SlideShare a Scribd company logo

pentration testing.pdf

R
Ramya Nellutla

Ethical Hacking

Engineering
1 of 23
Download to read offline
1 Enterprise Security / System Integrity Penetration Testing Explained Rand Hirt, CISSP, CISA, GPEN Sr. Security Analyst - Enterprise Security
2 Enterprise Security / System Integrity Agenda for Today • What is Penetration Testing? – Definition – Purpose – Connection to Vulnerabilities/Exploits – Types of Pen Tests – Outcomes • Why Pen Test? – Regulatory Requirements – Risk Profile determination • How to Pen Test? – Pen Test Methodology – Reporting – Penetration Testing Framework and PTES – Tools - Open Source – Tools – Commercial • Challenges • Takeaways
3 Enterprise Security / System Integrity What is Penetration Testing? Definition • Definition = the exact meaning of a word. Despite that, security testing vendors define their services differently using the same words, often incorrectly. • Penetration Test = An approach, modeling tactics of real- world bad guys, to find vulnerabilities - then under controlled circumstances, exploit those vulnerabilities and determine business risk. • Vulnerability Scan (or Security Assessment) = finding security vulnerabilities, which may or may not be used to get in or steal data. Vulnerability (or Security) Assessment ≠ Penetration Test Penetration test = focus is on actually getting in and/or stealing data.
4 Enterprise Security / System Integrity What is Penetration Testing? – continued Purpose • The ultimate goal is discovering flaws so that they can be remediated (applying patches, reconfiguring systems, altering the architecture, changing processes, etc.). Connection of Vulnerabilities/Exploits to Risk • Threat = an actor or agent that may want to or actually can cause harm to the targeted organization. • Vulnerability = flaw that an attacker could use to cause damage. • Exploit = the vehicle by which the attacker uses a vulnerability to cause damage to the target system.
5 Enterprise Security / System Integrity What is Penetration Testing? – continued Connection to Vulnerabilities/Exploits How this plays together: Risk is where threat and vulnerability overlap. That is, we have a risk when our systems have a vulnerability that a given threat can attack.
6 Enterprise Security / System Integrity What is Penetration Testing? – continued Types of Penetration Tests • Network services test – Most common – finding target systems on a network. • Client-Side test – Designed to find exploit client-side software, such as browsers, media players, doc editing programs, etc. • Web Application test – Targets web-based applications in the target environment. • Remote war dial test – Looks for modems in the target environment and includes password guessing to attempt connecting. • Wireless security test – Targets the physical environment to find unauthorized wireless access points or insecure access points. • Social engineering test – Attempts to dupe a user into revealing sensitive information or clicking on a malicious link in an email.
7 Enterprise Security / System Integrity What is Penetration Testing? – continued Outcomes To be successful, need to express our pen test findings in both business and technical terms. For any given risk, decision makers may conclude that, for business purposes, they will accept a given risk identified during a test, rather than mitigate the associated vulnerability. In the end, it’s a business decision.
8 Enterprise Security / System Integrity Why Pen Test? Regulatory Requirements Payment Card Industry (PCI) Data Security Standard (DSS) mandates at least an annual pen test be performed on the Cardholder Data Environment (CDE), and/or if significant infrastructure or application upgrades occur (PCI DSS 11.3).
9 Enterprise Security / System Integrity Why Pen Test? - continued Risk Profile determination The overall objective is to reduce risk by examining the company’s actual attack surface. Attack surface = the sum of all potential attack vectors. Attack vector = any single parameter (that is also vulnerable) that can be attacked. EXAMPLE: Networked services like File Transfer Protocol (FTP), Internet Message Access Protocol (IMAP) and Simple Mail Transfer Protocol (SMTP) contain unique parameters, each of which could be exploited if not adequately protected.
10 Enterprise Security / System Integrity How to Pen Test? Pen Test Methodology 1. Scoping/Planning/Goal – Constraints and limitations imposed on the team i.e. Out of scope items, hardware, IP addresses. – Constraints, limitations or problems encountered by the team during the actual test 2. Reconnaissance – The tester would attempt to gather as much information as possible about the selected network. Reconnaissance can take two forms i.e. active and passive. A passive attack is always the best starting point as this would normally defeat intrusion detection systems and other forms of protection etc. afforded to the network. This would usually involve trying to discover publicly available information by utilizing a web browser and visiting newsgroups etc. An active form would be more intrusive and may show up in audit logs and may take the form of an attempted DNS zone transfer or a social engineering type of attack.
