WEBVTT

1
00:00:00.150 --> 00:00:01.170
In this lesson,

2
00:00:01.170 --> 00:00:04.380
we will learn about post-deployment testing.

3
00:00:04.380 --> 00:00:08.250
Post-deployment testing is used to evaluate software

4
00:00:08.250 --> 00:00:11.700
after it has been released into a live environment

5
00:00:11.700 --> 00:00:15.690
to identify and address any security vulnerabilities

6
00:00:15.690 --> 00:00:17.520
and performance issues.

7
00:00:17.520 --> 00:00:20.370
Post-deployment testing concepts include

8
00:00:20.370 --> 00:00:22.980
software vulnerability analysis

9
00:00:22.980 --> 00:00:27.300
and Runtime Application Self-Protection, or RASP.

10
00:00:27.300 --> 00:00:30.960
Let's learn more about software vulnerability analysis

11
00:00:30.960 --> 00:00:34.110
and Runtime Application Self-Protection.

12
00:00:34.110 --> 00:00:37.890
First, we have software vulnerability analysis.

13
00:00:37.890 --> 00:00:41.430
Software vulnerability analysis identifies

14
00:00:41.430 --> 00:00:45.660
security weaknesses that exist within a live environment.

15
00:00:45.660 --> 00:00:49.290
The primary objective of vulnerability analysis is

16
00:00:49.290 --> 00:00:51.810
to find and address vulnerabilities

17
00:00:51.810 --> 00:00:56.370
that attackers could exploit before any exploitation occurs.

18
00:00:56.370 --> 00:00:58.980
This analysis process involves

19
00:00:58.980 --> 00:01:01.110
scanning a deployed application

20
00:01:01.110 --> 00:01:03.270
and its surrounding infrastructure

21
00:01:03.270 --> 00:01:04.980
for known vulnerabilities,

22
00:01:04.980 --> 00:01:08.760
such as unpatched software, misconfigurations,

23
00:01:08.760 --> 00:01:10.590
or insecure code.

24
00:01:10.590 --> 00:01:14.550
By performing vulnerability analysis after deployment,

25
00:01:14.550 --> 00:01:17.730
security teams can continuously monitor

26
00:01:17.730 --> 00:01:19.770
and protect the application

27
00:01:19.770 --> 00:01:23.130
as new threats and vulnerabilities emerge.

28
00:01:23.130 --> 00:01:25.830
A variety of tools can be used

29
00:01:25.830 --> 00:01:28.530
for software vulnerability analysis.

30
00:01:28.530 --> 00:01:30.960
For example, OpenVAS is

31
00:01:30.960 --> 00:01:33.510
an open-source vulnerability scanner

32
00:01:33.510 --> 00:01:36.660
used to identify software vulnerabilities

33
00:01:36.660 --> 00:01:41.400
across various systems, networks, and applications.

34
00:01:41.400 --> 00:01:45.900
OpenVAS can detect weaknesses such as outdated software,

35
00:01:45.900 --> 00:01:49.470
insecure configurations, and missing patches.

36
00:01:49.470 --> 00:01:52.560
OpenVAS also provides detailed reports

37
00:01:52.560 --> 00:01:54.990
to help prioritize remediation.

38
00:01:54.990 --> 00:01:58.920
It is highly effective for continuous monitoring of systems

39
00:01:58.920 --> 00:02:00.360
by regularly scanning

40
00:02:00.360 --> 00:02:03.540
for new vulnerabilities as they emerge.

41
00:02:03.540 --> 00:02:07.680
This is important because vulnerabilities can be identified

42
00:02:07.680 --> 00:02:10.110
after a system has been deployed.

43
00:02:10.110 --> 00:02:12.390
New threats can be discovered

44
00:02:12.390 --> 00:02:16.830
or changes in configurations may create vulnerabilities.

45
00:02:16.830 --> 00:02:20.910
So regular scans are essential for maintaining security.

