1 00:00:00,300 --> 00:00:07,290 All right, in the last lecture, we talked about the importance of V and now let us have a look at 2 00:00:07,290 --> 00:00:10,190 the first step of vulnerability assessment. 3 00:00:10,530 --> 00:00:14,370 So the first step is to have a legal documentation. 4 00:00:14,820 --> 00:00:19,770 You cannot just randomly go and start performing our liberty assessment. 5 00:00:19,770 --> 00:00:27,510 You first need to seek proper authorization from the owner because compromising or attacking a system 6 00:00:27,510 --> 00:00:29,790 without prior authorization is a crime. 7 00:00:29,790 --> 00:00:34,740 So do not carry out random tests on different organizations websites. 8 00:00:35,010 --> 00:00:41,820 First, seek proper authorization and then on the move ahead in performing a proper V. 9 00:00:42,870 --> 00:00:47,640 The next step that is a second step is to identify the scope. 10 00:00:48,180 --> 00:00:51,480 Now there are some websites who have different domains. 11 00:00:51,480 --> 00:00:55,020 For example, let us consider APL's Web site. 12 00:00:55,050 --> 00:00:57,290 One domain can be about my book. 13 00:00:57,300 --> 00:01:00,840 Another domain of the website describes the word I watch. 14 00:01:01,110 --> 00:01:03,570 Another domain can be about IPAC. 15 00:01:03,750 --> 00:01:11,070 So first you need to identify the scope of vulnerability assessment because you may think this is just 16 00:01:11,070 --> 00:01:12,000 a small step. 17 00:01:12,000 --> 00:01:15,540 But actually it takes it takes a lot of effort. 18 00:01:15,810 --> 00:01:23,520 It takes many days to carry out a single penetration test or a vulnerability assessment in penetration 19 00:01:23,520 --> 00:01:24,030 testing. 20 00:01:24,030 --> 00:01:29,880 You identify the vulnerabilities and then try to exploit and gain the access when it comes to where 21 00:01:30,090 --> 00:01:33,510 you just identify the vulnerabilities and reported. 22 00:01:34,110 --> 00:01:39,150 So you have to first get yourself clear with the scope. 23 00:01:39,150 --> 00:01:45,810 If the if the owner says no, you cannot scan domain triennium in full, then you should not go for 24 00:01:45,810 --> 00:01:45,980 it. 25 00:01:45,990 --> 00:01:49,860 OK, so you first must decide the scope of the assessment. 26 00:01:51,090 --> 00:01:53,130 The next is information assessment. 27 00:01:53,910 --> 00:02:01,890 Those who are very experienced when it comes to ethical hacking or vapidity always find out the information 28 00:02:02,070 --> 00:02:03,360 related to the scope. 29 00:02:03,360 --> 00:02:07,980 You cannot just start using random tools and then carry out a test. 30 00:02:08,360 --> 00:02:13,860 Those are script kiddies who just use the tools and start performing assessment. 31 00:02:14,280 --> 00:02:20,790 You first have to find out the proper knowledge when it comes to information, I suspect so. 32 00:02:20,790 --> 00:02:26,970 If you are trying to ask a girl or a boy for a date, you first find out the information, right, that 33 00:02:26,970 --> 00:02:28,050 he or she lives. 34 00:02:28,320 --> 00:02:30,100 What is his or her favorite color? 35 00:02:30,120 --> 00:02:31,530 Favorite food, right. 36 00:02:31,560 --> 00:02:34,650 Don't just ask the person on a date. 37 00:02:34,770 --> 00:02:37,470 So you first find out the information. 38 00:02:38,610 --> 00:02:39,720 No offense to people. 39 00:02:39,720 --> 00:02:41,940 I was just trying to give an analogy for you. 40 00:02:42,330 --> 00:02:45,600 OK, the fourth step is vulnerability assessment. 41 00:02:45,900 --> 00:02:53,550 After you have decided the scope, after you find out the information, now is the time to perform a 42 00:02:53,550 --> 00:02:59,250 proper vulnerability assessment in which you identify the different vulnerabilities. 