11 Enterprise Security / System Integrity How to Pen Test?- continued Pen Test Methodology 3. Scanning – By use of vulnerability scanners all discovered hosts would be tested for vulnerabilities. The result would then be analyzed to determine if there any vulnerabilities that could be exploited to gain access to a target host on a network. 4. Exploitation – By use of published exploits or weaknesses found in applications, operating system and services, access would then be attempted. This may be done surreptitiously or by more brute force methods. An example of this would be the use of exploit engines i.e. Metasploit or password cracking tools such as John the Ripper.
12 Enterprise Security / System Integrity How to Pen Test? - continued Pen Test Methodology 5. (optional) Covering Tracks – The ability to erase logs that may have detected the testing teams attempts to access the network should ideally not be possible. These logs are the first piece of evidence that may prove that a possible breach of company security has occurred and should be protected at all costs. An attempt to erase or alter these logs should prove unsuccessful to ensure that if a malicious attacker did in fact get access to the network then their every movement would be recorded.
13 Enterprise Security / System Integrity How to Pen Test? - continued Reporting Reporting is crucial for sharing the findings of the penetration test. It should not just be a “cut & paste” process from the tool. It must have some business impact analysis as well as quantify the business risk of the findings. Reports are not for impressing other pen testers. Its for operations personnel to understand the risks and help them mitigate the vulnerabilities.
14 Enterprise Security / System Integrity How to Pen Test? - continued Penetration Testing Framework and PTES • Open-source testing methodologies exist: – Open Source Security Testing Methodology Manual (OSSTMM) – Open Web Application Security Project (OWASP) – Penetration Testing Framework (www.vulnerabilityassessment.co.uk/Penetration%20Test.ht ml) – Penetration Testing Execution Standard (http://pentest- standard.org/index.php/Main_Page)
15 Enterprise Security / System Integrity How to Pen Test? - continued Tools - Open Source • Nessus (now commercial version by Tenable Security) • Metasploit (now owned by Rapid7) • Backtrack CD (discontinued Linux distro. with open- source security tools – now Kali Linux)
16 Enterprise Security / System Integrity How to Pen Test? - continued Tools - Commercial • Immunity CANVAS Pro • WebInspect - HP SPI Dynamics • CORE IMPACT & CORE Insight Enterprise
17 Enterprise Security / System Integrity Challenges Bad (RCPT) vs. Good Pen Testing Really Crappy Pen Test (RCPT) - not thoroughly testing all attributes of the attack surface, or even worse, using vulnerability scan results and calling it a penetration test. A good pen test is comprehensive and looks at threat levels at least equal to those likely to be faced in the wild and performs testing at that level.
18 Enterprise Security / System Integrity Challenges - continued Skill level Real pen testers are highly skilled professional, usually certified to show competency, use formalized methodology, and respect the business requirements of the company. They view pen testing as a logical, analytical process. It is not just the output product of an automated scanner (like the ones discussed earlier).
19 Enterprise Security / System Integrity Challenges - continued Potential adverse impacts The goal of a penetration test is not to just cause all sorts of damage and expect that someone else gets to clean up the mess. The goal is to attempt to achieve the objective as safely and with as little impact as possible. However, if you do pen testing long enough, at some point you will “knock something over” (a system may go unresponsive), so proper Change Management is crucial in order to account for unexpected results.
20 Enterprise Security / System Integrity Challenges - continued Time/Money constraints Penetration tests are inherently constrained by time and/or financial resources. For a specific engagement, scoping of the pen test is crucial to success. Also to be taken into consideration, is the intensity of the testing to mimic the hacker level most concerning (script kiddie, skilled hacker, and elite hacker).
21 Enterprise Security / System Integrity Challenges - continued Failure to address Business impact A good pen test not only validates identified vulnerabilities, but also discusses the business impact if the vulnerabilities are exploited. In addition, there should also be recommendations on how to effectively remediate those verified vulnerabilities.
22 Enterprise Security / System Integrity Takeaways There are many reasons to conduct a penetration test: • Compliance: Security standards like PCI require at least annual penetration testing. • Measuring Risk: This can inform management where weaknesses are present and the level of risk they present. • Diligence: Testing to determine if software developed internally using a Software Development Life Cycle (SDLC) has met secure development practices and hasn’t presented opportunities to be attacked and exploited.
23 Enterprise Security / System Integrity Questions?

