Blog

Hiding in plain sight: 3 Quick Checks for Low Hanging Fruit

May 10, 2018

Being able to quickly knock out the low hanging fruit vulnerabilities as a pen-tester is a matter of having a knowledge of their existence and finding quick ways to check for them. Here are a few quick hit, low hanging vulnerabilities that could provide the biggest kickoff point when doing an investigation.

Swagger Will not Stop

Not that kind of swagger. Swagger pages exist on API’s to help assist the development team with things like form, design, deployments, and testing new functionalities. A swagger page provides a lot of quick hit information for anyone malicious looking to exploit your website. Any modern application scanner should be able to detect an unprotected swagger page. Even if you do not have an scanning solution at your helm, simply typing “swagger.io” alongside the website name in Google to can expose if there is an open swagger page associated with a particular site. 

Open Ports

Another quick hit that should be incorporated into every pentesting catalog is a check for open ports. Why make it harder to get in to a network, when you could simply check for ports left open? A good example of these would be port 22; if left open, it could allow you direct access into the server itself. Get a good comprehensive list of known open ports and a quick way to scan for them. A very useful automated tool that can be used to accomplish port identification is NMAP. It is a Linux command line tool that enumerates available open ports and prints back the results to you in an easy to read format. There is also GUI interface version as well called Zenmap.

Misconfigurations or outdated OS patches

Lastly, being able to identify the underlying operating system will give you a starting point for investigating that OS patch level’s known exploitable vulnerabilities. In the long term, you will start to get the feel for different OS patches. It will come second nature to test for an Apache struts vulnerability or a memory corruption vulnerability on a Windows XP server. 

Overall, these are three quick points that should also be covered in any pentesting engagementregardless of whether you are performing the test or paying someone to do one on your infrastructure/application. Any experienced pentester will be able to list some of these examples off the top of his or her head.

Related Articles By Topic

Penetration Testing

Contact Us
Chat with our team about your Security Testing services.
Schedule a call
Contact Us

Recent Articles

Truvantis - Cybersecurity Maturity - One Size Does Not Fit All
PCI DSS, CIS Controls, Security Program, Privacy, ISO27001
Cybersecurity Maturity - One Size Does Not Fit All – Rick Folkerts

It's common knowledge that enterprise organizations need effective security, privacy and compliance programs to survive and grow. There are a handful of generic best practices but beyond that, cybersecurity programs must be tailored to...

Read more
The Silver Bullet Defense to Ransomware – by Andy Cottrell
Ransomware
The Silver Bullet Defense to Ransomware – by Andy Cottrell

In an era of cost-cutting, downsizing and generally insufficient budgets for everything, we are often asked, what is the one, main thing to do to protect against a ransomware attack? According to Statista, in 2022, there were 493.33 mi...

Read more
Cryptographic Agility – by Jeff Hall (the ’PCI Guru’)
Security Program
Cryptographic Agility – by Jeff Hall (the ’PCI Guru’)

With the advent of quantum computing, a new threat has been added to the information security mix. The threat is today’s secure cryptography may not be secure once quantum computers reach their potential. The threat to cryptography has...

Read more

info@truvantis.com

+1 (415) 422-9844

    © 2022 Truvantis, Inc All Rights Reserved.

    Privacy Policy    Terms of Service