Why Penetration Testing Services Cyber51


Published on

Penetration Testing Services and Vulnerability Assessment Services.

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Why Penetration Testing Services Cyber51

  1. 1. Security Testing OverviewIntroductionIn the modern world, the number and sheer variety of threats to IT systems and services areincreasing exponentially. In a similar vein the number of IT Security products and services toaddress these threats are also increasing.Electronically trading businesses are particularly at risk of fraud and breaches of confidentiality,causing loss of assets and reputational damage to the brand and Company.Our Security Testing services address the numerous mission-critical information securitychallenges faced by Clients throughout the world. It’s important that key business owners anddecision makers understand their current risk profile and how it affects their business, and ableto make the correct and informed decisions to mitigate or accept risks associated with threats.We assist with the early identification of security threats through code reviews, functionalsecurity tests and vulnerability checks. For existing systems, we can provide independenttechnical design and implementation reviews, followed by a detailed testing cycle to ensure thesystem is secure when operational.Our experience enables us to ensure the systems and services you implement support thesecurity needs of your business in a comprehensive and robust manner. Cyber 51 Ltd. | www.cyber51.co.uk | info@cyber51.co.uk
  2. 2. Why Penetration Tests are Important to Network Security?This is a testing procedure that is performed to test the perimeters of a network for securitybreaches and vulnerabilities. The testing services we perform is presented as Ethical Hacking.Any vulnerabilities identified allows the Business to remediate any issues and understand theirSecurity posture and Risk profile, and to allow businesses to identify it helps the organization todefend itself against further attacks.Why Penetration Testing is ImportantPenetration takes network security to the next level by exploring the network for vulnerabilitiesand threats. Simply deploying a firewall, vulnerability scanner, and an antivirus program are notenough to protect the system against an attack.Without a comprehensive Security Testing, sensitive data and information can be prone todisclosure.How Penetration Testing WorksOur Security Testing works on the premise that hackers have better and more informedknowledge of network vulnerabilities and issues than the businesses trying to protect againstthem and always try to stay one step ahead of network and security professionals. We employthe same techniques and tests that Hackers use to breach security.The penetration test involves two main stages  Locating any potential vulnerabilities  Attempting to exploit any found vulnerabilities.Our security professionals have the same knowledge that Hackers use to perform Networkbreaches. The significant difference is that the testing is performed in an ethical mannerPenetration Test ResultsWhen the testing is complete, our Consultants prepare a comprehensive report for the businessfor both Management and Technical audiences. Cyber 51 Ltd. | www.cyber51.co.uk | info@cyber51.co.uk
  3. 3. Why Web Application Penetration Tests are Important to NetworkSecurity?Web applications have become increasingly vulnerable to different forms of hacker attacks.According to Gartner, 75% of attacks today occur at the application level. A Forrester surveystates “people are now attacking through web applications, because it’s easier than through thenetwork layer.”Despite common use of defences such as firewalls and intrusion detection or prevention systems,Hackers can access information and data, shutdown websites and servers, defraud businesses, inmany cases, not even detected.Why Web Application Penetration Testing is ImportantClients benefit from testing the application as it gives an in-depth analysis of your currentsecurity posture, recommendations for reducing exposure to currently identified vulnerabilitiesare highlighted and it allows the customer to make more informed decisions, enabling goodmanagement of the risk profile.How Web Application Penetration Testing WorksWeb Application Penetration Testing is a comprehensive security risk assessment solution usedto identify, analyse and report vulnerabilities in a given application or serviceAs part of the web application penetration test, the security team will attempt to identify bothinherent and potential security risks that might work as entry points for any Hacker.The vulnerabilities could be present in a web application due to inadvertent flaws left behindduring development, security issues in the underlying environment and misconfigurations in oneor more components (for example IIS configuration, Operating Systems etc)When conducting Web Application Penetration Testing, our Consultants adopt a strongtechnology and process-based approach supported by a well-documented methodology toidentify potential security flaws in the application and underlying environment.Adherence to industry standards such as OWASP, customized tests based on technology andbusiness logic, skilled and certified Security engineers, risk assessment on the vulnerabilitiesfound, scoring system based on CVSS (Common Vulnerability Scoring System) differentiate usfrom our competitors.Web Application Penetration Test ResultsThe security assessment report submitted on completion of the test will provide a detailed andprioritised mitigation plan to assist Clients in addressing security issues in a structured manner. Cyber 51 Ltd. | www.cyber51.co.uk | info@cyber51.co.uk
