Penetration Testing. Types Black Box. Methods Automated Manual Hybrid. oless productive, more difficult White Box

Similar documents
(WAPT) Web Application Penetration Testing

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Application Security Testing

Introduction to Penetration Testing Graham Weston

Redhawk Network Security, LLC Layton Ave., Suite One, Bend, OR

ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.

Security Testing. Vulnerability Assessment vs Penetration Testing. Gabriel Mihai Tanase, Director KPMG Romania. 29 October 2014

Rational AppScan & Ounce Products

Web Application Penetration Testing

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

Penetration Testing Workshop

Excellence Doesn t Need a Certificate. Be an. Believe in You AMIGOSEC Consulting Private Limited

Security and Vulnerability Testing How critical it is?

Learning objectives for today s session

Criteria for web application security check. Version

Network Security Audit. Vulnerability Assessment (VA)


Penetration Testing in Romania

Ethical Hacking as a Professional Penetration Testing Technique

Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins

CYBERTRON NETWORK SOLUTIONS

Client logo placeholder XXX REPORT. Page 1 of 37

Application Security Testing. Generic Test Strategy

Threat Intelligence Pty Ltd Specialist Security Training Catalogue

Bust a cap in a web app with OWASP ZAP

Conducting Web Application Pentests. From Scoping to Report For Education Purposes Only

SCOPING QUESTIONNAIRE FOR PENETRATION TESTING

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur

HTExploit: Bypassing htaccess Restrictions

Building a Robust Web Application Security Plan

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

Penetration Testing: Lessons from the Field

EXTRA. Vulnerability scanners are indispensable both VULNERABILITY SCANNER

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Mobile Application Hacking for ios. 3-Day Hands-On Course. Syllabus

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Learn Ethical Hacking, Become a Pentester

elearning for Secure Application Development

Information Security. Training

NETWORK PENETRATION TESTS FOR EHR MANAGEMENT SOLUTIONS PROVIDER

Hack Proof Your Webapps

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited

Mobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus

Integrating Web Application Security into the IT Curriculum

About Effective Penetration Testing Methodology

CRYPTUS DIPLOMA IN IT SECURITY

Penetration Testing with Kali Linux

The Top Web Application Attacks: Are you vulnerable?

Black Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

Penetration Testing. University of Sunderland CSEM02 Harry R Erwin, PhD

Attack and Penetration Testing 101

Information Security Services

ASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION

INFORMATION SECURITY TRAINING CATALOG (2015)

Security vulnerabilities in new web applications. Ing. Pavol Lupták, CISSP, CEH Lead Security Consultant

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

METHODS TO TEST WEB APPLICATION SCANNERS

CEH Version8 Course Outline

SAST, DAST and Vulnerability Assessments, = 4

A Network Administrator s Guide to Web App Security

Using Free Tools To Test Web Application Security

Scoping Questionnaire for Penetration Testing

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. abechtsoudis (at) ieee.

Security-as-a-Service (Sec-aaS) Framework. Service Introduction

Newsletter - September T o o l s W a t c h T e a m NJ OUCHN & MJ SOLER

EVALUATING COMMERCIAL WEB APPLICATION SECURITY. By Aaron Parke

Lecture 11 Web Application Security (part 1)

JVA-122. Secure Java Web Development

EC-Council Certified Security Analyst (ECSA)

Penetration Testing. Presented by

HackMiami Web Application Scanner 2013 PwnOff

How To Test For Security On A Network Without Being Hacked

Penetration Testing. Presented by: Elham Hojati Advisor: Dr. Akbar Namin July 2014

Web App Security Audit Services

Hackers are here. Where are you?