43 00:03:00,390 --> 00:03:05,820 The fifth, this penetration testing, as I said then you are done with VA. 44 00:03:05,820 --> 00:03:09,870 You have to check whether those bugs really exist or not. 45 00:03:09,900 --> 00:03:15,840 Now, when it comes to a proper professional vulnerability assessment, it is not possible to do the 46 00:03:15,840 --> 00:03:17,640 entire VA manually. 47 00:03:17,640 --> 00:03:26,610 OK, so you use automated tools like Magnus's at Kinetics Labs that proxy Batsuit tools. 48 00:03:26,610 --> 00:03:32,400 So all these tools are automated civil liberty scanners which scan the website automatically and then 49 00:03:32,400 --> 00:03:33,840 give you the vulnerabilities. 50 00:03:34,140 --> 00:03:34,680 All right. 51 00:03:35,130 --> 00:03:40,530 But again, it is your job to test whether the vulnerabilities are present or not. 52 00:03:40,530 --> 00:03:47,790 So in that penetration testing comes into picture, where the attacker or where the hacker, the ethical 53 00:03:47,790 --> 00:03:54,570 hacker specifically manually checks for each and every one liberty present on the system. 54 00:03:55,770 --> 00:04:01,560 The sixth is gaining access now that you have got the information, you have exploited the bugs. 55 00:04:01,830 --> 00:04:03,530 It's time to gain the access. 56 00:04:03,810 --> 00:04:10,350 So gaining access is very important because if you are able to gain access, then there is point in 57 00:04:10,350 --> 00:04:12,300 reporting that will help. 58 00:04:12,540 --> 00:04:17,430 So if you are if you're getting any access, whether it is an admin level access or. 59 00:04:18,650 --> 00:04:23,720 Executive level access, you have to gain the access next is privileges. 60 00:04:24,200 --> 00:04:26,550 Now let's say you are an attacker. 61 00:04:26,570 --> 00:04:27,890 You are an ethical hacker. 62 00:04:28,250 --> 00:04:33,170 And you are not assigned a member of the website education website. 63 00:04:33,170 --> 00:04:36,650 Lets say X, Y, Z, dot com is the educational website. 64 00:04:36,650 --> 00:04:40,500 And you are an external pen tester hired to test the website. 65 00:04:40,790 --> 00:04:46,430 You don't have an account on the website, but now that you have performed a penetration test, you're 66 00:04:46,430 --> 00:04:51,370 able to get the access of a student who has enrolled in some courses. 67 00:04:51,800 --> 00:04:53,840 So that is gaining access fees. 68 00:04:54,260 --> 00:05:01,010 Once you have the access of student, you again test for bugs, which will give you the access of the 69 00:05:01,010 --> 00:05:01,880 administrator. 70 00:05:02,270 --> 00:05:08,840 And if you are able to get the access of administrator, then that is known as privileged escalation. 71 00:05:10,330 --> 00:05:16,420 Once you perform the privilege escalation and once you have identified all the bugs present in the system, 72 00:05:16,720 --> 00:05:18,640 it can be a skill injection. 73 00:05:18,850 --> 00:05:21,130 It can be database exploitation. 74 00:05:21,130 --> 00:05:23,560 It can be cross site scripting attack. 75 00:05:23,560 --> 00:05:25,840 It can be brute forcing attack. 76 00:05:26,650 --> 00:05:32,090 Or it can be any attack which we'll be seeing in the next upcoming sections of ethical hacking. 77 00:05:32,380 --> 00:05:38,650 So once you are done with all these attacks, it's time to write a report with everything. 78 00:05:38,650 --> 00:05:40,780 So you have to mention the validity type. 79 00:05:41,050 --> 00:05:42,850 You have to mention the security. 80 00:05:43,120 --> 00:05:49,750 You have to attach the screenshots, if possible, attach a video in the report, then you have to write 81 00:05:49,750 --> 00:05:52,090 the steps how you exploited the bug. 82 00:05:53,440 --> 00:05:56,920 Then after that, you have to submit the report to the management. 83 00:05:56,920 --> 00:06:01,770 And if the management approves the report, you have to then provide the patch, OK? 84 00:06:01,960 --> 00:06:08,860 You just don't have to, you know, did discover the vulnerability and leave as it is. 85 00:06:08,860 --> 00:06:11,280 It is your job to provide a proper batch. 