❝
Attack Surface Management (ASM) is a very popular concept in the security industry in the past two years. It emphasizes that enterprises should discover the assets of enterprises exposed to the Internet from the perspective of attackers, continuously monitor possible security threats, and ultimately eliminate them. purpose of external threats.
❞
01What is attack surface management?
Attack Surface Management (ASM) is a very popular concept in the security industry in the past two years. It emphasizes that enterprises should discover the assets of enterprises exposed to the Internet from the perspective of attackers, continuously monitor possible security threats, and ultimately eliminate them. purpose of external threats.
Attack surface management has some relationship with vulnerability scanning, missed scan management, asset management, and zero-trust products. From a conceptual perspective:
-
ASM emphasizes "continuous discovery" and "continuous scanning"
-
ASM's asset collection is like a knowledge graph, which is gradually completed during the continuous scanning process and has the ability to automatically evolve. Each scan will have better results than the previous one.
-
ASM pays more attention to "exposure" and "asset changes"
Attack surface management is based on total visibility of assets and vulnerabilities and requires “continuous discovery, analysis, remediation, and monitoring of cybersecurity vulnerabilities and potential attack vectors that make up an organization’s attack surface.
Domestic Huashun Xin'an, Changting Technology, Rubik's Cube Security, and Huayun An are all making attack surface management products, but they have never had the opportunity to actually use the products. Some time ago, I saw that Changting launched the Yuntu Express version of the attack surface management tool, which provides a SaaS-based usage. The professional version costs 2,000 yuan per month, and the trial version only costs 5 yuan per month. There were previous activities, and it was a waste. I have been using the professional version for a month, so I tried it directly. Let me briefly talk about my experience!
02 Steps to use Changting Cloud Atlas
The so-called speed version, I understand is a "youth version", the first attack surface management for young people. On top of the privately deployed version, some functions are cut out and provided to small and medium-sized enterprises to meet the needs of SaaS lightweight delivery. need.
Changting Cloud Atlas address: https://rivers.chaitin.cn/landing/atlantis
The interface is relatively small and fresh. The homepage is a Dashboard that displays statistical data. According to Changting’s definition, the data is divided into three categories.
-
"Assets" : business entity, registered main domain name, subdomain name, IP address
-
"Exposed surface" : open ports, websites (actually Web services), Web components
-
"Security risk" : mainly vulnerabilities
When you open it for the first time, the interface prompts you to "enter the corporate entity of the scanned object", and then it will automatically start scanning without doing anything. Yuntu will automatically search for relevant domain name and IP information based on the corporate entity.
In terms of user experience, the design idea of the Changting masters is probably to adopt a minimalist style, which can be used immediately with simple operations (in fact, the "Youth Edition" does not have much room for operation and configuration).
In the scan task, you can see that the cloud image actually divides the scan into 8 steps.
-
"Collect primary domain names" : automatically search for registered domain names based on corporate entities
-
"Collect subdomain names" : use various methods to blast subdomain names based on the main domain name
-
"Collect IP address" : Compare the company's public IP address based on the registration information and domain name information
-
"Detect port openness" : perform a full port scan on the collected IP address
-
"Identify port fingerprint" : Fingerprint rules for open ports to identify the services and version information running on the ports
-
"Identify website" : Run some HTTP protocol-specific rules based on the discovered Web port, such as crawlers, to collect website information.
-
"Identify Web Components" : Create Web fingerprint rules for websites and identify Web components and version information
-
"High-risk vulnerability scanning" : scanning for vulnerabilities
The entire scanning process lasted about half an hour, and the assets found were relatively complete. In the end, 34 vulnerabilities were found, including 4 high-risk vulnerabilities. There were no false positives, but there were several vulnerabilities that had different URLs, but were actually duplicates. Yes, the Changting masters came to fix the bug quickly.
Post a screenshot of the vulnerability details for everyone to see the details.
03Using experience
Overall, the user experience is pretty good, it costs nothing to get started, and some bugs were found in the end.
I originally wanted to experience the Enterprise Edition, but the price of the Enterprise Edition made the author's wallet unbearable. However, judging from the introduction materials, the main differences between the Enterprise Edition and the "Youth Edition" are:
-
The enterprise version has more ways to discover assets. It can automatically find domain names and IP assets by using website icons, web page titles, certificate content and other information as search basis.
-
Supports privatized deployment, is more friendly to enterprises that care about data privacy, and can also be used to scan intranet assets
-
In addition to vulnerabilities, security risks can also be scanned for code leaks, network disk file leaks, library leaks, etc.
Summarize
For enterprises, managing vulnerabilities is only a small part of the daily work of the security department. Manpower is expensive. Tools that can easily detect thousands of vulnerabilities are very troublesome to use. It takes a lot of time to deal with false positives and push them to R&D and rectification. The cost is also very high. Even if it is not a false positive, it is still necessary to determine whether the vulnerability is exploitable on the Internet. Attack surface management solves this problem very well. It is very important to classify and classify and prioritize public vulnerabilities visible on the Internet.
Compared with traditional missed scanning, attack surface management is more accurate, and the output security risks are basically “real exploitable” vulnerabilities.
Compared with traditional missed scans, Yuntu "Youth Edition" is much more friendly to small and medium-sized enterprises that pay attention to real security results. It saves the energy of periodic missed scans and the energy of identifying false alarms. 2000 a month The prices are small change to the business.
In reality, most small and medium-sized enterprises only focus on compliance security and do not even have full-time security engineers. The "Youth Edition" of Yuntu is not necessarily the best choice for these enterprises.
` How to learn hacking & network security
As long as you like my article today, my private network security learning materials will be shared with you for free. Come and see what is available.
1. Learning roadmap
There are a lot of things to learn about attack and defense. I have written down the specific things you need to learn in the road map above. If you can complete them, you will have no problem getting a job or taking on a private job.
2. Video tutorial
Although there are many learning resources on the Internet, they are basically incomplete. This is an Internet security video tutorial I recorded myself. I have accompanying video explanations for every knowledge point in the roadmap above.
The content covers the study of network security laws, network security operations and other security assessments, penetration testing basics, detailed explanations of vulnerabilities, basic computer knowledge, etc. They are all must-know learning contents for getting started with network security.
(They are all packaged into one piece and cannot be expanded one by one. There are more than 300 episodes in total)
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
3. Technical documents and e-books
I also compiled the technical documents myself, including my experience and technical points in participating in large-scale network security operations, CTF, and digging SRC vulnerabilities. There are more than 200 e-books. Due to the sensitivity of the content, I will not display them one by one.
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
4. Toolkit, interview questions and source code
"If you want to do your job well, you must first sharpen your tools." I have summarized dozens of the most popular hacking tools for everyone. The scope of coverage mainly focuses on information collection, Android hacking tools, automation tools, phishing, etc. Interested students should not miss it.
There is also the case source code and corresponding toolkit mentioned in my video, which you can take away if needed.
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
Finally, here are the interview questions about network security that I have compiled over the past few years. If you are looking for a job in network security, they will definitely help you a lot.
These questions are often encountered when interviewing Sangfor, Qi Anxin, Tencent or other major companies. If you have good questions or good insights, please share them.
Reference analysis: Sangfor official website, Qi’anxin official website, Freebuf, csdn, etc.
Content features: Clear organization and graphical representation to make it easier to understand.
Summary of content: Including intranet, operating system, protocol, penetration testing, security service, vulnerability, injection, XSS, CSRF, SSRF, file upload, file download, file inclusion, XXE, logical vulnerability, tools, SQLmap, NMAP, BP, MSF…
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.