Recommended

Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Jorge Orchilles
 
Backtrack manual Part1
Backtrack manual Part1Backtrack manual Part1
Backtrack manual Part1Nutan Kumar Panda
 
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security EnhancementDemystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancementcyberprosocial
 
Penetration Testing Guide
Penetration Testing GuidePenetration Testing Guide
Penetration Testing GuideBadawy Abd El-Aziz
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?Rapid7
 
The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.Expeed Software
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodFalgun Rathod
 
Software testing overview subbu
Software testing overview subbuSoftware testing overview subbu
Software testing overview subbuSubramanya Mudukutore
 

Recommended

Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Jorge Orchilles
 
Backtrack manual Part1
Backtrack manual Part1Backtrack manual Part1
Backtrack manual Part1Nutan Kumar Panda
 
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security EnhancementDemystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancementcyberprosocial
 
Penetration Testing Guide
Penetration Testing GuidePenetration Testing Guide
Penetration Testing GuideBadawy Abd El-Aziz
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?Rapid7
 
The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.Expeed Software
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodFalgun Rathod
 
Software testing overview subbu
Software testing overview subbuSoftware testing overview subbu
Software testing overview subbuSubramanya Mudukutore
 
Itis pentest slides hyd
Itis pentest slides hydItis pentest slides hyd
Itis pentest slides hydRama krishna
 
Best Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxBest Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxAfour tech
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
penetration test
penetration testpenetration test
penetration testHajer alriyami
 
What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...Alisha Henderson
 
Increasing Value Of Security Assessment Services
Increasing Value Of Security Assessment ServicesIncreasing Value Of Security Assessment Services
Increasing Value Of Security Assessment ServicesChris Nickerson
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chanceDr. Anish Cheriyan (PhD)
 
Penetration Testing Services - Redfox Cyber Security
Penetration Testing Services - Redfox Cyber SecurityPenetration Testing Services - Redfox Cyber Security
Penetration Testing Services - Redfox Cyber SecurityKaran Patel
 
A Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingA Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingEC-Council
 
CohenNancyPresentation.ppt
CohenNancyPresentation.pptCohenNancyPresentation.ppt
CohenNancyPresentation.pptmypc72
 
New Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise InfilterationNew Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise InfilterationShritam Bhowmick
 
Whitepaper: Network Penetration Testing - Happiest Minds
Whitepaper: Network Penetration Testing - Happiest MindsWhitepaper: Network Penetration Testing - Happiest Minds
Whitepaper: Network Penetration Testing - Happiest MindsHappiest Minds Technologies
 
Security Testing.pptx
Security Testing.pptxSecurity Testing.pptx
Security Testing.pptxosandadeshan
 
Penetration Testing for Cybersecurity Professionals
Penetration Testing for Cybersecurity ProfessionalsPenetration Testing for Cybersecurity Professionals
Penetration Testing for Cybersecurity Professionals211 Check
 
Penetration testing 5 reasons Why Organizations Should Adopt it
Penetration testing 5 reasons Why Organizations Should Adopt itPenetration testing 5 reasons Why Organizations Should Adopt it
Penetration testing 5 reasons Why Organizations Should Adopt itTestingXperts
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET Journal
 
What is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdfWhat is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdfElanusTechnologies
 
Penetration Testing Service in India Senselearner .pdf
Penetration Testing Service in India Senselearner .pdfPenetration Testing Service in India Senselearner .pdf
Penetration Testing Service in India Senselearner .pdfSense Learner Technologies Pvt Ltd
 
artificial Intelligence unit1 ppt (1).ppt
artificial Intelligence unit1 ppt (1).pptartificial Intelligence unit1 ppt (1).ppt
artificial Intelligence unit1 ppt (1).pptRamya Nellutla
 
Deep network notes.pdf
Deep network notes.pdfDeep network notes.pdf
Deep network notes.pdfRamya Nellutla
 

