Penetration Testing

Penetration testing vs Vulnerability assessment

What is Vulnerability assessment?

  • Identify the security loopholes in a network or systems
  • Estimate how susceptible the network is to different vulnerabilities           

3 different ways to scan the network: -

  • Network scanning - Network scanning involves detecting all active hosts on a network and mapping them to their IP addresses. Port scanning refers to the process of sending packets to specific ports on a host and analyzing the responses to learn details about its running services or locate potential vulnerabilities.
  • Authenticated scanning - An authenticated security scan is vulnerability testing performed as a logged-in (authenticated) user. The method is also known as logged-in scanning. ... The method finds many vulnerabilities that cannot be detected through an unauthenticated scan.

Penetration Test-Seclude High Risk Web Targets

Penetration Test-Seclude High Risk Web Targets

Many a times while conducting a penetration test for a client with large infrastructure, subnets ranging from /16 to /19 (CIDR notation), it is required to determine the web applications that are running on ports 80, 443 (and other non-standard ports). The tool Eyewitness can be used to capture screenshots of web applications, server header information, to identify default credentials and instances of directory listing. This tool creates a report in .html format. It enables a pen-tester to concentrate on important and high risk targets rather than spending time opening applications in web browser. 

Please refer to below link for EyeWitness 2.0 Release and User Guide:

Crowdsourcing Cyber Security - The Next Generation Penetration Testing

Crowdsourcing Cyber Security - The Next Generation Penetration Testing

It was few years ago I was associated with one e-commerce company as a security consultant for an implementation program. At that time, I came to know about how important security is for them. All our big bosses, Confidentiality, Integrity and Availability are equally important for their business. At any point of time, if a data breach happens for example if the hackers get access to the saved credit card data, it will have a huge impact to the customers and thereby their reputation. If the website is down for few minutes, that will also result in huge loss.

Web Application Pen Testing KPIs

Web Application Pen Testing KPIs

Customers expect web applications to provide significant functionality and data access. Apart from the customer facing application, the internal web application is built using more commonly used business tools within any organization. Unfortunately, there is no "patch Tuesday" for custom web applications, so the historical data states that web application flaws play a major role in significant breaches and intrusions. Hackers mostly focus on these high value targets either by directly abusing internet hosted applications or by focusing on web application as targets after an initial break-in.

So to continuously improve enterprise security posture, effective testing strategies need to be developed, effective use of your personnel, most effective use of pen test results to remediate issues and improve processes. The goal of penetration testing is to accomplish business goals, not just check for random holes. 

The VA/PT Conundrum!

The VA/PT Conundrum!

I ran into an excellent presentation done by Ernest Lopez & Matt Linton of NASA on the VA/PT debate. As I delve into this rather innocuous sounding issue, let me tell you that it is not. As a responsible security team we have absolute nightmares when this term is used interchangeably and we have to assume on behalf of the customer as to what it could be!

My educated hunch on why this happens:

 1. Lack of awareness of what constitutes a security assessment, just that one is required!

 2. PT or penetration testing as a term is less technical than a VA – Vulnerability assessment!

 3. The industry accepted notation of them is “VA/PT” which suggests that they are interchangeable terms!

 4. Security teams for the fear of losing business do not dare to differentiate between the two!

Painful aspect of Penetration Testing

A penetration testing exercise is always filled with challenges – both for the organization who is to undergo this and the team/organization who is conducting this. Both have different perspective of the challenges. The organization requesting a penetration test has to worry about its objective, scoping, vendor selection, planning and so on while the organization/team conducting the penetration test will have its own set of challenges in the form of selecting the right framework, planning and executing a controlled attack and more. One aspect which is common to both organization and team is – how do we ensure that there is no business disruption or at the least limited performance impact on the target network or systems due to the penetration test.

Subscribe to RSS - Penetration Testing