2 Chapter 11Figure 11.1 Shodan Browser Search.Figure 11.2 Shodan Search Bar.Figure 11.3 Generating Results.Figure 11.4 Shodan Asset Analysis.Figure 11.5 Shodan Services Analysis.Figure 11.6 Google Search Results.Figure 11.7 Amass Scanning for Subdomains.Figure 11.8 Subdomains in Nano.Figure 11.9 Subdomain Enumeration with crt.sh.Figure 11.10 nmapAutomator Scanning Information.Figure 11.11 nmapAutomator Performing Full Scan of Asset.Figure 11.12 nmapAutomator Results.Figure 11.13 Sn1per Running Metasploit Modules.Figure 11.14 Sn1per Running Nmap Scripts.Figure 11.15 Setting up an Automated Scan in OWASP ZAP.Figure 11.16 OWASP ZAP Scan Results.Figure 11.17 OWASP ZAP Potential Vulnerability Result.Figure 11.18 XSS Attack Performed.Figure 11.19 Dalfox Available Command.Figure 11.20 Dalfox Identifying an XSS Instance.Figure 11.21 XSS Attack.Figure 11.22 Dirsearch Finding Folders.
1 Cover
2 Title page Corporate Cybersecurity Identifying Risks and the Bug Bounty Program John Jackson
3 Copyright
4 Table of Contents
5 Foreword
6 Acknowledgments
7 Begin Reading
8 Index
9 End User License Agreement
1 i
2 ii
3 iii
4 iv
5 v
6 vi
7 vii
8 viii
9 ix
10 x
11 xi
12 xii
13 xiii
14 xiv
15 xv
16 1
17 2
18 3
19 4
20 5
21 6
22 7
23 8
24 9
25 10
26 11
27 12
28 13
29 14
30 15
31 16
32 17
33 18
34 19
35 20
36 21
37 22
38 23
39 24
40 25
41 26
42 27
43 28
44 29
45 30
46 31
47 32
48 33
49 34
50 35
51 36
52 37
53 38
54 39
55 40
56 41
57 42
58 43
59 44
60 45
61 46
62 47
63 48
64 49
65 50
66 51
67 52
68 53
69 54
70 55
71 56
72 57
73 58
74 59
75 60
76 61
77 62
78 63
79 64
80 65
81 66
82 67
83 68
84 69
85 70
86 71
87 72
88 73
89 74
90 75
91 76
92 77
93 78
94 79
95 80
96 81
97 82
98 83
99 84
100 85
101 86
102 87
103 88
104 89
105 90
106 91
107 92
108 93
109 94
110 95
111 96
112 97
113 98
114 99
115 100
116 101
117 102
118 103
119 104
120 105
121 106
122 107
123 108
124 109
125 110
126 111
127 112
128 113
129 114
130 115
131 116
132 117
133 118
134 119
135 120
136 121
137 122
138 123
139 124
140 125
141 126
142 127
143 128
144 129
145 130
146 131
147 132
148 133
149 134
150 135
151 136
152 137
153 138
154 139
155 140
156 141
157 142
158 143
159 144
160 145
161 146
162 147
163 148
164 149
165 150
166 151
167 152
168 153
169 154
170 155
171 156
172 157
173 158
174 159
175 160
176 161
177 162
178 163
179 164
180 165
181 166
182 167
183 168
184 169
185 170
186 171
187 172
188 173
189 174
190 175
191 176
192 177
193 178
194 179
195 180
196 181
197 182
198 183
199 184
200 185
201 186
202 187
203 188
204 189
205 190
206 191
207 192
208 193
209 194
210 195
211 196
212 197
213 198
214 199
215 200
It’s safe to say that information security and the industry surrounding it has exploded into a massive, constantly growing sector around the world. Like many other professions within technology, the main attribute which has secured many organizations success (or failure) in maintaining their relevance has been their ability to adapt. In the case of security, we are constantly adapting to methods used by malicious actors with the hopes of becoming as secure as possible – with the goal of identifying (and remediating) vulnerabilities prior to an attack.
As security professionals we understand that it isn’t a matter of if an event happens, but when . Although nothing can be completely secure, it’s our job to work towards obtaining a level of maturity within our security programs that are proactive against potential threats. Although zero days will always exist, it’s our job to stay up to date and as protected as possible, which can be very costly, especially for many organizations that don’t fully understand security and (in many situations) are hesitant to move forward with a proper budget for what is needed to enable adequate professionally accepted levels of protection.
Information security, or cybersecurity, is still in its infancy. This may be a shocking statement to someone who doesn’t work within the industry; it is, however, accurate. Only recently have many universities begun offering degrees in the field of cybersecurity. Many pieces of software that would be considered a “must have” for a company’s defense in depth weren’t in existence just a couple of short years ago.
Many professionals in the industry have moved to their positions as security specialists after previously working in general information technology. I have worked with many organizations, in both the private and the public sectors, and at this point in time, from what I’ve witnessed, a very small fraction of security professionals have been formally educated in security, and rely heavily on certifications to prove their understanding of the field. This is a blessing for those who need to obtain credentials quickly without the slow drag of the many years of college, but also is a curse for those with certifications but little real world experience. An overwhelming number of professionals are learning on the job, which can be daunting given the fact that many organizations are looking to increase their maturity as quickly as possible.
There are many gears turning in a proper security program. There’s an overall lack of understanding of security by those outside of the security team, so one of the most prominent procedures by security professionals is to understand how to assign tasks to thelimited resources they have while properly managing a security program that grows in maturity on a constant basis. All in a world where new vulnerabilities can be found daily.
It’s no secret that software security and web application security are fast-growing segments within the field of cybersecurity. Every organization has a web presence. Every organization uses software. Individuals also use software and web applications in their daily lives, assets which hold personally identifiable information, and whose contents can greatly range in sensitivity.
Although identifying vulnerabilities through continuous testing is a powerful activity, many organizations don’t have the resources or budget to consider it as an option. In search for a remedy to this situation, I have seen many explore the option of creating or joining a bug bounty program, albeit reasons for considering such a program are not limited to such issues. This can clearly be seen in large organizations’ involvement with their own bug bounty programs. It’s quickly becoming a standard for many large companies to have a bug bounty program, either in house or through a third party.
Читать дальше