• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Penetration Testing Services Technical Description Cyber51
 

Penetration Testing Services Technical Description Cyber51

on

  • 835 views

Penetration Testing Services and Vulnerability Assessment Services.

Penetration Testing Services and Vulnerability Assessment Services.

Statistics

Views

Total Views
835
Views on SlideShare
832
Embed Views
3

Actions

Likes
1
Downloads
9
Comments
0

1 Embed 3

http://www.linkedin.com 3

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Penetration Testing Services Technical Description Cyber51 Penetration Testing Services Technical Description Cyber51 Document Transcript

    • Security Services Description
    • Table of ContentsNETWORK PENETRATION TEST ...................................................................................................... 3 WHY? ................................................................................................................................................................. 3 METHODOLOGY ................................................................................................................................................ 3 Footprinting / Network Mapping ............................................................................................................3 Scanning and enumeration.........................................................................................................................4 Vulnerability Analysis....................................................................................................................................7 Exploitation ........................................................................................................................................................8 Reporting.............................................................................................................................................................9WEB APPLICATION PENETRATION TEST..................................................................................... 9 WHY? ................................................................................................................................................................ 9 METHODOLOGY ...........................................................................................................................................10 Configuration Management Analysis .................................................................................................. 10 Analysis of Authentication ....................................................................................................................... 11 Session Management Analysis ................................................................................................................ 11 Analysis of Authorization ......................................................................................................................... 12 Data Validation Analysis........................................................................................................................... 12 Analysis of Web Services ........................................................................................................................... 13 Reporting.......................................................................................................................................................... 13APPENDIX A: TYPES OF PENETRATION TESTS……………………………………………………...……….15 Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
    • Network Penetration TestWhy?Individuals and businesses enjoy and rely on modern communicationmethods, collaboration services and benefit from new opportunitiesthe Internet age has created. However, Cyber Crime is on the rise tooand has led governments to form complete new authorities to tackleCyber Warfare and malicious activity. We at Cyber 51 play our part inmaking the Internet and modern communications a more securespace.Hackers attack both private and corporate systems on a daily basis.The attacker can be stationed anywhere in the world and needs justinternet access and the appropriate tools. The threat is real and ithappens thousands of times a day. Many attacks take placeundetected and result in the theft and destruction of valuable data.The solution: Penetration Tests and Network Security Audits. Cyber 51will, with the legal permission of the network owner, attack customersystems in the same way as a Hacker. In doing so, Cyber 51 is able toexpose security holes in the system.The benefit: The customer is made aware of the Security holes that existand could be exploited by a hacker with malicious intent to gainunauthorized access to the customer network. In addition, Cyber 51 willprepare a plan of action and, if the customer wishes, implement theclosure of these holes.MethodologyFootprinting / Network MappingThe process of footprinting is a completely non‐intrusive activityperformed in order to get the maximum possible information availableabout the target organization and its systems using various means, bothtechnical as well as non‐technical. This involves searching the internet,querying various public repositories (whois databases, domainregistrars, Usenet groups, mailing lists, etc.).Also, our Security Testing Consultants will look to obtain as much detailas possible of the current topology and network profile. This can consistof information around IP addressing, gathering public domaininformation about the business, Ping sweeps, port scanning etc. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
    • This information is then compiled and subsequently analyzed for furtherareas of investigation.  Information Gathering o Expected results • Domain names • Servers names • IP addresses • Network Topology • Information about ISP • Internet presence • Company Profile o Tasks: • Examine and gather information about domain registries. • Find IP addresses Blocks • Names and locations of DNS servers • Use of multiple traces in order to identify systems and devices between. • Identify email addresses related to the company. • Identify newsgroups, Forums and boards where information related to the company is located. • Examine web pages and scripts source codes • Examine email headersScanning and enumerationThe scanning and enumeration phase will comprise of identifying livesystems, open / filtered ports found, services running on these ports, Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
