1/172
Google Cybersecurity Course 5 (Assets, Threats, and Vulnerabilities) Module 3 (Vulnerabilities in systems)
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai | Chat |
|---|
No analytics yet
Send a link to your students to track their progress
Vulnerability
A weakness that can be exploited by a threat.
can
A vulnerability is a weakness that ___ be exploited by a threat.
Exploit
A way of taking advantage of a vulnerability.
Vulnerability management
The process of finding and patching vulnerabilities.
Vulnerability management steps
Identify vulnerabilities
Consider potential exploits
Prepare defenses against threats
Evaluate those defenses
Identify vulnerabilities
The 1st step in the vulnerability management process.
Consider potential exploits
The 2nd step in the vulnerability management process.
Prepare defenses against threats
The 3rd step in the vulnerability management process.
Evaluate those defenses
The 4th step in the vulnerability management process.
Zero-day
An exploit that was previously unknown.
Continuous Integration, Continuous Delivery, Continuous Deployment
Aka CI/CD.
Continuous Integration
Aka CI.
CI
All about frequently merging code changes from different developers into a central location. This triggers automated processes like building the software and running tests. This tool catches problems through an automated process: every time code is integrated, the system automatically builds and tests it. This immediate feedback loop reveals integration problems as soon as they occur. This tool helps catch integration problems early, leading to higher quality code. Think of it as the foundation of the pipeline.
Continuous Delivery
Aka CD (Ready to Release)
CD (Ready to Release)
Means your code is always ready to be released to users. After passing automated tests, code is automatically deployed to a staging environment or prepared for final release. Typically, a manual approval step is still needed before going live to production, which provides a control point.
Continuous Deployment
Aka CD (Fully Automated Releases)
CD (Fully Automated Releases)
Automated the entire release process. Changes that pass all automated checks are automatically deployed directly to the live production environment, with no manual approval. This is all about speed and efficiency.
Dynamic Application Security Testing
Aka DAST.
DAST
Automated tests that find vulnerabilities in running applications in realistic staging environments.
Security Compliance Checks
Automated checks that ensure software meets your organization’s security rules and policies.
Infrastructure Security Validations
Checks that make sure the systems hosting your software are secure.
Why CI/CD Pipelines is Non-Negotiable
Secure Automation
Improved Code Quality Via Security Checks
Faster Time to Market for Security Updates
Enhanced Collaboration and Feedback with Safety Focus
Reduced Risk
Common Vulnerabilities and Exposures
Aka CVEs.
Common CI/CD Pipeline Vulnerabilities: What to Watch Out For
Insecure Dependencies: Risks from Third-Party Code
Misconfigured Permissions: Controlling Access
Lack of Automated Security Testing: Missing Critical Checks
Exposed Secrets: Protecting Sensitive Information
Unsecured Build Environments: Protecting the Pipeline Infrastructure
Insecure Dependencies
CI/CD pipelines often use many third-party libraries and components. If these components have known vulnerabilities, those vulnerabilities can be unknowingly added to your application during the automated build process.
Action Step for Insecure Dependencies
Regularly scan and update your dependencies. Make sure you’re using secure versions of all external components.
Misconfigured Permissions: Controlling Access
Weak access controls in CI/CD tools, code repositories, and related systems are a significant vulnerability. Unauthorized access can allow attackers to modify code, pipeline configurations, or inject malicious content.
Action Step for Misconfigured Permissions
Implement strong access management using Role-Based Access Control (RBAC). Ensure only authorized individuals can access and change critical pipeline elements.
Lack of Automated Security Testing: Missing Critical Checks
Failing to include automated security testing in your CI/CD pipeline is a serious error. Without tools like SAST and DAST, you are almost guaranteed to release software full of vulnerabilities that will go undetected until after it’s live, leading to significantly higher costs and effort to fix.
Action Step for Lack of Automated Security Testing
Integrate automated security testing (SAST and DAST) into your CI/CD pipeline. This should be a core part of your secure CI/CD strategy.
Exposed Secrets: Protecting Sensitive Information
Hardcoding sensitive data like API keys, passwords, and tokens directly into code or pipeline settings is a serious security mistake. If exposed, these secrets can lead to major security breaches.
Action Step for Exposed Secrets
Never hardcode secrets. Use secure vaults or dedicated secrets management tools to store and manage sensitive information. Enforce this practice across your team.
Unsecured Build Environments: Protecting the Pipeline Infrastructure
The CI/CD environment itself (the servers and systems that run your pipeline) needs to be secure. If this environment is vulnerable, attackers can compromise it to alter builds, inject malicious code, or steal sensitive data.