46
00:02:20.910 --> 00:02:25.020
Regularly scheduling scans with tools like OpenVAS helps

47
00:02:25.020 --> 00:02:28.590
organizations catch and address evolving risks

48
00:02:28.590 --> 00:02:30.510
before they are exploited.

49
00:02:30.510 --> 00:02:34.650
For instance, OpenVAS can be configured automatically

50
00:02:34.650 --> 00:02:38.520
to run vulnerability scans on a recurring basis,

51
00:02:38.520 --> 00:02:41.130
ensuring that any new vulnerabilities

52
00:02:41.130 --> 00:02:45.570
or vulnerabilities above a severity threshold are flagged.

53
00:02:45.570 --> 00:02:47.220
Without recurring scans,

54
00:02:47.220 --> 00:02:50.070
even previously secure environments become

55
00:02:50.070 --> 00:02:51.630
vulnerable over time,

56
00:02:51.630 --> 00:02:54.330
particularly when new software updates

57
00:02:54.330 --> 00:02:58.290
or third-party components introduce new risks.

58
00:02:58.290 --> 00:03:02.370
But vulnerability analysis has its weaknesses.

59
00:03:02.370 --> 00:03:04.140
One of the main challenges is

60
00:03:04.140 --> 00:03:08.250
that many tools rely on databases of known vulnerabilities,

61
00:03:08.250 --> 00:03:11.700
meaning they may not detect zero-day vulnerabilities.

62
00:03:11.700 --> 00:03:15.570
A zero-day vulnerability is a new and unknown threat.

63
00:03:15.570 --> 00:03:17.760
Because they are unknown threats,

64
00:03:17.760 --> 00:03:20.820
documentation and patches don't exist.

65
00:03:20.820 --> 00:03:23.820
Additionally, vulnerability scanners can generate

66
00:03:23.820 --> 00:03:26.670
false positives, which are flagged issues

67
00:03:26.670 --> 00:03:28.980
that do not actually pose a threat.

68
00:03:28.980 --> 00:03:32.790
These false alarms can slow down the remediation process

69
00:03:32.790 --> 00:03:36.360
as security teams investigate known issues.

70
00:03:36.360 --> 00:03:38.340
Now, let's take a quick pause

71
00:03:38.340 --> 00:03:41.160
to see how OpenVAS can be configured

72
00:03:41.160 --> 00:03:43.470
to conduct recurring scans.

73
00:03:43.470 --> 00:03:46.710
I am using a Kali Linux virtual machine

74
00:03:46.710 --> 00:03:49.650
with OpenVAS installed.

75
00:03:49.650 --> 00:03:53.190
First, let's create a new target.

76
00:03:53.190 --> 00:03:57.570
In the Configuration menu, I'll select Targets.

77
00:03:57.570 --> 00:04:00.843
Then I'm going to select New Target.

78
00:04:01.770 --> 00:04:05.970
Creating a target tells OpenVAS what to scan.

79
00:04:05.970 --> 00:04:09.420
This ensures we define which servers, networks,

80
00:04:09.420 --> 00:04:13.200
or applications will be checked for vulnerabilities.

81
00:04:13.200 --> 00:04:14.700
In this example,

82
00:04:14.700 --> 00:04:19.700
we're going to scan the entire 192.168.0.0/24 network,

83
00:04:25.740 --> 00:04:30.715
and we'll call this target list myTargets.

84
00:04:37.830 --> 00:04:39.423
And I'll save it.

85
00:04:41.400 --> 00:04:46.113
Next, we need to create a new scan task.

86
00:04:48.210 --> 00:04:52.560
A scan task defines

87
00:04:52.560 --> 00:04:55.983
when and how the scan will be conducted.

88
00:04:57.390 --> 00:05:01.890
I'll start a new task and here we go.

89
00:05:01.890 --> 00:05:03.360
In this example,

90
00:05:03.360 --> 00:05:07.323
we're going to call our scan Weekly Vulnerability Scan.