    • mapping router / firewall rules, identifying the operating system details,network path discovery, etc.This phase involves a lot of active probing of the target systems.After successfully identifying the open ports, services behind them willbe fingerprinted, either manually or by using readily available tools.Then, the penetration tester will confirm the exact name and version ofthe services running on the target system and the underlying OperatingSystem before including the same in the final report.  Services identification on systems o Expected Results • Ports open, closed and filtered • IP addresses of live systems • IP addresses of internal networks • Asset Services • Map the Network • List tunneled and encapsulated protocols discovered • List supported routing protocols • Application type and patch level • Type of operating systems o Tasks • Collection of responses from network • Test TTL / firewalking firewall • Use ICMP and reverse lookup to determine the existence of machines on network • Use TCP fragments with FIN, NULL and XMAS on ports 21, 22,25,80 and 443 of the hosts found on the network • Use TCP SYN on ports 21, 22, 25.80 and 443 of the hosts found on the network. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
    • • Attempt connections on DNS servers • Use TCP SYN (half open) to list ports that are closed or open filtered all hosts on the network found • Use TCP fragments to ports and services available in the host • Use UDP packets to list all open ports found on the network host • Try to identify the Standard protocols • Try to identify non-standard protocols • Try to identify encrypted protocols • Identify date, time and System Up-Time • Identify the predictability of TCP sequence numbers • Identify the predictability of TCP sequence number ISN Service identification: o Expected Results • Type of services • Application version and type that offers the service o Tasks • Match each open port with its corresponding service • Identify the Server Up-Time and patches applied • Identify the application that provides the service through the use of fingerprinting and banners • Identify the version of the application • Use UDP based services and Trojans attempt to make connections to the services found System Identification: Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
    • o Expected Results • Type of operating system • Patch Level • Type of system • Enumeration System o Tasks • Examine system responses to determine your operating system • Check the prediction of TCP sequence numbersVulnerability AnalysisAfter successfully identifying the target systems and gathering therequired details from the above phases, a penetration tester will try tofind any possible vulnerabilities existing in each target system.During this phase a penetration tester will use automated tools to scanthe target systems for known vulnerabilities. These tools have their owndatabases consisting of latest vulnerabilities and their details.During this phase a penetration tester will also test the systems bysupplying invalid inputs, random strings, etc., and check for any errorsor unintended behaviours in the system output.By doing so there are many possibilities that the penetration tester maycome across unidentified vulnerabilities.Penetration tester will not to rely only on automated tools for thisactivity  Vulnerability testing o Expected Results • Type of applications and services listed by vulnerability • Patch Level of systems and applications • List of vulnerabilities that can cause denial of service • List of areas secured by obscurity Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
    • o Tasks • Integrate the most popular scanners, hacking tools and exploits in this test • Measure the goal with these tools • Try to identify vulnerabilities in a system and application type d • Perform redundant testing with at least two of the most popular scanners • Identify the vulnerabilities of the operating system • Identify application vulnerabilities • Check the vulnerabilities found by using exploitsExploitationDuring this phase a penetration tester will try to find exploits for thevarious vulnerabilities found in the previous phase.Quite often, successful exploitation of vulnerability might not lead toroot (administrative) access. In such a scenario additional steps needto be taken, further analysis is required to access the risk, that particularvulnerability may cause to the target system.Example attack scenarios in this phase include, but aren’t limited to;  buffer overflows  application or system configuration problems  modems  routing issues  DNS attacks  address spoofing  share access and exploitation of inherent system trust relationships. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
    • Potential vulnerabilities will be systematically tested for weakness andoverall risk. The strength of captured password files will be tested usingpassword-cracking tools. Individual user account passwords may alsobe tested using dictionary-based, automated login scripts. In the eventthat an account is compromised, we will attempt to elevate privilegesto that of super user, root, or administrator level.Our Security Consultants will maintain detailed records of all attemptsto exploit vulnerabilities and activities conducted during the attackphase.ReportingThe last phase in the entire activity is the reporting phase. This phasecan occur in parallel to the other three stages or at the end of theAttack stage.The final report will be prepared keeping in mind both Management aswell as Technical aspects, detailing all the findings with proper graphs,figures, etc. so as to convey a proper presentation of the vulnerabilitiesand it’s impact to the business of the target organization.An executive summary, describing in brief, the activities performed,findings, and high-level recommendations will be provided.Also detailed technical descriptions of the vulnerabilities and therecommendations to mitigate them will be documented in this report.All the security holes found and exploited will be accompanied withproper Proof‐of‐Concept by means of screenshots of the successfulexploits, or any other such methods.This report will consist in an Executive report containing, without to belimited to: conclusions, recommendations, statistics, and hackingmethodology brief, and a Technical Report containing without to belimited to: Information Gathering, Network Information, Analysis andAttack results of accomplished tasks.Web Application Penetration TestWhy?Web applications have become increasingly vulnerable to differentforms of hacker attacks. According to a Gartner Report, 75% of attackstoday occur at the application level. A Forrester survey states that“people are now attacking through applications, because it’s easier Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
