This feature of Nmap is commonly used to discover unauthorized or outdated applications and services. What really helps to put it into perspective is discussing real-life scenarios and that is what we’ll do in this section. We have previously discussed Nmap’s capability for service and version detection against open ports.
For this reason, application identification has become one of the most critical components of modern assessment tools. Different applications that offer the same service will often respond to a probe in such a way that it convinces the vulnerability test that a flaw was found. When the developers of these assessment tools are writing the vulnerability tests, they often assume that the system they are interacting with is always going to be the product in which the vulnerability was discovered. The most common cause for false positives is either missing or incomplete application identification before a vulnerability test is run. One of the biggest problems with most assessment tools is false positives, or simply reporting vulnerabilities that do not actually exist on the tested systems. To accurately detect this vulnerability on this Web server without crashing it, the system needs to first identify that specific application and then prevent any of the problematic vulnerability tests from running against it. An example of this is if a Web server is vulnerable to a long pathname overflow if any other vulnerability test sends a request longer than what is expected by this system, the application will crash. This information is critical for quite a few reasons, the least of which being that the vulnerability tests for one application can actually cause another application to crash. The goal of this stage is to identify the vendor, type, and version of every service detected in the previous stage. Once the service detection phase is complete, the next step is to determine the actual application in use for each detected service. Russ Rogers, in Nessus Network Auditing (Second Edition), 2008 Identifying Applications
0 kommentar(er)
