Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

engitech@oceanthemes.net

+1 -800-456-478-23

white box penetration testing
Published:
December 14, 2023
Category:
Web application
Client:
KNIME

Organization

KNIME Analytics Platform is an open-source data science platform that enables users to create, execute, and manage data science workflows without writing any code. In order to use the KNIME Analytics Platform effectively, KNIME provides a wide range of nodes and connectors for free that can be used to perform various data science tasks, including data preparation, machine learning, and data visualization. Users and organizations can benefit from the KNIME Analytics Platform more by purchasing the KNIME  Business Hub or a subscription to the KNIME Community Hub and connecting it with the KNIME Analytics Platform. KNIME  Hub is used by many organizations, including Fortune 500 companies, startups, and government agencies. KNIME Hub is a powerful and versatile data science platform that can solve a wide range of problems. It is easy to use, scalable, and extensible.

Here are some of the benefits of using KNIME:

  • Easy to use: The KNIME Analytics Platform is a visual workflow editor, so users can create and execute data science workflows without writing any code.
  • Scalable: KNIME  Hub allows scaling to handle large datasets and complex workflows.
  • Extensible: The KNIME Analytics Platform is extensible, so users can add new nodes and connectors to meet their needs.

Challenges

KNIME  Hub is a powerful and versatile data science platform, but it is not without its challenges. With the KNIME  Hub of a one-of-a-kind nature and high scalability and capabilities, it is used by big organizations in critical areas. Due to this uniqueness and versatility, it has a wide attack surface that could have contained high-severity vulnerabilities. 

Multiple dangerous scenarios could be possible when a threat actor identifies appropriate vulnerabilities such as:

  • Harm users or organizations that are using the KNIME Hub
  • Alter the container images on the backend server to do malicious activities on other cluster components
  • Access internal network components and navigate using the internal proxy nodes
  • Spoof users of the platform
  • Steal AWS metadata identity-credentials
  • Using functionalities unlimitedly so the backend server might overload
  • Breaking authorization mechanism by leveraging JWT vulnerabilities

Process

We conducted several penetration tests for the KNIME  Hub while also using a KNIME Analytics Platform. Since it is a high-tech data science platform, setting up a penetration testing environment is relatively harder because of KNIME’s complex internal technological structure.

Here is the step-by-step execution for each security assessment:

  • KNIME set up the testing environment for us which was an exact replica of the production environment.
  • KNIME gave the Zigrin Security team access to the backend Kubernetes cluster because the security assessment was conducted as a white-box penetration test approach.
  • The Zigrin Security team installed and configured the KNIME Analytics Platform.
  • The Zigrin Security team started the penetration test and tried to find vulnerabilities that could harm users and organizations that use the KNIME Community/Business Hub and Analytics platform.
  • Zigrin Security reported vulnerabilities to KNIME during the penetration tests with a secure channel. Also, at the end of the penetration test customer received a detailed report with discovered vulnerabilities, remediation actions, an executive summary, and more. 
  • After receiving the penetration testing report, KNIME fixed the reported vulnerabilities.
  • The descriptions for some of the vulnerabilities were disclosed here a couple of weeks after the new version with the patched vulnerability was released.

Solution

There are different ways of discovering vulnerabilities in such an organization. We chose a few that had the best chance of finding vulnerabilities:

  • White-box penetration test – This approach is usually the best for simulating attacks by authorized insiders with knowledge of the target system.
  • Auditing cluster structure – We conducted audits of cluster structure both manually and with automated tools in order to find possible misconfigurations or vulnerabilities.
  • Past vulnerabilities – Looking for security issues found in previous tests. Retesting previously found vulnerabilities is as important as finding new vulnerabilities since detecting a vulnerability does not solve security risks. Vulnerabilities should be remediated as soon as possible if remediation does not affect business.

Avoided damages

Stealing AWS Metadata Identity-Credentials

Stealing sensitive information about user sessions and credentials

Accessing internal network from executor containers

Summary

During the security assessment, we conducted several penetration tests and found multiple vulnerabilities including 2 High severity vulnerabilities. In line with KNIME’s needs, we examined cluster structure deeply. To conduct a good cluster examination, we studied the latest vulnerabilities and attacks before starting the security assessments. Another key point we delivered for KNIME is that we shaped the testing method aligning to their requests for specific functionalities and components of the application. Through the penetration tests, we always communicated our findings with KNIME using a secure channel. At the end of each penetration test, we prepared a comprehensive penetration testing report including a description of techniques and tactics we used and tested during the penetration test aside from discovered findings.

SEE WHAT THIS PROJECT COULD LOOK LIKE AT YOUR COMPANY