vulnerability-scanning

Original🇺🇸 English
Translated

Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), container security scanning, dependency vulnerability management, and common vulnerability tools (Snyk, Trivy, OWASP ZAP, SonarQube)

1installs
Sourcedavincidreams/agent-team-plugins
Added on

NPX Install

npx skill4agent add davincidreams/agent-team-plugins vulnerability-scanning

Tags

Translated version includes tags in frontmatter
vulnerability-scanningsastdastscacontainer-security

SKILL.md Content

View Translation Comparison →

Vulnerability Scanning

Static Application Security Testing (SAST)

SAST Overview

SAST analyzes source code, bytecode, or binaries without executing the application to identify security vulnerabilities.

SAST Techniques

  • Pattern Matching: Match code against known vulnerability patterns
  • Data Flow Analysis: Track data flow through the application to identify tainted data
  • Control Flow Analysis: Analyze execution paths to identify potential issues
  • Taint Analysis: Track user input through the application to identify injection points
  • Semantic Analysis: Understand code semantics to identify complex vulnerabilities

Common SAST Vulnerabilities

  • Injection Flaws: SQL injection, command injection, LDAP injection
  • Cross-Site Scripting (XSS): Reflected, stored, and DOM-based XSS
  • Authentication Issues: Weak authentication, session management flaws
  • Authorization Issues: Broken access controls, privilege escalation
  • Cryptographic Issues: Weak algorithms, improper key management
  • Input Validation: Missing or insufficient input validation
  • Error Handling: Information leakage through error messages

SAST Tools

  • SonarQube: Code quality and security analysis with extensive rule sets
  • Checkmarx: Enterprise SAST solution with deep code analysis
  • Fortify Static Code Analyzer: Comprehensive SAST from Micro Focus
  • Semgrep: Fast, open-source static analysis with custom rules
  • CodeQL: Semantic code analysis from GitHub
  • Bandit: Python security linter
  • ESLint: JavaScript security plugins (eslint-plugin-security)
  • SpotBugs: Java static analysis with security rules

Dynamic Application Security Testing (DAST)

DAST Overview

DAST analyzes running applications to identify security vulnerabilities through external testing.

DAST Techniques

  • Crawling and Spidering: Discover application endpoints and functionality
  • Fuzzing: Send malformed or unexpected input to identify vulnerabilities
  • Authentication Testing: Test authentication mechanisms for weaknesses
  • Session Management: Analyze session handling for security issues
  • Input Validation: Test input fields for injection vulnerabilities
  • Business Logic: Test business logic flaws and authorization bypasses

Common DAST Vulnerabilities

  • Injection Attacks: SQL injection, command injection, XSS
  • Authentication Flaws: Weak passwords, session fixation
  • Authorization Issues: IDOR, privilege escalation
  • Session Management: Session hijacking, fixation
  • Cryptographic Issues: Weak SSL/TLS, insecure cookies
  • Information Disclosure: Sensitive data in responses, error messages

DAST Tools

  • OWASP ZAP: Free, open-source web application security scanner
  • Burp Suite: Comprehensive web security testing platform
  • AppScan: Enterprise DAST solution from IBM
  • Nessus: Vulnerability scanner with web application testing
  • Arachni: Open-source web application security scanner
  • SQLMap: Automated SQL injection tool
  • Nikto: Web server scanner

Software Composition Analysis (SCA)

SCA Overview

SCA identifies and analyzes third-party components and dependencies for known vulnerabilities.

SCA Techniques

  • Dependency Analysis: Identify all direct and transitive dependencies
  • Vulnerability Matching: Match dependencies against vulnerability databases
  • License Compliance: Check for license compliance issues
  • Version Analysis: Track dependency versions and updates
  • Risk Scoring: Assess risk based on vulnerability severity and usage

SCA Vulnerability Databases

  • NVD (National Vulnerability Database): US government vulnerability database
  • CVE (Common Vulnerabilities and Exposures): Standardized vulnerability identifiers
  • GitHub Advisory Database: GitHub's vulnerability database
  • Snyk Vulnerability Database: Snyk's curated vulnerability database
  • OSS Index: Sonatype's open-source vulnerability database

SCA Tools

  • Snyk: Developer-first security platform with SCA, SAST, and container scanning
  • Trivy: Comprehensive vulnerability scanner for containers, files, and dependencies
  • Dependabot: GitHub's automated dependency updates and vulnerability alerts
  • WhiteSource: Enterprise SCA with comprehensive vulnerability database
  • Black Duck: Enterprise SCA with license compliance
  • OWASP Dependency-Check: Open-source SCA tool
  • npm audit: Node.js package manager's built-in SCA
  • pip-audit: Python package manager's security audit tool