More Related Content

Similar to pentration testing.pdf

Itis pentest slides hyd
Itis pentest slides hydItis pentest slides hyd
Itis pentest slides hydRama krishna
 
Best Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxBest Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxAfour tech
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...Alisha Henderson
 
Increasing Value Of Security Assessment Services
Increasing Value Of Security Assessment ServicesIncreasing Value Of Security Assessment Services
Increasing Value Of Security Assessment ServicesChris Nickerson
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chanceDr. Anish Cheriyan (PhD)
 
Penetration Testing Services - Redfox Cyber Security
Penetration Testing Services - Redfox Cyber SecurityPenetration Testing Services - Redfox Cyber Security
Penetration Testing Services - Redfox Cyber SecurityKaran Patel
 
A Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingA Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingEC-Council
 
CohenNancyPresentation.ppt
CohenNancyPresentation.pptCohenNancyPresentation.ppt
CohenNancyPresentation.pptmypc72
 
New Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise InfilterationNew Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise InfilterationShritam Bhowmick
 
Whitepaper: Network Penetration Testing - Happiest Minds
Whitepaper: Network Penetration Testing - Happiest MindsWhitepaper: Network Penetration Testing - Happiest Minds
Whitepaper: Network Penetration Testing - Happiest MindsHappiest Minds Technologies
 
Security Testing.pptx
Security Testing.pptxSecurity Testing.pptx
Security Testing.pptxosandadeshan
 
Penetration Testing for Cybersecurity Professionals
Penetration Testing for Cybersecurity ProfessionalsPenetration Testing for Cybersecurity Professionals
Penetration Testing for Cybersecurity Professionals211 Check
 
Penetration testing 5 reasons Why Organizations Should Adopt it
Penetration testing 5 reasons Why Organizations Should Adopt itPenetration testing 5 reasons Why Organizations Should Adopt it
Penetration testing 5 reasons Why Organizations Should Adopt itTestingXperts
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET Journal
 
What is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdfWhat is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdfElanusTechnologies
 

Similar to pentration testing.pdf (20)

Itis pentest slides hyd
Itis pentest slides hydItis pentest slides hyd
Itis pentest slides hyd
 
Best Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxBest Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docx
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
penetration test
penetration testpenetration test
penetration test
 
What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...
 
Increasing Value Of Security Assessment Services
Increasing Value Of Security Assessment ServicesIncreasing Value Of Security Assessment Services
Increasing Value Of Security Assessment Services
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
 
Penetration Testing Services - Redfox Cyber Security
Penetration Testing Services - Redfox Cyber SecurityPenetration Testing Services - Redfox Cyber Security
Penetration Testing Services - Redfox Cyber Security
 
A Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingA Brief Introduction to Penetration Testing
A Brief Introduction to Penetration Testing
 
CohenNancyPresentation.ppt
CohenNancyPresentation.pptCohenNancyPresentation.ppt
CohenNancyPresentation.ppt
 
New Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise InfilterationNew Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise Infilteration
 
Whitepaper: Network Penetration Testing - Happiest Minds
Whitepaper: Network Penetration Testing - Happiest MindsWhitepaper: Network Penetration Testing - Happiest Minds
Whitepaper: Network Penetration Testing - Happiest Minds
 
Security Testing.pptx
Security Testing.pptxSecurity Testing.pptx
Security Testing.pptx
 
Penetration Testing for Cybersecurity Professionals
Penetration Testing for Cybersecurity ProfessionalsPenetration Testing for Cybersecurity Professionals
Penetration Testing for Cybersecurity Professionals
 
Penetration testing 5 reasons Why Organizations Should Adopt it
Penetration testing 5 reasons Why Organizations Should Adopt itPenetration testing 5 reasons Why Organizations Should Adopt it
Penetration testing 5 reasons Why Organizations Should Adopt it
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
 
What is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdfWhat is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdf
 
Penetration Testing Service in India Senselearner .pdf
Penetration Testing Service in India Senselearner .pdfPenetration Testing Service in India Senselearner .pdf
Penetration Testing Service in India Senselearner .pdf
 

More from Ramya Nellutla

artificial Intelligence unit1 ppt (1).ppt
artificial Intelligence unit1 ppt (1).pptartificial Intelligence unit1 ppt (1).ppt
artificial Intelligence unit1 ppt (1).pptRamya Nellutla
 