91
00:05:15.270 --> 00:05:18.030
And we'll load up the target list

92
00:05:18.030 --> 00:05:21.450
we just created, myTargets.

93
00:05:21.450 --> 00:05:24.540
And we'll check that our configuration is set

94
00:05:24.540 --> 00:05:28.560
for a full and fast scan configuration.

95
00:05:28.560 --> 00:05:31.800
Then we need to schedule our weekly scan

96
00:05:31.800 --> 00:05:34.203
by creating a new schedule.

97
00:05:38.130 --> 00:05:42.000
Scheduling our scan helps automate the scanning process,

98
00:05:42.000 --> 00:05:45.090
so OpenVAS will scan our targets

99
00:05:45.090 --> 00:05:48.090
without requiring a manual start.

100
00:05:48.090 --> 00:05:49.650
In this example,

101
00:05:49.650 --> 00:05:51.330
we will schedule our scan

102
00:05:51.330 --> 00:05:56.330
to occur weekly on Saturdays at 1:00 AM UTC.

103
00:05:56.970 --> 00:05:59.440
So I'll select the next Saturday

104
00:06:00.510 --> 00:06:03.990
and set it for 1:00 AM.

105
00:06:03.990 --> 00:06:07.383
And I want it to recur weekly.

106
00:06:08.550 --> 00:06:10.410
And I need to give this a name.

107
00:06:10.410 --> 00:06:12.603
So I'll call it mySchedule.

108
00:06:15.960 --> 00:06:17.673
I'll go ahead and save it.

109
00:06:19.140 --> 00:06:24.030
Next, we could set up alerts for high-level vulnerabilities

110
00:06:24.030 --> 00:06:26.463
by selecting Create a new alert.

111
00:06:27.540 --> 00:06:29.340
In a vulnerability scanner,

112
00:06:29.340 --> 00:06:34.340
setting up email alerts for high-severity vulnerabilities

113
00:06:34.440 --> 00:06:37.140
ensures we are notified immediately

114
00:06:37.140 --> 00:06:40.320
if critical security issues are detected.

115
00:06:40.320 --> 00:06:41.460
In this case,

116
00:06:41.460 --> 00:06:45.693
we'll manually review our results without email alerts.

117
00:06:46.680 --> 00:06:51.060
All right, once everything is configured,

118
00:06:51.060 --> 00:06:52.680
we just need to sit back

119
00:06:52.680 --> 00:06:56.520
and wait for our automatic weekly scans to occur,

120
00:06:56.520 --> 00:07:00.300
and then respond to any vulnerabilities that are detected.

121
00:07:00.300 --> 00:07:02.790
You can see that my scan is created,

122
00:07:02.790 --> 00:07:05.070
it's listed as a new scan.

123
00:07:05.070 --> 00:07:05.903
And over here,

124
00:07:05.903 --> 00:07:08.880
you can see that my scan will next run

125
00:07:08.880 --> 00:07:13.880
on Saturday, November 9th, 2024 at 1:00 AM UTC.

126
00:07:15.660 --> 00:07:16.980
Second, we will talk

127
00:07:16.980 --> 00:07:21.300
about Runtime Application Self-Protection, or RASP.

128
00:07:21.300 --> 00:07:24.240
RASP monitors and protects applications

129
00:07:24.240 --> 00:07:27.090
while they are running in a live environment.

130
00:07:27.090 --> 00:07:29.100
The main objective of RASP is

131
00:07:29.100 --> 00:07:31.320
to provide real-time protection

132
00:07:31.320 --> 00:07:34.770
by analyzing the behavior of the application

133
00:07:34.770 --> 00:07:39.480
and blocking any detected threats or suspicious activity.