Action Step for Unsecured Build Environments
Hard your build environments. Use secure containers or virtual machines to minimize the risk of a compromised pipeline.
Best practices for CI/CD
Integrate Security from the Start: Embrace DevSecOps
Implement Strong Access Controls
Automate Security Testing Everywhere
Keep Dependencies Updated
Secure Secrets Management
Integrate Security from the Start: Embrace DevSecOps
Adopt a DevSecOps mindset. This means building security into every stage of development, from planning to deployment and beyond. This naturally includes embedding security checks into your CI/CD pipeline.
Implement Strong Access Controls
Use strict permission policies based on the principle of least privilege. Only grant necessary access to code, pipeline settings, and deployment configurations. Use tools like MFA and RBAC to secure your CI/CD environment.
Automate Security Testing Everywhere
Make automated security scans and tests a fundamental part of your build and deployment process. Tools like SAST, SCA, and CAST are not optional extras — they are essential for a secure CI/CD pipeline so you can catch vulnerabilities early.
Keep Dependencies Updated
Maintain a current inventory of all third-party dependencies, libraries, and CI/CD plugins. Regularly update these components to patch security vulnerabilities (CVEs). Tools like Dependabot and Snyk can automate dependency management.
Software Composition Analysis
Aka SCA.
Secure Secrets Management
Never hardcode sensitive information in your code or pipeline configurations. Require the use of dedicated secrets management tools like HashiCorp Vault or AWS Secrets Manager. Secure store, access, and rotate secrets throughout the CI/CD process.
Defense in depth
A layered approach to vulnerability management that reduces risk.
Defense in depth strategy
Perimeter layer
Network layer
Endpoint layer
Application layer
Data layer
usernames and passwords
Part of the perimeter layer in defense in depth strategy
authorization and firewalls
Part of the network layer Defense in Depth strategy
devices like laptop, desktop, or server
Part of the endpoint layer in Defense in Depth strategy
MFA and other security measures programmed into applications
Part of the application layer in defense in depth strategy
PII and asset classification
Part of the Data Layer in the Defense in Depth strategy
Exposure
A mistake that can be exploited by a threat.
Common Vulnerabilities and Exposures list
Aka CVE list
CVE list
An openly accessible dictionary of known vulnerabilities and exposures.
MITRE
A collection of non-profit research and development centers sponsored by the US government.
1999
What year was the CVE list created?
MITRE
Who created the CVE list?
CVE Numbering Authority
Aka CNA.
CNA
An organization that volunteers to analyze and distribute information on eligible CVEs
CVE list criteria
Independent of other issues
Recognized as a potential security risk
Submitted with supporting evidence
Only affect one codebase
NIST National Vulnerabilities Database
An organization that tests CVEs to reveal how significant the flaws are and to determine what kind of threat they pose.
Common Vulnerability Scoring System
Aka CVSS
CVSS
A measurement system that scores the severity of the vulnerability
< 4.0
What CVSS score is considered low risk?
> 9.0
What CVSS score is considered critical risk?
Open Worldwide Application Security Project
Aka OWASP
Open Web Application Security Project
Previous name for OWASP
OWASP
A nonprofit foundation that works to improve the security of software. OWASP is an open platform that security professionals from around the world use to share information, tools, and events that are focused on security the web.
OWASP Top 10
Updated every few years as technologies evolve. Rankings are based on how often the vulnerabilities are discovered and the level of risk they present.
OWASP Top 10
Audits use the ____ ___ __ as one point of reference when checking for regulatory compliance.
Broken access control
One of the OWASP Top 10. Access controls limit what users can do in a web application. For example, a blow might allow visitors to post comments on a recent article but restricts them from deleting the article entirely. Failures in these mechanisms can lead to unauthorized information disclosure, modification, or destruction. They can also give someone unauthorized access to other business applications.C
Cryptographic failures
One of the OWASP Top 10. Information is one of the most important assets businesses need to protect. Privacy laws such as GDPR require sensitive data to be protected by effective encryption methods. Vulnerabilities can occur when businesses fail to encrypt things like PII. For example, if a web application uses a weak hashing algorithm, like MD5, it’s more at risk of suffering a data breach.
General Data Protection Regulation
Aka GDPR.
Personally identifiable information
Aka PII.
Injection
One of the OWASP Top 10. Occurs when malicious code is inserted into a vulnerable application. Although the app appears to work normally, it does things that it wasn’t intended to do. These attacks can give threat actors a backdoor into an organization’s information system. A common target is a website’s login form. When these forms are vulnerable to injection, attackers can insert malicious code that gives them access to modify or steal user credentials.