    • than through the network layer.”Despite common use of defenses such as firewalls and intrusiondetection or prevention systems, hackers can access valuableproprietary and customer data, shutdown websites and servers anddefraud businesses, as well as introduce serious legal liability withoutbeing stopped or, in many cases, even detected.To counter this problem, Cyber 51 Ltd. offers a comprehensive securityrisk assessment solution - Web Application Penetration Testing - toidentify, analyze and report vulnerabilities in a given application. Aspart of this service, Cyber 51 Ltd. attempts to identify both inherent andpotential security risks that might work as entry points for the hacker.We believe vulnerabilities could be present in a web application dueto inadvertent flaws left behind during development, security issues inthe underlying environment and misconfigurations in one or morecomponents like database, web server etc.When conducting a Web Application Penetration Testing assignment,Cyber 51 Ltd. adopts a strong technology and process-basedapproach supported by a well-documented methodology to identifypotential security flaws in the application and underlying environment.Adherence to industry standards such as OWASP, customized testsbased on technology and business logic, skilled and certified securityengineers, risk assessment on the vulnerabilities found, scoring systembased on CVSS (Common Vulnerability Scoring System) make usdifferent from the other vendors in this space.Customers would benefit from web application penetration testing onthe application as it gives an in-depth analysis of your current securityposture, recommendations for reducing exposure to currently identifiedvulnerabilities are highlighted and it allows the customer to make moreinformed decisions, enabling management of the company’s exposureto threats. The security assessment report submitted on completion ofthe engagement provides a detailed and prioritized mitigation plan tohelp customers in addressing security issues in a phased manner.MethodologyConfiguration Management AnalysisThe infrastructure used by the Web application will be evaluated froma security perspective.The tests to be performed are as follows:• TLS and SSL tests. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
    • • Security Testing over the listener of management system databases.• Testing the configuration of the infrastructure and its relationship withthe Web application, vulnerability analysis, analysis of authenticationmechanisms and identification of all the ports used by the Webapplication.• Testing the application settings, search through directories andregular files, comments from developers and the eventual acquisitionand operational analysis of logs generated by the application.• Searching for old files, backups, logs of operations and other filesused by the Web application.• Search and test management interfaces or web application relatedinfrastructure.• Test various HTTP methods supported and the possibilities of XST(Cross-Site Tracing).Analysis of AuthenticationWe will evaluate the various mechanisms and aspects of the webapplication authentication.The tests to be performed are as follows:• Credentials management• Enumeration of users and user accounts easily identifiable.• Proof of identification credentials brute force, based on informationfound or inferred.• Testing the authentication mechanisms looking for evasion• Logouts mechanisms and weaknesses associated with the Internetbrowser cache.• Strength tests over captchas and test multi-factor authentication.Session Management AnalysisWe will evaluate the different mechanisms and management aspectsof web application sessions.The tests to be performed are as follows: Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
    • • Session management scheme will be tested.• CSRF (Cross-Site Request Forgery).• Test attributes Cookies.• Setting sessions.• Evidence of attributes exposed session and repetition.Analysis of AuthorizationWe will evaluate the various mechanisms and aspects of webapplication authorization.The tests to be performed are as follows:• Privilege escalation.• "Path Traversal".• Evidence of evasion of clearance mechanisms.• Testing the "business logic" of the Web application, avoiding, altering,or cheating their relationships within the application.Data Validation AnalysisWe will evaluate the various repositories, access and protectionmechanisms related to the validation of data used by the Webapplication.The tests to be performed are as follows:• Test various XSS (Cross Site Scripting) and "Cross Site Flashing."• SQL Injection tests.• LDAP injection tests.• Evidence of ORM injection.• XML Injection tests.• SSI injection testing.• Testing XPath Injection.• Injection Test IMAP / SMTP. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
    • • Evidence Code Injection.• Injection Test Operating System Commands.• Evidence of buffer overflow.• Evidence of Splitting / Smuggling of HTTP.• Evidence of evasion of clearance mechanisms.• Evidence of privilege escalation.Analysis of Web ServicesWe will evaluate the web application services related to SOA (ServiceOriented Architecture):The tests to be performed are as follows:• Security testing of WSDL.• Evidence of structural Security of XML.• Testing of security at XML content.• Test HTTP GET parameters / REST.• Tests with contaminated SOAP attachments.• Repeat testing of web services.• Testing AJAX Web application vulnerabilities regarding thistechnology.ReportingThe last phase in the entire activity is the reporting phase. This phasecan occur in parallel to the other three stages or at the end of theAttack stage.The final report will be prepared keeping in mind both Management aswell as Technical aspects, detailing all the findings with proper graphs,figures, etc. so as to convey a proper presentation of the vulnerabilitiesand it’s impact to the business of the target organization.An executive summary, describing in brief, the activities performed,findings, and high level recommendations will be provided.Also detailed technical descriptions of the vulnerabilities and therecommendations to mitigate them will be documented in this report. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
    • All the security holes found and exploited will be accompanied withproper Proof‐of‐Concept by means of screenshots of the successfulexploits, or any other such methods.This report will consist in an Executive report containing, without to belimited to: conclusions, recommendations, statistics, and hackingmethodology brief, and a Technical Report containing without to belimited to: Information Gathering, Network Information, Analysis andAttack results of accomplished tasks. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