  4. 4. Network Penetration Testing - MethodologyFootprinting / Network MappingThe process of footprinting is a completely non‐intrusive activity performed in order to get themaximum possible information available about the target organization and its systems usingvarious means, both technical as well as non‐technical. This involves researching the Internet,querying various public repositories (whois databases, domain registrars, Usenet groups, mailinglists, etc.).Also, our Security Testing Consultants will look to obtain as much detail as possible of the currenttopology and network profile. This can consist of information around IP addressing, gatheringpublic domain information about the business, Ping sweeps, port scanning etc.This information is then compiled and subsequently analysed for further areas of investigation.Information GatheringExpected results  Domain names  Server names  IP address information  Network Topology  ISP details  General Internet presence  Company ProfileTasks involved  Examine and gather information about domain registries.  Find IP addresses blocks  Names and locations of DNS servers  Use of multiple traces in order to identify systems and devices between.  Identify email addresses related to the company or business  Identify newsgroups, Forums and boards where information related to the company or business is located.  Examine web pages and scripts source codes  Examine email headers Cyber 51 Ltd. | www.cyber51.co.uk | info@cyber51.co.uk
  5. 5. Scanning and EnumerationThis phase will comprise of identifying live systems, open and filtered ports, any services runningon these ports, mapping router and firewall rules, identifying any operating system information,network path discovery, and so on. This phase is particularly involved and there is a substantialamount of active probing of the target systems.After successfully identifying the open ports, services behind them will be fingerprinted, eithermanually or by using readily available tools.Expected Results  Ports open, closed and filtered  IP addresses of production systems  IP addresses of Internal networks  Asset Services  Mapping of the Network  Discover any tunnelled and encapsulated protocols  List supported routing protocols  Application type and patch level  Type of operating systemsTasks  Collection of responses from network  Test TTL and fire walking  Use ICMP and reverse lookup to determine the existence of machines on network  Use TCP fragments with FIN, NULL and XMAS on ports 21, 22,25,80 and 443 of the hosts found on the network  Use TCP SYN on ports 21, 22, 25.80 and 443 of the hosts found on the network.  Attempt connections on DNS servers  Use TCP SYN (half open) to list ports that are closed or open filtered all hosts on the network found  Use TCP fragments to ports and services available in the host  Use UDP packets to list all open ports found on the network host  Identification of standard protocols  Identification of non-standard protocols  Identification of encrypted protocols  Identify date, time and System Up-Time  Identify the predictability of TCP sequence numbers  Identify the predictability of TCP sequence number ISNService identificationExpected Results  Type of services  Application version and type that offers the service  Tasks  Match each open port with its corresponding service  Identify the Server Up-Time and patches applied  Identify the application that provides the service through the use of fingerprinting and banners  Identify the version of the application  Use UDP based services and Trojans attempt to make connections to the services found Cyber 51 Ltd. | www.cyber51.co.uk | info@cyber51.co.uk
  6. 6. System IdentificationExpected Results  Type of operating system  Patch Levels  Type of system  Enumeration SystemTasks  Examine system responses to determine your operating system  Check the prediction of TCP sequence numbers  Vulnerability AnalysisAfter successfully identifying the target systems and gathering the required details from theabove phases, our Consultant will then attempt to find any possible vulnerabilities existing ineach target system.During this phase our Consultants will use automated and manual tools to scan the targetsystems for known vulnerabilities. These tools are a comprised toolset of both purchasedindustry standard tools, as well as tools freely available. Our Consultant will also test the systemsby supplying invalid inputs, random strings and other information in order to check for anyerrors or unintended behaviours in the system output. This is in the attempt to discover anyunidentified vulnerabilities.Vulnerability TestingExpected Results  Type of applications and services listed by vulnerability  Patch Level of systems and applications  List of vulnerabilities that can cause denial of service  List of areas secured by obscurityTasks  Integrate the most popular scanners, hacking tools and exploits in this test  Measure the goal with these tools  Identification of vulnerabilities in the target systems and application type  Perform redundant testing with at least two scanners as well as manual tasks  Identify the vulnerabilities of the operating system  Identify application vulnerabilities Cyber 51 Ltd. | www.cyber51.co.uk | info@cyber51.co.uk
