Network Security Testing

Transcription

1 Network Security Testing Are There Really Different Types of Testing? July 28, 2015 Start Time: 9 am US Pacific / 12 noon US Eastern / 5 pm London Time #ISSAWebConf WebCONFERENCES

2 Network Security Testing Are There Really Different Types of Testing? Brought to you by: #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 2

3 Network Security Testing Are There Really Different Types of Testing? Welcome Conference Moderator Jorge Orchilles Vice President, South Florida ISSA July 28, 2015 Start Time: 9 am US Pacific 12 noon US Eastern 5 pm London Time #ISSAWebConf WebCONFERENCES

4 Speaker Introduction John Kindervag Vice President & Principal Analyst, Forrrester Research Eric Raisters CISSP, CSSLP Ira Winkler President, Secure Mentem, CISSP Donald Shin Sr. Technical Business Development Manager, IXIA To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 4

5 Network Security Testing Are There Really Different Types of Testing? +1 Materials omitted due to licensing and reproduction rights. #ISSAWebConf John Kindervag Vice President, Principal Analyst serving Security & Risk Professionals at Forrester Research WebCONFERENCES

6 Network Testing Are There Really Different Types of Testing?

7 Network Security Testing Are There Really Different Types of Testing? #ISSAWebConf Eric Raisters CISSP, CSSLP WebCONFERENCES

8 Pen Test Basics Approach SUT as an attacker Process (from SANS Ethical Hacking) Planning Scoping Reconnaissance Scanning Exploitation Documentation/Reporting Network Testing Are There Really Different Types of Testing? 8

9 Pen Test Purpose Approach SUT as an attacker In-house developed apps/services White-box testing Deployed systems/purchased products Includes virtual servers and cloud deployments Network Testing Are There Really Different Types of Testing? 9

10 Pen Test Types SUT object Network mis-configs, weak settings Web apps/services OWASP Top 10 Mobile apps/services permissions, data leakage Attack methods Known vulnerability scans - automated Exploitation proof - manual Network Testing Are There Really Different Types of Testing? 10

11 Pen Test Toolkits Kali Linux Samurai Web Test Framework Pwnie Express Network Testing Are There Really Different Types of Testing? 11

12 Vulnerability Scan Look for known vulnerabilities Nessus (OpenVAS) Nexpose Core Impact Burp Suite (free and commercial) Zed Attack Proxy (OWASP) Network Testing Are There Really Different Types of Testing? 12

13 Network Exploits Prove a found vulnerability is exploitable Metasploit (freed and commercial) CANVAS Network Testing Are There Really Different Types of Testing? 13

14 Web App Exploits Burp Suite (free and commercial) Zed Attack Proxy (OWASP) Paros proxy w3af Netsparker Network Testing Are There Really Different Types of Testing? 14

15 Android Exploits Pwnie Express zanti Hackcode AndroRAT Network Testing Are There Really Different Types of Testing? 15

16 iphone Exploits Standard Linux pentest tools inalyser Network Testing Are There Really Different Types of Testing? 16

17 Summary Pen testing is important Vulnerability scans are not enough Exploit testing proves that a vulnerability is important enough to fix Consider contracting experts Consider a bug bounty program If you don t do it, the hackers will Network Testing Are There Really Different Types of Testing? 17

18 Resources sectools.org n0where.net/directory OWASP.prg kali.org Eric Raisters Network Testing Are There Really Different Types of Testing? 18

19 Thank you! Network Testing Are There Really Different Types of Testing? 19

20 Question and Answer Eric Raisters CISSP, CSSLP #ISSAWebConf To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 20

21 Thank You Eric Raisters CISSP, CSSLP #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 21

22 Network Security Testing Are There Really Different Types of Testing? #ISSAWebConf Ira Winkler President, Secure Mentem, CISSP WebCONFERENCES

23 Copyright Secure Mentem Network Testing Are There Really Different Types of Testing? 23

24 Network Testing Are There Really Different Types of Testing? 24

25 Network Testing Are There Really Different Types of Testing? 25

26 Copyright Secure Mentem Network Testing Are There Really Different Types of Testing? 26

27 Copyright Secure Mentem Network Testing Are There Really Different Types of Testing? 27

28 Copyright Secure Mentem Network Testing Are There Really Different Types of Testing? 28

29 Network Testing Are There Really Different Types of Testing? 29

30 Copyright Secure Mentem Network Testing Are There Really Different Types of Testing? 30

31 Copyright Secure Mentem Network Testing Are There Really Different Types of Testing? 31

32 Network Testing Are There Really Different Types of Testing? 32

33 Network Testing Are There Really Different Types of Testing? 33

34 Network Testing Are There Really Different Types of Testing? 34

35 Network Testing Are There Really Different Types of Testing? 35

36 Network Testing Are There Really Different Types of Testing? 36

37 Network Testing Are There Really Different Types of Testing? 37

38 Thank You Network Testing Are There Really Different Types of Testing? 38

39 Question and Answer Ira Winkler President, Secure Mentem, CISSP #ISSAWebConf To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 39

40 Thank You Ira Winkler President, Secure Mentem, CISSP #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 40

41 Network Security Testing Are There Really Different Types of Testing? #ISSAWebConf Donald Shin Sr. Technical Business Development Manager, IXIA WebCONFERENCES

42 Network Testing Are There Really Different Types of Testing? 42

43 Network Testing Are There Really Different Types of Testing? 43

44 Network Testing Are There Really Different Types of Testing? 44

45 Network Testing Are There Really Different Types of Testing? 45

46 Network Testing Are There Really Different Types of Testing? 46

47 Network Testing Are There Really Different Types of Testing? 47

48 Network Testing Are There Really Different Types of Testing? 48

49 Network Testing Are There Really Different Types of Testing? 49

50 Network Testing Are There Really Different Types of Testing? 50

51 Network Testing Are There Really Different Types of Testing? 51

52 Network Testing Are There Really Different Types of Testing? 52

53 Network Testing Are There Really Different Types of Testing? 53

54 Network Testing Are There Really Different Types of Testing? 54

55 Network Testing Are There Really Different Types of Testing? 55

56 Network Testing Are There Really Different Types of Testing? 56

57 Network Testing Are There Really Different Types of Testing? 57

58 Network Testing Are There Really Different Types of Testing? 58

59 Network Testing Are There Really Different Types of Testing? 59

60 Network Testing Are There Really Different Types of Testing? 60

61 Network Testing Are There Really Different Types of Testing? 61

62 Network Testing Are There Really Different Types of Testing? 62

63 Question and Answer Donald Shin Sr. Technical Business Development Manager IXIA #ISSAWebConf To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 63

64 Thank You Donald Shin Sr. Technical Business Development Manager IXIA #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 64

65 Open Panel with Audience Q&A John Kindervag Vice President & Principal Analyst, Forrester Research Eric Raisters CISSP, CSSLP Ira Winkler President, Secure Mentem, CISSP Donald Shin Sr. Technical Business Development Manager, IXIA To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 65

66 Closing Remarks Thank You Thank you Citrix for donating the Webcast service #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 66

67 CPE Credit Within 24 hours of the conclusion of this webcast, you will receive a link via to a post Web Conference quiz. After the successful completion of the quiz you will be given an opportunity to PRINT a certificate of attendance to use for the submission of CPE credits. On-Demand Viewers Quiz Link: Conference-July Network-Security-Testing-Are- There-Really-Different-Types-of-Testing #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 67