, threats, or risks identified during a risk assessment.
Key Takeaways:
Prioritizing risks based on their potential impact and likelihood.
Recommendations for risk mitigation or acceptance.
Incorporating stakeholder feedback to refine findings.
Firewalls & Rule Creation (Focused on AWS Web Application Firewalls)
Definition: A system that protects networks by controlling incoming and outgoing network traffic based on pre-determined security policies.
Key Takeaways:
AWS WAF's integration with other AWS services for seamless cloud protection.
Benefits of rule-based traffic filtering for web applications.
Crafting specific firewall rules based on IP addresses and request parameters.
Emphasizing the principle of least privilege in firewall configurations.
The value of whitelisting and blacklisting specific IP addresses.
Monitoring and adjusting rules to respond to evolving threat landscapes.