Application Vulnerability Analysis
GlobalscopeNG offers specialized attack and assessment services, including penetration testing, application assessments, vulnerability analysis, reverse engineering, architecture review and source code review.
GlobalscopeNG adopts various methods to conduct application vulnerability analysis, always with the goal of actual penetration into the target system(s). Depending on engagement restrictions, GlobalscopeNG’s methods typically include:
- reverse engineering
- protocol analysis
- data injection
- target application binary analysis and debugging
- session manipulation
- flow analysis
Known versus Unknown Vulnerability Testing
Today’s world of private vulnerability marketplaces has highlighted the prevalence of unpatched, publicly unknown vulnerabilities. Any good software assessment or penetration test should include testing for known and unknown (or “0day”) vulnerabilities.
Known vulnerabilities are patched and/or publicly disclosed. Tests for these vulnerabilities are included in commercial and publicly available scanners and exploitation frameworks, however only exploitation frameworks actually verify the existence of these vulnerabilities. GlobalscopeNG uses CANVAS for this testing, which includes tests for operating system, server service, network device, client-side, and other application vulnerabilities. Unknown vulnerabilities, or “0day”, are those that that remain undisclosed to the public until they are provided to software vendors and patched, or independently discovered and disclosed in some other public forum. Targeted attacks are usually the result of the use of unknown vulnerabilities.
GlobalscopeNG usually conducts initial 0day testing for clients by fuzzing Internet-exposed components accessible via the web or other applications. This tests how well the Internet-facing and back-end systems hold up to unexpected input and therefore their likeliness to suffer coding mistakes that translate to vulnerabilities.
GlobalscopeNG believes vulnerability exploitation is the most reliable method to confirm and demonstrate the presence of a vulnerability. Vulnerability discovery and exploitation are two distinct techniques, with each requiring differing technologies and skill-sets. Exploitation can be as simple as crafting and typing an SQL command into a text box, or as complex as a putting together a multi-step attack that remotely rebuilds some part of the host operating system memory.
GlobalscopeNG does not use exploits written by third parties, and GlobalscopeNG’s clients take advantage of the high caliber of GlobalscopeNG consultants to have safe exploits crafted specifically to their environment. The use of publicly available exploits introduces a risk of spreading trojans, viruses and other malicious code often included in the exploits themselves by the anonymous writers.