Container Security Scanning

Container Vulnerabilities

  • Base Image Vulnerabilities: Vulnerabilities in the base OS image
  • Application Dependencies: Vulnerabilities in application dependencies
  • Configuration Issues: Insecure container configurations
  • Secrets in Images: Hardcoded secrets or credentials
  • Outdated Packages: Outdated packages with known vulnerabilities

Container Scanning Tools

  • Trivy: Comprehensive vulnerability scanner for containers
  • Clair: Open-source vulnerability static analysis for containers
  • Anchore: Container inspection and vulnerability analysis
  • Aqua Security: Enterprise container security platform
  • Twistlock: Container security from Prisma Cloud
  • Docker Scout: Docker's built-in vulnerability scanner
  • Grype: Vulnerability scanner for container images

Container Security Best Practices

  • Use Minimal Base Images: Use minimal base images like Alpine or distroless
  • Scan Images: Scan images at build time and runtime
  • Patch Regularly: Keep base images and dependencies updated
  • Scan Dependencies: Include SCA for application dependencies
  • Run as Non-Root: Run containers as non-root users
  • Read-Only Filesystems: Use read-only filesystems where possible
  • Resource Limits: Set resource limits to prevent DoS

Dependency Vulnerability Management

Dependency Management Strategies

  • Regular Updates: Regularly update dependencies to latest secure versions
  • Automated Scanning: Integrate SCA into CI/CD pipelines
  • Vulnerability Alerts: Set up alerts for new vulnerabilities
  • Version Pinning: Pin specific versions to prevent unexpected updates
  • Lock Files: Use lock files to ensure reproducible builds
  • Supply Chain Security: Verify package integrity and provenance

SBOM (Software Bill of Materials)

  • What is SBOM: Formal inventory of software components and dependencies
  • SBOM Formats: SPDX, CycloneDX, SWID tags
  • SBOM Benefits: Vulnerability tracking, license compliance, supply chain security
  • SBOM Tools: Syft, Trivy, Microsoft SBOM Tool, CycloneDX tools

Supply Chain Security

  • Package Integrity: Verify package signatures and checksums
  • Provenance: Track package origin and build process
  • Signed Artifacts: Use signed packages and container images
  • Dependency Pinning: Pin to specific verified versions
  • Private Registries: Use private registries for sensitive packages
  • Reproducible Builds: Ensure builds are reproducible and verifiable

Common Vulnerability Tools

Snyk

  • Features: SCA, SAST, container scanning, IaC scanning
  • Integration: CI/CD, IDEs, package managers, registries
  • Languages: JavaScript, Python, Java, Go, Ruby, PHP, .NET
  • Use Cases: Developer-first security, automated scanning, remediation

Trivy

  • Features: Container scanning, file scanning, dependency scanning
  • Integration: CI/CD, container registries, Kubernetes
  • Languages: Supports multiple languages and package managers
  • Use Cases: DevSecOps, container security, infrastructure scanning

OWASP ZAP

  • Features: Automated and manual web application security testing
  • Integration: CI/CD, browsers, proxies
  • Capabilities: Spidering, scanning, fuzzing, authentication testing
  • Use Cases: DAST, web application security, penetration testing

SonarQube

  • Features: Code quality, security analysis, technical debt tracking
  • Integration: CI/CD, IDEs, build tools
  • Languages: 25+ programming languages
  • Use Cases: Code quality, security, technical debt management

Grype

  • Features: Container image and filesystem vulnerability scanning
  • Integration: CI/CD, container registries
  • Vulnerability Database: Uses Grype vulnerability database
  • Use Cases: Container security, DevSecOps pipelines

Vulnerability Scanning Best Practices

Scanning Strategy

  • Shift Left: Scan early and often in the development lifecycle
  • Automate: Integrate scanning into CI/CD pipelines
  • Multiple Tools: Use multiple tools for comprehensive coverage
  • Regular Scans: Schedule regular scans for production systems
  • False Positive Management: Establish process for managing false positives
  • Prioritization: Prioritize vulnerabilities based on risk and exploitability

Remediation Process

  • Triage: Categorize vulnerabilities by severity and risk
  • Prioritize: Prioritize based on CVSS score, exploitability, and business impact
  • Remediate: Fix vulnerabilities or apply mitigations
  • Verify: Verify that remediation was successful
  • Monitor: Monitor for new vulnerabilities
  • Report: Report on vulnerability status and trends