Deep network notes.pdf
Deep network notes.pdfDeep network notes.pdf
Deep network notes.pdfRamya Nellutla
 
- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdf- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdfRamya Nellutla
 
Unit-3-Part-1 [Autosaved].ppt
Unit-3-Part-1 [Autosaved].pptUnit-3-Part-1 [Autosaved].ppt
Unit-3-Part-1 [Autosaved].pptRamya Nellutla
 
E5-roughsets unit-V.pdf
E5-roughsets unit-V.pdfE5-roughsets unit-V.pdf
E5-roughsets unit-V.pdfRamya Nellutla
 
Unit-II -Soft Computing.pdf
Unit-II -Soft Computing.pdfUnit-II -Soft Computing.pdf
Unit-II -Soft Computing.pdfRamya Nellutla
 
SC01_IntroductionSC-Unit-I.ppt
SC01_IntroductionSC-Unit-I.pptSC01_IntroductionSC-Unit-I.ppt
SC01_IntroductionSC-Unit-I.pptRamya Nellutla
 
- Fuzzy Systems -II.pptx
- Fuzzy Systems -II.pptx- Fuzzy Systems -II.pptx
- Fuzzy Systems -II.pptxRamya Nellutla
 

More from Ramya Nellutla (12)

artificial Intelligence unit1 ppt (1).ppt
artificial Intelligence unit1 ppt (1).pptartificial Intelligence unit1 ppt (1).ppt
artificial Intelligence unit1 ppt (1).ppt
 
Deep network notes.pdf
Deep network notes.pdfDeep network notes.pdf
Deep network notes.pdf
 
Deep Learning.pptx
Deep Learning.pptxDeep Learning.pptx
Deep Learning.pptx
 
Unit-I PPT.pdf
Unit-I PPT.pdfUnit-I PPT.pdf
Unit-I PPT.pdf
 
- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdf- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdf
 
Datamodels.pptx
Datamodels.pptxDatamodels.pptx
Datamodels.pptx
 
Unit-3-Part-1 [Autosaved].ppt
Unit-3-Part-1 [Autosaved].pptUnit-3-Part-1 [Autosaved].ppt
Unit-3-Part-1 [Autosaved].ppt
 
E5-roughsets unit-V.pdf
E5-roughsets unit-V.pdfE5-roughsets unit-V.pdf
E5-roughsets unit-V.pdf
 
Unit-3.pptx
Unit-3.pptxUnit-3.pptx
Unit-3.pptx
 
Unit-II -Soft Computing.pdf
Unit-II -Soft Computing.pdfUnit-II -Soft Computing.pdf
Unit-II -Soft Computing.pdf
 
SC01_IntroductionSC-Unit-I.ppt
SC01_IntroductionSC-Unit-I.pptSC01_IntroductionSC-Unit-I.ppt
SC01_IntroductionSC-Unit-I.ppt
 
- Fuzzy Systems -II.pptx
- Fuzzy Systems -II.pptx- Fuzzy Systems -II.pptx
- Fuzzy Systems -II.pptx
 

Recently uploaded

Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxk795866
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxDeepakSakkari2
 
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidNikhilNagaraju
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfAsst.prof M.Gokilavani
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girlsssuser7cb4ff
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningmisbanausheenparvam
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...VICTOR MAESTRE RAMIREZ
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfme23b1001
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLDeelipZope
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSCAESB
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
power system scada applications and uses
power system scada applications and usespower system scada applications and uses
power system scada applications and usesDevarapalliHaritha
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 

Recently uploaded (20)

Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptx
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptx
 
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfid
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girls
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learning
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdf
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCL
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentation
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
power system scada applications and uses
power system scada applications and usespower system scada applications and uses
power system scada applications and uses
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 