    • Penetration TestingAny of our Penetration Tests can contain one or more modules as listedbelow. We will tailor any Penetration Test to your individual businessneeds.Internet Security AssessmentAny device with access to the Internet is a potential open door towould-be hackers. We provide vulnerability assessments during whichwe closely map the network architecture, examine all open ports, hostsand services with access to the Web, and ensures that these networkdevices are secure. Defensive thinking gathers information such asdomain names, IP network ranges, operating system and applications,to identify systems on the network, how they are related, the servicesthat are exposed through open ports (such as http, SMTP, terminalservices, etc.). Once open ports and attached services are identified,we determine whether each service has been updated with the mostrecent patches and identifies other vulnerabilities located within theexposed services. In addition to conducting vulnerability assessments,we perform more rigorous penetration tests in which the informationgathered from the assessment is used to attempt to penetrate thenetwork. This more thorough procedure can confirm whether potentialvulnerabilities are, in fact, capable of being exploited to expose thenetwork. Following all vulnerability assessments and penetration tests,we use the information we gather to prepare a thorough vulnerabilityanalysis and offers recommendations for strengthening networksecurity.Intranet Security AssessmentWhile outside threats must be guarded against, business must alsoprotect against potential threats from within their own networks. Usingmany of the same techniques and procedures for Internet SecurityTesting, we provide Intranet risk assessment and analysis to protectagainst the potential threat posed by insiders. Depending on theclient’s needs, intranet testing can be performed by us under varyingdegrees of disclosure of network information from the client, forexample with or without network accounts. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
    • Dial-in RAS Security AssessmentDial-in links pose a potential threat to the integrity of the networksecurity system. We examine dial-up connections that allow employeesto access the network through public telephone lines or other dial-upconnections. Given a range of telephone exchanges that may includemodems, we can identify target numbers that allow for remote access.Using these numbers, we attempt to exploit vulnerabilities in the systemand gain access to the network. We can also assess risks posed by theexposure of dial-up connections to the public telephone networkwhich might undermine the client’s own internal security architecture.Web Application AssessmentThis assessment examines what services are being offered on Web-based portals and e-commerce applications to examine potentialvulnerabilities with respect to authentication, authorization, dataintegrity, data confidentiality, and consumer privacy concerns. We cantest these applications using either zero-knowledge testing or full-access testing to examine the full range of potential vulnerabilities. Wealso conduct source code audits to identify any potential vulnerabilityamong the applications and scripts that are accessible through theWeb.Wireless AssessmentWireless networks, while highly convenient, present additional securitythreats since the wireless signals are not limited by the physicalboundaries of a traditional network. We evaluate how to preventwireless communications from being exposed to eavesdropping andaccess by unauthorized intruders. Additionally, we examine theenterprise infrastructure for unencrypted or standard WEP enabledaccess points that may be vulnerable in order to ensure the security ofthe network. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
    • Social Engineering AssessmentSocial engineering involves manipulating and/or deceiving companyemployees and other human resources to gain unauthorized access toa network or to confidential information. We are a premier consultingfirm in our ability to identify weak links in the security chain throughexploitation of human vulnerabilities. We leverage our unparalleledexpertise in this field to expose what is often the weakest link in theinformation security apparatus: the human element. Once individual orsystemic weaknesses are identified, we recommend proceduresdesigned to ensure that employees do not divulge information thatcould compromise company assets. The social engineering assessmentnot only uses tactics intended to gain confidential information, but alsoto induce unsuspecting employees to create vulnerabilities that cansubsequently be exploited to gain access to confidential information.Telecommunications AssessmentWe have unique experience testing vulnerabilities in private bankexchanges that operate company voicemail and messaging systems.Unauthorized access to these systems can allow an intruder toeavesdrop on and manipulate employee voicemail messages, initiateoutgoing calls from internal company lines, and access corporatetelephone networks and directories.Database AssessmentClient lists, credit card records, and other confidential information heldin databases must be given particular protection from unauthorizeddisclosure. We test database integrity to determine whether anyvulnerability may compromise this sensitive information.Physical Security AssessmentAccess to confidential information can often be obtained by simplygaining physical access to company premises. We conducts on-sitesurveillance to assess physical security and uses social engineering,pass key duplication, and other techniques designed to gain physicalentry into secure areas and the network system. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
    • Forensic AnalysisIn addition to preventing future attacks, we can conduct forensicanalysis to evaluate past security breaches. This analysis examines logreports, compares backups to identify modifications to the network,and investigates the introduction of foreign software tools to helpidentify intruders, determine the extent to which the network has beencompromised, and mitigate potential damages from the intrusion.Intrusion InvestigationWe can investigate documented intrusion attempts in to your networkand situations where data was actually compromised. Throughinvestigation, you can find the source of the attack, the techniquesused, and how to correct these flaws. While it is always best to stopattacks before they happen, it is important to investigate any possiblecompromise of your intellectual property. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk