Questions tagged [vulnerability-assessment]
The vulnerability-assessment tag has no usage guidance.
82
questions
2
votes
1
answer
285
views
How to report related findings in a pentest report
I am running a pentest on a web application, and I detected a vulnerability but I am not sure how to report it. I am confused if I should split it or document it as 1 finding. I will explain below.
So ...
0
votes
1
answer
121
views
How to calculate CVSS score of a finding detected in the source code?
While I was doing source code review of API handlers for REST APIs, I found a security issue.
This issue is that some methods have the annotation @PreAuthorize("permitAll()").
If I want to ...
0
votes
1
answer
184
views
If a library has a vulnerable function, but my code doesn't call it, is my code at risk? Do I need to update?
I am trying to analyze CVE-2023-34453. As per the NVD description, there is an integer overflow error in snappy-java, specifically in the method shuffle(int[] input) in BitShuffle.java.
In a huge ...
1
vote
0
answers
132
views
Is it possible to break out of 8086 tiny from within?
We don't normally worry about old school viruses breaking out of emulators; but sometimes we worry about targeted exploit code breaking out of emulators.
8086tiny is an 8086/80186 CPU emulator. The ...
0
votes
0
answers
84
views
Android Security Testing and Tools Clarifications
I'm new to cybersecurity and learning about pen testing Android security. I need tools for this. I found a website with a list of 75 tools (https://gbhackers.com/android-security-penetration-testing/)....
0
votes
1
answer
186
views
How to assess the Privilege Required?
I am calculating the CVSS score for an issue, and I am confused about the Privileges Required (PR).
The issue is, for a client desktop app that connects to a server, the logged in user allows ...
0
votes
1
answer
118
views
In case of multiple websites using a single IP, and we have been asked to perform vulnerability assessment to ensure its security, how many to target
When doing black-box vulnerability assessment (with permission of course) of a subdomain of a website, the first step is enumeration; and the first step of that is finding IP of the subdomain.
If you ...
1
vote
0
answers
99
views
How does a risk assessment for an EU project look like?
I have to add provide a draft of a risk assessment for a small EU project.
As I've never done this, I struggle with identifying assets or vulnerabilities. I'm aware of very general lists, but I wonder ...
1
vote
3
answers
193
views
Security implications of using the current session to mint new access tokens
I saw a setup recently where frontend and resource servers were hosted on subdomains of the same second level domain. E.g. ui.example.com and api.example.com.
It had an interesting authentication flow ...
0
votes
1
answer
187
views
Information leakage from a API 404 response
Our consulting company has received a VAPT from a consulting company on behalf of a financial customer.
The application has an HR/group management module.
Normally employees are created by an ...
1
vote
0
answers
101
views
Is there any guideline or procedure for 4G hardware equipement (4G landline phone and home Wifi router) security audit/assessment?
I need to perform a security audit/assessment on 4G LTE hardware equimements :
4G landline wireless phone (not android OS but with many features such as WiFi hotspot)
4G Wifi home router
Is there ...
2
votes
2
answers
831
views
What is dynamic code analysis? Is it the same as DAST?
I'm confused a bit between the terms. What I know is that there is SAST and DAST. SAST is scanning code statically for possible vulnerabilities, equivalent to static code analysis. This is usually ...
1
vote
1
answer
137
views
Security for a Windows application running in a corporate network
I know security is pretty important for the web application, but what about windows applications running in a corporate environment, network, not accessible from outside.
Do we need to treat security ...
2
votes
1
answer
2k
views
RCE vs ACE vulnerability families
Is RCE (Remote Code Execution) just ACE (Arbitrary Code Execution) over a network or is there an example where RCE is not ACE? Is RCE always the more severe of the two (with respect to gaining system ...
1
vote
1
answer
124
views
Is an outdated library in a Windows user mode desktop application an actual security risk?
I have an Windows 10 desktop application that runs in user mode only, and this application is a local tool only -- that is, it does not "talk to the internet".
As an example:
This ...