86 00:06:11,740 --> 00:06:17,890 But again, one thing that I would like to tell you is that all these things are not done all alone 87 00:06:17,890 --> 00:06:18,370 by you. 88 00:06:18,370 --> 00:06:21,550 You have a team of analysts who do different jobs. 89 00:06:22,750 --> 00:06:28,360 So let's say there's a team of five people, two people are involved in legal documentation and report 90 00:06:28,360 --> 00:06:33,900 writing to are involved in scope assessment, information assessment and vulnerability assessment, 91 00:06:34,270 --> 00:06:39,190 you are involved in two testing and another one is involved in Bache assistance. 92 00:06:39,190 --> 00:06:43,480 In this way, a team works and the final step is revalidation. 93 00:06:43,690 --> 00:06:49,600 You have to check if the patch is properly installed and if the system is secure or not. 94 00:06:49,630 --> 00:06:53,700 So all these 10 steps form of celebrity assessment. 95 00:06:54,820 --> 00:06:56,740 So it's such a vulnerability. 96 00:06:56,740 --> 00:07:03,160 Assessments are carried out in the organizations and these should be carried out every month so as to 97 00:07:03,160 --> 00:07:06,900 prevent, detect and these assessments take. 98 00:07:07,270 --> 00:07:09,960 One assessment takes at least two to three days. 99 00:07:09,970 --> 00:07:16,750 So depending upon the nature and the scope of the assessment, it may take longer or it may take shorter. 100 00:07:17,290 --> 00:07:23,740 But you don't have to rush and don't have to, you know, depend upon the automatic results. 101 00:07:24,070 --> 00:07:28,960 And that is why it is important to have a team of people who can work together. 102 00:07:29,050 --> 00:07:35,350 For example, let's say you have a member who doesn't like to code and who doesn't like to hack into 103 00:07:35,350 --> 00:07:35,800 systems. 104 00:07:35,800 --> 00:07:42,160 So what he can do is he can deal with legal documentation, SCOP assessment and report generation. 105 00:07:42,760 --> 00:07:48,100 That is one guy who is good at vulnerability knowledge, but he don't want to hack into systems. 106 00:07:48,100 --> 00:07:49,580 He's not that interesting. 107 00:07:49,840 --> 00:07:53,470 So what he can do is he can carry out the information assessment. 108 00:07:53,800 --> 00:07:59,020 He can carry out the vulnerability assessment and then provide you all the vulnerabilities. 109 00:07:59,200 --> 00:08:02,860 You can carry out penetration testing and all the steps. 110 00:08:02,860 --> 00:08:10,540 Five, six, seven, eight is already being done by the first guy and nine step batch assistant is done 111 00:08:10,540 --> 00:08:16,210 by the one who, you know, has a good knowledge of programming skills and who knows how to patch the 112 00:08:16,210 --> 00:08:17,020 vulnerabilities. 113 00:08:17,020 --> 00:08:20,140 And again, that can be done by you in this way. 114 00:08:20,140 --> 00:08:24,760 A team effort is required to carry out effective penetration test. 115 00:08:25,730 --> 00:08:26,310 All right. 116 00:08:26,560 --> 00:08:30,100 These were the ten steps for effective vulnerability assessment. 117 00:08:30,370 --> 00:08:35,530 If you still have any doubts, please feel free to answer and ask us in the comments section. 118 00:08:35,800 --> 00:08:39,400 They'll try to answer these questions as soon as we can. 119 00:08:40,120 --> 00:08:40,670 Great. 120 00:08:40,720 --> 00:08:46,780 I know this is a lot of information for you as a beginner, but trust me, this is the best course which 121 00:08:46,780 --> 00:08:52,240 will help you to get started from scratch to cybersecurity professional. 122 00:08:52,960 --> 00:08:53,530 All right. 123 00:08:53,530 --> 00:08:54,880 Keep the momentum going. 124 00:08:54,880 --> 00:09:01,450 I will see you in the next lecture where we'll talk about the need for cybersecurity in today's world.