cancel
Clear records
history record
Clear records
history record
Recently, there has been a lot of talk about vulnerability scanning. InsightSec has always believed that vulnerability scanning is a common practice in the industry, but it turns out that many people are not familiar with the principles behind it and its impact. Let's take a look at it together.
What is vulnerability scanning?
Vulnerability scanning is a common method used in information security to assess risks. Just like how a doctor uses an X-ray to examine a patient's body for any issues, security professionals often use vulnerability scanning to assess whether a target system has any vulnerabilities and determine the next steps for security protection.
What is the principle behind vulnerability scanning?
Specific requests are sent to remote services, and based on the behavior of the remote services' responses, it is determined whether a specific vulnerability exists (sometimes based on version information returned).
What is the impact of vulnerability scanning?
3.1 Network impact
The frequency and quantity of network packet requests can have an impact on the network and applications. It may cause switches/routers to crash, leading to a chain reaction. Excessive queries per second (QPS) may exceed the performance limits of services, resulting in service interruptions.
3.2 Impact on abnormal handling
The business may fail to handle special inputs correctly, leading to abnormal crashes. For example, a service using a proprietary protocol may coincidentally be listening on TCP port 80 and crash when receiving an HTTP Get request.
3.3 Impact on logs
When probing publicly accessible services, each URL probe may result in a 40x or 50x error log. Normal monitoring logic relies on status codes in the access logs. Without proper handling, a sudden increase in 40x errors will require a response from the business's Site Reliability Engineering (SRE) and developers. If they frantically log in to the VPN in the middle of the night or during a holiday only to discover that it was triggered by a security engineer, and it even leads to the impacts mentioned in 3.1 and 3.2, the responsibility will undoubtedly fall on the security engineer.
Only with a thorough understanding can we effectively grasp and operate. Shanghai InsightSec Network Technology Co., Ltd. is a technology service company specializing in providing information security solutions for enterprises. Follow us to learn more about information security knowledge.
Related News