Using Components with known vulnerabilities
Sometimes, while developing application older version of framework or older version of dependence software's are used. These older software’s might have open CVE’s and vulnerable to multiple attacks.
Steps to test:
Step 1: Identify the software/framework version by referring to config files or via other information gathering techniques as shown in below figure. If you are testing internal application then request the product team for the tech stack information which includes details of all software’s and their versions used by application.
Step 2: For all the identified framework/software versions, check for open CVE’s in google. If open CVE’s are found then report the issue.
Remediation: Upgrade all the framework/software’s used in the application to latest stable version.
!! Happy Learning !!