pentration testing.pdf

  • 1. 1 Enterprise Security / System Integrity Penetration Testing Explained Rand Hirt, CISSP, CISA, GPEN Sr. Security Analyst - Enterprise Security
  • 2. 2 Enterprise Security / System Integrity Agenda for Today • What is Penetration Testing? – Definition – Purpose – Connection to Vulnerabilities/Exploits – Types of Pen Tests – Outcomes • Why Pen Test? – Regulatory Requirements – Risk Profile determination • How to Pen Test? – Pen Test Methodology – Reporting – Penetration Testing Framework and PTES – Tools - Open Source – Tools – Commercial • Challenges • Takeaways
  • 3. 3 Enterprise Security / System Integrity What is Penetration Testing? Definition • Definition = the exact meaning of a word. Despite that, security testing vendors define their services differently using the same words, often incorrectly. • Penetration Test = An approach, modeling tactics of real- world bad guys, to find vulnerabilities - then under controlled circumstances, exploit those vulnerabilities and determine business risk. • Vulnerability Scan (or Security Assessment) = finding security vulnerabilities, which may or may not be used to get in or steal data. Vulnerability (or Security) Assessment ≠ Penetration Test Penetration test = focus is on actually getting in and/or stealing data.
  • 4. 4 Enterprise Security / System Integrity What is Penetration Testing? – continued Purpose • The ultimate goal is discovering flaws so that they can be remediated (applying patches, reconfiguring systems, altering the architecture, changing processes, etc.). Connection of Vulnerabilities/Exploits to Risk • Threat = an actor or agent that may want to or actually can cause harm to the targeted organization. • Vulnerability = flaw that an attacker could use to cause damage. • Exploit = the vehicle by which the attacker uses a vulnerability to cause damage to the target system.
  • 5. 5 Enterprise Security / System Integrity What is Penetration Testing? – continued Connection to Vulnerabilities/Exploits How this plays together: Risk is where threat and vulnerability overlap. That is, we have a risk when our systems have a vulnerability that a given threat can attack.
  • 6. 6 Enterprise Security / System Integrity What is Penetration Testing? – continued Types of Penetration Tests • Network services test – Most common – finding target systems on a network. • Client-Side test – Designed to find exploit client-side software, such as browsers, media players, doc editing programs, etc. • Web Application test – Targets web-based applications in the target environment. • Remote war dial test – Looks for modems in the target environment and includes password guessing to attempt connecting. • Wireless security test – Targets the physical environment to find unauthorized wireless access points or insecure access points. • Social engineering test – Attempts to dupe a user into revealing sensitive information or clicking on a malicious link in an email.
  • 7. 7 Enterprise Security / System Integrity What is Penetration Testing? – continued Outcomes To be successful, need to express our pen test findings in both business and technical terms. For any given risk, decision makers may conclude that, for business purposes, they will accept a given risk identified during a test, rather than mitigate the associated vulnerability. In the end, it’s a business decision.
  • 8. 8 Enterprise Security / System Integrity Why Pen Test? Regulatory Requirements Payment Card Industry (PCI) Data Security Standard (DSS) mandates at least an annual pen test be performed on the Cardholder Data Environment (CDE), and/or if significant infrastructure or application upgrades occur (PCI DSS 11.3).
  • 9. 9 Enterprise Security / System Integrity Why Pen Test? - continued Risk Profile determination The overall objective is to reduce risk by examining the company’s actual attack surface. Attack surface = the sum of all potential attack vectors. Attack vector = any single parameter (that is also vulnerable) that can be attacked. EXAMPLE: Networked services like File Transfer Protocol (FTP), Internet Message Access Protocol (IMAP) and Simple Mail Transfer Protocol (SMTP) contain unique parameters, each of which could be exploited if not adequately protected.
  • 10. 10 Enterprise Security / System Integrity How to Pen Test? Pen Test Methodology 1. Scoping/Planning/Goal – Constraints and limitations imposed on the team i.e. Out of scope items, hardware, IP addresses. – Constraints, limitations or problems encountered by the team during the actual test 2. Reconnaissance – The tester would attempt to gather as much information as possible about the selected network. Reconnaissance can take two forms i.e. active and passive. A passive attack is always the best starting point as this would normally defeat intrusion detection systems and other forms of protection etc. afforded to the network. This would usually involve trying to discover publicly available information by utilizing a web browser and visiting newsgroups etc. An active form would be more intrusive and may show up in audit logs and may take the form of an attempted DNS zone transfer or a social engineering type of attack.