Web Application Security

SENSITIVE AUSTRALIAN SPORTS COMMISSION ATHLETE MANAGEMENT SYSTEM (AMS) SMARTBASE SECURITY TEST PLAN. Final. Version 1.0

State of The Art: Automated Black Box Web Application Vulnerability Testing. Jason Bau, Elie Bursztein, Divij Gupta, John Mitchell

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

Security Test s i t ng Eileen Donlon CMSC 737 Spring 2008

Threat Modeling. A workshop on how to create threat models by creating a hands-on example

Attack Frameworks and Tools

Guidelines for Web applications protection with dedicated Web Application Firewall

Expert Services Group (Security Testing) Nilesh Dasharathi Sadaf Kazi Aztecsoft Limited

Cross Site Scripting in Joomla Acajoom Component

A Biologically Inspired Approach to Network Vulnerability Identification

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Introduction:... 1 Security in SDLC:... 2 Penetration Testing Methodology: Case Study... 3

A Penetration Testing Maturity and Scoring Model

Web Application Vulnerability Testing with Nessus

We ve been hacked! We did it! Rick Grandy Lockheed Martin Hanford Site

Transcription:

Penetration Testing

Penetration Testing Types Black Box oless productive, more difficult White Box oopen, team supported, typically internal osource available Gray Box (Grey Box) omixture of the two Methods Automated Manual Hybrid

Penetration Testing We are considering White Hat hacking Ethical hacking But to do that, we have to act like an attacker How security engineers treat the test cycle Even if it's your own software You are not doing feature testing

What Do You Need? A site that is hopefully dedicated to your test Because you are going to work it over Always try to work on a site that is a duplicate of the production environment But not a production system Tools at your disposal Knowledge A plan A bad attitude The site is weak and you can prove it You're going to kick bits and take names

Test Parts Preparation Goals, scope, tool collection, permissions, documents Testing More to come Reporting Permanent, possible legal Executive summary, intro, findings, conclusions Criticality, type, scenario, mitigations Presentation Optional, educational, potential for confrontation

Document Flow (Ethical Hacking) Statement of Work (SOW) Typically details what parts of the app you are going to test What you are to deliver Your responsibilities to the customer Scoping document Filled in by the customer Tells you things about the system and the application that will make it easier and faster to get started Threat Model - helps you decide what to test Test Plan what you intend to test, not how Pen Test Report what you found out

SOW Who you are Who we are Outline of the work description This implies that we already know something about the app Limitations on our work Deliverables Dates Contract completion criteria Cost Signatures

Scoping Document Demographics of the app Known threats Assets to be protected by the app Architectural design System Information Components Users and roles Interfaces and entry points Authentication model Authorization model In scope/out of scope Languages

Scoping Document Network information Domain IP Network architecture In scope/out of scope System information IP addresses Operating System Web Server, DNS server, other services File system structure In scope/out of scope

Threat Model Yet to come Describes the threats to your system A prescriptive process for finding threats Almost always done after a preliminary hands-on test of the application

Test Plan Given the threats, what are you going to test Test ID Test Title Test Description Result 1 Login SQL Injection Test for SQL Injection in the login process 2 Secure SSL Check that the SSL crypto algorithms are secure 3 Cookie HttpOnly Check that HttpOnly flag is set on all cookies There could be hundreds of these or maybe thousands

Outline of Testing Now you are the attacker You may have some privileged information to make life easier, but you need to proceed as though you don't Your attack will follow the following process Reconnaissance and mapping Discovery Exploitation

What the Attacker Sees Servers and clients Operating systems Application servers Exchanges of data/protocols TCP, SSL/TLS HTML, HTTP Authentication methods Session management schemes Forms data processing Database access How much they know depends on the situation

Reconnaissance Identify the infrastructure Identify servers Detect the operating systems Profile the servers Detect software configurations Using external sources

Discovery Automated searching Vulnerability specific searching Manual searching

Exploitation Pivoting Gather private data Use it for more discovery Bypassing protections Injection attacks Session attacks

Manual Testing Tester processes each part of the app Scripts and tools are used Sloooooowwwww

Automated Testing One or more scanners are used HPWebInspect Paros Burp Cenzic Hailstorm skipfish Fast Still takes a long time Thoroughness still controllable

What Next? For each of the tasks, there are methods and tools We (you) are going to do a series of labs to get familiar with the process The object of your attack will be DVWA And the tools will be from Samurai WTF These may not be the optimal set of tools, but it s a start. You are encouraged to look into other tools and try them

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information