Background. Vulnerabilities in software provides attackers with the means to fulfill unlawful behavior. Since software has so much power, gaining control over vulnerabilities can mean that an attacker gains unauthorized powers. Since vulnerabilities are the keys that let attackers attack, vulnerabilities must be discovered and mitigated. Scanning vulnerable machines is not enough, and scanning data results must be parsed to prioritize vulnerability mitigation and conduct security assessment. Objectives. Creating a parser is the first objective, a tool that takes in input, filters it and gives output specified by the parser. The second objective is to have the parser connect found packages to known vulnerabilities. And the last objective is to have the parser give the output more information, sort them by severity and give information on what areas they are vulnerable. Methods. The interviews are conducted on experienced employees at Truesec AB. A parser is implemented with guidance from the supervisor at Truesec. The parser is experimented with to check practicality of parser. Results. The parser can find vulnerabilities from the Centos tests and does not find any from the Debian tests. From the interviews, we see that more information strengthens a security assessment. Expanding the scanning results will provide more information to the person(s) conducting security assessment. Conclusions. The amount of information gathered in security assessment needs to be expanded to make the assessment more reliable. Packages found can be connected with vulnerabilities by implementing a vulnerability database to match packages. The parser developed does not help in security assessment since the output is not reliable enough, this is caused by the phenomenon backporting.
Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:bth-16723 |
Date | January 2018 |
Creators | Sandgren, Per |
Publisher | Blekinge Tekniska Högskola, Institutionen för datalogi och datorsystemteknik |
Source Sets | DiVA Archive at Upsalla University |
Language | English |
Detected Language | English |
Type | Student thesis, info:eu-repo/semantics/bachelorThesis, text |
Format | application/pdf |
Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.0025 seconds