  • 11. 11 Enterprise Security / System Integrity How to Pen Test?- continued Pen Test Methodology 3. Scanning – By use of vulnerability scanners all discovered hosts would be tested for vulnerabilities. The result would then be analyzed to determine if there any vulnerabilities that could be exploited to gain access to a target host on a network. 4. Exploitation – By use of published exploits or weaknesses found in applications, operating system and services, access would then be attempted. This may be done surreptitiously or by more brute force methods. An example of this would be the use of exploit engines i.e. Metasploit or password cracking tools such as John the Ripper.
  • 12. 12 Enterprise Security / System Integrity How to Pen Test? - continued Pen Test Methodology 5. (optional) Covering Tracks – The ability to erase logs that may have detected the testing teams attempts to access the network should ideally not be possible. These logs are the first piece of evidence that may prove that a possible breach of company security has occurred and should be protected at all costs. An attempt to erase or alter these logs should prove unsuccessful to ensure that if a malicious attacker did in fact get access to the network then their every movement would be recorded.
  • 13. 13 Enterprise Security / System Integrity How to Pen Test? - continued Reporting Reporting is crucial for sharing the findings of the penetration test. It should not just be a “cut & paste” process from the tool. It must have some business impact analysis as well as quantify the business risk of the findings. Reports are not for impressing other pen testers. Its for operations personnel to understand the risks and help them mitigate the vulnerabilities.
  • 14. 14 Enterprise Security / System Integrity How to Pen Test? - continued Penetration Testing Framework and PTES • Open-source testing methodologies exist: – Open Source Security Testing Methodology Manual (OSSTMM) – Open Web Application Security Project (OWASP) – Penetration Testing Framework (www.vulnerabilityassessment.co.uk/Penetration%20Test.ht ml) – Penetration Testing Execution Standard (http://pentest- standard.org/index.php/Main_Page)
  • 15. 15 Enterprise Security / System Integrity How to Pen Test? - continued Tools - Open Source • Nessus (now commercial version by Tenable Security) • Metasploit (now owned by Rapid7) • Backtrack CD (discontinued Linux distro. with open- source security tools – now Kali Linux)
  • 16. 16 Enterprise Security / System Integrity How to Pen Test? - continued Tools - Commercial • Immunity CANVAS Pro • WebInspect - HP SPI Dynamics • CORE IMPACT & CORE Insight Enterprise
  • 17. 17 Enterprise Security / System Integrity Challenges Bad (RCPT) vs. Good Pen Testing Really Crappy Pen Test (RCPT) - not thoroughly testing all attributes of the attack surface, or even worse, using vulnerability scan results and calling it a penetration test. A good pen test is comprehensive and looks at threat levels at least equal to those likely to be faced in the wild and performs testing at that level.
  • 18. 18 Enterprise Security / System Integrity Challenges - continued Skill level Real pen testers are highly skilled professional, usually certified to show competency, use formalized methodology, and respect the business requirements of the company. They view pen testing as a logical, analytical process. It is not just the output product of an automated scanner (like the ones discussed earlier).
  • 19. 19 Enterprise Security / System Integrity Challenges - continued Potential adverse impacts The goal of a penetration test is not to just cause all sorts of damage and expect that someone else gets to clean up the mess. The goal is to attempt to achieve the objective as safely and with as little impact as possible. However, if you do pen testing long enough, at some point you will “knock something over” (a system may go unresponsive), so proper Change Management is crucial in order to account for unexpected results.
  • 20. 20 Enterprise Security / System Integrity Challenges - continued Time/Money constraints Penetration tests are inherently constrained by time and/or financial resources. For a specific engagement, scoping of the pen test is crucial to success. Also to be taken into consideration, is the intensity of the testing to mimic the hacker level most concerning (script kiddie, skilled hacker, and elite hacker).
  • 21. 21 Enterprise Security / System Integrity Challenges - continued Failure to address Business impact A good pen test not only validates identified vulnerabilities, but also discusses the business impact if the vulnerabilities are exploited. In addition, there should also be recommendations on how to effectively remediate those verified vulnerabilities.
  • 22. 22 Enterprise Security / System Integrity Takeaways There are many reasons to conduct a penetration test: • Compliance: Security standards like PCI require at least annual penetration testing. • Measuring Risk: This can inform management where weaknesses are present and the level of risk they present. • Diligence: Testing to determine if software developed internally using a Software Development Life Cycle (SDLC) has met secure development practices and hasn’t presented opportunities to be attacked and exploited.
  • 23. 23 Enterprise Security / System Integrity Questions?