Credentialless External Assessment
Credentialless External Assessment is a security evaluation method that assesses an organization's security posture from an attacker's perspective without using login credentials or access to internal systems.
Here's a breakdown of the key elements:
External Perspective: The assessment simulates a real-world attack by focusing on vulnerabilities and information accessible to an attacker from the outside, typically via the internet.
Without Credentials: This is the defining characteristic. The assessment does not involve:
Usernames and passwords
API keys
Any form of authentication
Assessment Focus: The assessment aims to identify potential weaknesses that an attacker could exploit to:
Gain unauthorized access
Obtain sensitive information
Disrupt operations
Techniques Used: Credential-less external assessments often use methods such as:
Open-source intelligence (OSINT) gathering
Network scanning
Vulnerability scanning of publicly accessible systems
Web application analysis
Goal: The goal is to understand the organization's attack surface and identify exploitable vulnerabilities on its external perimeter.
ThreatNG is designed to conduct Credential-less external assessments, focusing on externally accessible information and potential vulnerabilities.
External Discovery: A key aspect of Credential-less assessment is examining what's visible from the outside. ThreatNG excels in this by performing purely external unauthenticated discovery using no connectors. This means it gathers information without needing any access credentials.
External Assessment: ThreatNG's assessment capabilities align with a Credential-less approach. It evaluates an organization's security posture using information obtainable from the outside:
It assesses Web Application Hijack Susceptibility and Subdomain Takeover Susceptibility by analyzing externally accessible web application components and domain information.
It derives various susceptibility scores (e.g., BEC & Phishing, Brand Damage, Data Leak) from external data sources like Sentiment and Financials Findings, Domain Intelligence, and Dark Web Presence.
It determines Cyber Risk Exposure by considering externally visible parameters like certificates, subdomain headers, vulnerabilities, and sensitive ports. It also factors in code secret exposure by discovering code repositories and their exposure level.
It evaluates Cloud and SaaS Exposure, which involves assessing externally facing cloud services and SaaS solutions.
It assesses Mobile App Exposure by discovering mobile apps in marketplaces.
Reporting: ThreatNG provides reports (e.g., Executive, Technical) summarizing findings from the credentials external assessment and highlighting external risks and vulnerabilities.
Continuous Monitoring: ThreatNG's continuous monitoring of external attack surface, digital risk, and security ratings aligns with the ongoing nature of security assessments. It provides ongoing information on the organization’s external security posture.
Investigation Modules: ThreatNG's investigation modules gather and analyze external information relevant to Credential-less assessment:
Domain Intelligence: Provides a broad overview and detailed information on domains.
IP Intelligence: Provides information on IPs, Shared IPs, ASNs, Country Locations, and Private IPs.
Certificate Intelligence: Provides information on TLS Certificates and Associated Organizations.
Social Media: Gathers posts from the organization under investigation.
Sensitive Code Exposure: Discovers public code repositories and related risks.
Mobile Application Discovery: Discovers mobile apps and their contents.
Search Engine Exploitation: Helps users investigate an organization’s susceptibility to exposing information via search engines.
Cloud and SaaS Exposure: Identifies cloud service implementations.
Online Sharing Exposure: Identifies organizational entity presence within online code-sharing platforms.
Sentiment and Financials: This covers organizational-related information like lawsuits and SEC filings.
Archived Web Pages: Provides access to archived web pages.
Dark Web Presence: Covers organizational mentions, associated ransomware events, and compromised credentials.
Technology Stack: Identifies the technologies used by the organization.
Intelligence Repositories: ThreatNG uses intelligence repositories that include data relevant to external threats and vulnerabilities.
Work with Complementary Solutions: While specific integrations aren't detailed, ThreatNG's data can be used with other security tools to enhance external security assessments.
