Welcome back to our five-part series on client-side security approaches. For those of you who are new to this series, there are five approaches to client-side security:
- Web Application Firewalls
- Content Security Policy
- Penetration Testing, Vulnerability Assessments and Security Assessments
- Client-side Vulnerability Scanning
In this blog I’m going to cover the use and limitations of vulnerability scanning for client-side security. Let’s start with the absolute basics. First, let’s take a deeper dive into a few key questions. (If you are a seasoned security expert, please skip ahead.)
What is a (Software) Vulnerability?
Simply put, a software vulnerability is an error or defect in software. Threat actors and hackers love to scan networks, systems, applications, and software to find vulnerabilities so that they could perhaps use them to gain control of the system or software. Vulnerabilities stem from the way the software is designed. For example, there could be a flaw in the way the application or software was coded, errors could have appeared in a software update or release unexpectedly, or code errors could have been injected inadvertently when first- or third-party code was added to the software or application.
What is Vulnerability Management?
Vulnerability management is the continuous process of identifying, analyzing, prioritizing, and remediating weak points in an organization’s cybersecurity posture. Vulnerabilities include potential exposures or risks that need to be mitigated to ensure threat actors cannot exploit them to access the network for malicious purposes.
What can Vulnerability Scanners do?
There are quite a few vulnerability scanning products on the market today, many of which have been around for a long time. These tools are designed to scan and assess computers, software, applications, servers, and networks to uncover known weaknesses (a.k.a. vulnerabilities) that could be used for malicious purposes by hackers. Vulnerability scanners are used to identify and detect vulnerabilities arising from misconfigurations or flawed programming within network-based assets such as firewalls, routers, web servers, application servers, and more.
Cybersecurity teams deploy vulnerability scanners to find potential inroads hackers could use to breach their networks and defenses. Once a vulnerability has been found, vulnerability management and security teams then patch the vulnerabilities with software updates. If vendor software updates are not available, security teams find ways to reduce the potential harm or cyber risk they might incur if a hacker attempts to breach their network using the vulnerability as their entrypoint.
What Typical Vulnerability Scanners are Able to See and Scan
What Client-side Security Technologies (Like Feroot Inspector) are Able to See and Scan
Client-side security technologies, like Feroot Inspector, use synthetic user actions to replicate actual user behavior on a webpage, including the ability to execute custom user journey scenarios. Similar to the image below, client-side security technologies are able to pick up more than 50 active scripts. Needless to say, there is a massive detection gap that leaves businesses vulnerable to client-side cyber attacks.
Are Vulnerability Scanners Useful for Client-side Security?