Insecure design
One of the OWASP Top 10. Applications should be designed in such a way that makes them resilient to attack. When they aren’t, they’re much more vulnerable to threats like injection attacks or malware infections. Insecure design refers to a wide range of missing or poorly implemented security controls that should have been programmed into an application when it was being developed.
Security misconfiguration
One of the OWASP Top 10. Misconfigurations occur when security settings aren’t properly set or maintained. Companies use a variety of different interconnected systems. Mistakes often happen when those systems aren’t properly set up or audited. A common example is when businesses deploy equipment, like a network server, using default settings. This can lead businesses to use settings that fial to address the organization’s security objectives.
Vulnerable and outdated components
One of the OWASP Top 10. A category that mainly relates to application development. Instead of coding everything from scratch, most developers use open-source libraries to complete their projects faster and easier. This publicly available software is maintained by communities of programmers on a volunteer basis. Applications that use vulnerable components that have not been maintained are at greater risk of being exploited by threat actors.
Identification and authentication failures
One of the OWASP Top 10. Identification is the keyword in this vulnerability category. When applications fail to recognize who should have access and what they’re authorized to do, it can lead to serious problems. For example, a home Wi-Fi router normally uses a simple login form to keep unwanted guests off the network. If this defense fails, an attacker can invade the homeowner’s privacy.
Software and data integrity failures
One of the OWASP Top 10. Software and data integrity failures are instances when updates or patches are inadequately reviewed before implementation. Attackers might exploit these weaknesses to deliver malicious software. When that occurs, there can be serious downstream effects. Third parties are likely to become infected if a single system is compromised, an event known as a supply chain attack.
SolarWinds cyber attack 2020
A famous example of a supply chain attack
SolarWinds attack details
Event where hackers famously injected malicious code into software updates that the company unknowingly released to their customers.
Security loging and monitoring failures
One of the OWASP Top 10. In security, it’s important to be able to log and trace back events. Having a record of events like user login attempts is critical to finding and fixing problems. Sufficient monitoring and incident response is equally important.
Service-side request forgery
One of the OWASP Top 10. Companies have public and private information stored on web servers. When you use a hyperlink or click a button on a website, a request is sent to a server that should validate who you are, fetch the appropriate data, and then return it to you.
Server-side request forgery
Aka SSRF
SSRF
When attackers manipulate the normal operations of a server to read or update other resources on the server. These are possible when an application on the server is vulnerable. Malicious code can be carried by the vulnerable app to the host server that will fetch unauthorized data.
open-source intelligence
Aka OSINT.
OSINT
The collection and analysis of information from publicly available sources to generate usable intelligence. It’s commonly used to support cybersecurity activities, like identifying potential threats and vulnerabilities.
Information
Refers to the collection of raw data or facts about a specific subject.
Intelligence
Refers to the analysis of information to produce knowledge or insights that can be used to support decision-making.
Information security
Aka InfoSec.
OSING Tools
VirusTotal
MITRE ATT&CK
OSINT Framework
Have I been Pwned
VirusTotal
A service that allows anyone to analyze suspicious files, domains, URLs, and IP addresses for malicious content.
MITRE ATT&CK
A knowledge base of adversary tactics and techniques based on real-world observations.
OSINT Framework
A web-based interface where you can find OSINT tools for almost any kind of source or platform.
Have I been Pwned
A tool that can be used to search for breached email accounts.
Vulnerability assessment
The internal review process of organization’s security systems
Vulnerability assessment process
Identification
Vulnerability analysis
Risk assessment
Remediation
Identification
The first step in the Vulnerability Assessment Process. The goal is to understand the current state of a security system.
Vulnerability analysis
The second step in the Vulnerability Assessment Process. Each of the vulnerabilities that were identified are tested.
Risk assessment
The third step in the Vulnerability Assessment Process. A score is assigned to each vulnerability. This score is assigned based on two factors: how severe the impact would be if the vulnerability were to be exploited and the likelihood of this happening. Vulnerabilities uncovered during the first two steps of this process often outnumber the people available to fix them. Risk assessments are a way of prioritizing resources to handle the vulnerabilities that need to be addressed based on their score.
Remediation
The fourth step in the Vulnerability Assessment Process. The vulnerabilities that can impact the organization are addressed. This step occurs depending on the severity score assigned during the risk assessment step. This part of the process is normally a joint effort between the security staff and IT teams to come up with the best approach to fixing the vulnerabilities that were uncovered earlier.
Vulnerability scanner
Software that automatically compares known vulnerabilities and exposures against the technologies on the network. In general, these tools scan systems to find misconfigurations or programming flaws.