134
00:07:39.480 --> 00:07:42.000
Unlike traditional security methods

135
00:07:42.000 --> 00:07:44.190
that focus on perimeter defense

136
00:07:44.190 --> 00:07:46.320
or scanning for vulnerabilities,

137
00:07:46.320 --> 00:07:49.890
RASP operates within the application itself,

138
00:07:49.890 --> 00:07:52.710
allowing it to detect and stop attacks

139
00:07:52.710 --> 00:07:55.740
from inside the runtime environment.

140
00:07:55.740 --> 00:08:00.740
RASP tools, such as Contrast Security or Imperva RASP,

141
00:08:00.900 --> 00:08:04.020
integrate directly into an application

142
00:08:04.020 --> 00:08:06.480
monitoring it for abnormal behavior,

143
00:08:06.480 --> 00:08:09.030
such as unexpected input patterns

144
00:08:09.030 --> 00:08:12.450
or attempts to exploit known vulnerabilities.

145
00:08:12.450 --> 00:08:16.590
In practice, if a Runtime Application Self-Protection,

146
00:08:16.590 --> 00:08:21.590
or RASP tool detects an attempt to execute an SQL injection,

147
00:08:21.660 --> 00:08:24.660
it can immediately block the malicious action

148
00:08:24.660 --> 00:08:27.420
and prevent it from affecting the application.

149
00:08:27.420 --> 00:08:29.940
This makes RASP particularly useful

150
00:08:29.940 --> 00:08:32.250
for addressing new vulnerabilities

151
00:08:32.250 --> 00:08:35.760
or attacks that bypass external security measures

152
00:08:35.760 --> 00:08:38.040
as it provides a layer of protection

153
00:08:38.040 --> 00:08:41.220
based on how the application is actually behaving

154
00:08:41.220 --> 00:08:42.540
in real time.

155
00:08:42.540 --> 00:08:45.450
However, RASP does have some weaknesses.

156
00:08:45.450 --> 00:08:48.570
One potential issue is performance impact.

157
00:08:48.570 --> 00:08:50.460
Performance impact occurs

158
00:08:50.460 --> 00:08:53.640
because RASP operates within the application.

159
00:08:53.640 --> 00:08:57.450
So it can slow down the application's overall performance,

160
00:08:57.450 --> 00:08:59.640
especially in highly complex

161
00:08:59.640 --> 00:09:02.220
or resource-intensive environments.

162
00:09:02.220 --> 00:09:04.650
Additionally, while RASP is excellent

163
00:09:04.650 --> 00:09:06.570
for detecting runtime threats,

164
00:09:06.570 --> 00:09:10.530
it's not a replacement for other forms of security testing,

165
00:09:10.530 --> 00:09:14.070
such as vulnerability scanning or code reviews,

166
00:09:14.070 --> 00:09:17.760
which are needed to address underlying security flaws

167
00:09:17.760 --> 00:09:19.230
before deployment.

168
00:09:19.230 --> 00:09:23.910
So remember, post-deployment testing is essential

169
00:09:23.910 --> 00:09:27.180
for ensuring software security and performance

170
00:09:27.180 --> 00:09:31.380
after the software has been released to a live environment.

171
00:09:31.380 --> 00:09:33.690
Post-deployment testing focuses

172
00:09:33.690 --> 00:09:37.860
on identifying vulnerabilities and protecting applications

173
00:09:37.860 --> 00:09:39.360
in real time.

174
00:09:39.360 --> 00:09:43.740
As an example, software vulnerability analysis helps detect

175
00:09:43.740 --> 00:09:45.570
and address weaknesses

176
00:09:45.570 --> 00:09:49.080
by continuously scanning for security risks

177
00:09:49.080 --> 00:09:51.060
in the deployed application.

178
00:09:51.060 --> 00:09:55.140
Next, Runtime Application Self-Protection, or RASP,

179
00:09:55.140 --> 00:09:57.450
adds another layer of security

180
00:09:57.450 --> 00:10:00.900
by monitoring the application during operation

181
00:10:00.900 --> 00:10:03.393
and blocking threats as they arise.