Application Vulnerability Analysis
Immunity offers specialized attack and assessment services, including penetration testing, application assessments, vulnerability analysis, reverse engineering, architecture review and source code review.Immunity adopts various methods to conduct application vulnerability analysis, always with the goal of actual penetration into the target system(s). Depending on engagement restrictions, Immunity's methods typically include:
target application binary analysis and debugging
Known versus Unknown Vulnerability Testing
Today's world of private vulnerability marketplaces has highlighted the prevalence of unpatched, publicly unknown vulnerabilities. Any good software assessment or penetration test should include testing for known and unknown (or "0day"]) vulnerabilities.
Known vulnerabilities are patched and/or publicly disclosed. Tests for these vulnerabilities are included in commercial and publicly available scanners and exploitation frameworks, however only exploitation frameworks actually verify the existence of these vulnerabilities. Immunity uses CANVAS for this testing, which includes tests for operating system, server service, network device, client-side, and other application vulnerabilities.
Unknown vulnerabilities, or "0day"], are those that that remain undisclosed to the public until they are provided to software vendors and patched, or independently discovered and disclosed in some other public forum. Targeted attacks are usually the result of the use of unknown vulnerabilities.
Immunity usually conducts initial 0day testing for clients by fuzzing Internet-exposed components accessible via the web or other applications. This tests how well the Internet-facing and back-end systems hold up to unexpected input and therefore their likeliness to suffer coding mistakes that translate to vulnerabilities.
Immunity believes vulnerability exploitation is the most reliable method to confirm and demonstrate the presence of a vulnerability. Vulnerability discovery and exploitation are two distinct techniques, with each requiring differing technologies and skill-sets. Exploitation can be as simple as crafting and typing an SQL command into a text box, or as complex as a putting together a multi-step attack that remotely rebuilds some part of the host operating system memory.
Immunity does not use exploits written by third parties, and Immunity's clients take advantage of the high caliber of Immunity consultants to have safe exploits crafted specifically to their environment. The use of publicly available exploits introduces a risk of spreading trojans, viruses and other malicious code "S often included in the exploits themselves by the anonymous writers.
All non-trivial exploits are written by consultants as CANVAS modules to take advantage of CANVAS's attack features, such as remote language detection, accurate fingerprinting, and memory-only shellcode execution.