  7. 7. ExploitationDuring this phase our Consultant will attempt to find exploits for the various vulnerabilitiesfound in the previous phase.On numerous occasions, successful exploitation of a vulnerability might not lead to root(administrative) access. In such a scenario additional tasks are undertaken and further analysisis performed to assess the risk that particular vulnerability may cause to the target system.Example attack scenarios in this phase include, but aren’t limited to;  Buffer overflows  Application or system configuration problems  Modems  Routing issues  DNS attacks  Address spoofing  Share access and exploitation of inherent system trust relationships.Potential vulnerabilities will be systematically tested for weakness and overall risk. The strengthof captured password files will be tested using password-cracking tools. Individual user accountpasswords may also be tested using dictionary-based, automated login scripts. In the event thatan account is compromised, we will attempt to elevate privileges to that of super user, root, oradministrator level.Our Security Consultants will maintain detailed records of all attempts to exploit vulnerabilitiesand activities conducted during the attack phase.ReportingThe report will be delivered for both Management and Technical audiences to properly convey atthe correct level any findings, risks and their priorities. The report will include Management andExecutive summaries with any recommendationsAlso detailed technical descriptions of the vulnerabilities and the recommendations to mitigatethem will be documented. All the security holes found and exploited will be accompanied withproper evidence by means of screenshots and information of the successful exploits. Cyber 51 Ltd. | www.cyber51.co.uk | info@cyber51.co.uk
  8. 8. Web Application Penetration Test - MethodologyConfiguration Management AnalysisThe infrastructure used by the Web Application will be evaluated from a security perspective.This will comprise of some general testing;  TLS and SSL tests.  Security Testing over the listener of management system databases.  Testing the configuration of the infrastructure and its relationship with the Web application, vulnerability analysis, analysis of authentication mechanisms and identification of all the ports used by the Web application.  Testing the application settings, search through directories and regular files, comments from developers and the eventual acquisition and operational analysis of logs generated by the application.  Searching for old files, backups, logs of operations and other files used by the Web application.  Search and test management interfaces or web application related infrastructure.  Test various HTTP methods supported and the possibilities of XST (Cross-Site Tracing).Analysis of AuthenticationOur Consultants evaluate the various mechanisms and aspects of the web applicationauthentication, which will comprise of;  Credential management  Enumeration of users and user accounts easily identifiable.  Proof of identification credentials brute force, based on information found or inferred.  Testing the authentication mechanisms looking for evasion ability or technique  Logout mechanisms and weaknesses associated with the Internet browser cache.  Strength tests over captchas and any testing of multi-factor authentication.Session Management AnalysisOur Consultant will evaluate the different mechanisms and management aspects of webapplication sessions.  Session management schemes will be tested.  CSRF (Cross-Site Request Forgery).  Testing attributes Cookies.  Setting sessions.  Evidence of attributes exposed session and repetition.Analysis of AuthorisationOur Consultants evaluate the various mechanisms and aspects of web application authorisation,including the following tests;  Privilege escalation.  "Path Traversal".  Evidence of evasion of clearance mechanisms.  Testing the "business logic" of the Web application, avoiding, altering, or cheating their relationships within the application. Cyber 51 Ltd. | www.cyber51.co.uk | info@cyber51.co.uk
  9. 9. Data Validation AnalysisOur Consultant will evaluate the various repositories, access and protection mechanisms relatedto the validation of data used by the Web application.  Test various XSS (Cross Site Scripting) and "Cross Site Flashing."  SQL Injection tests.  LDAP injection tests.  Evidence of ORM injection.  XML Injection tests.  SSI injection testing.  Testing XPath Injection.  Injection Test IMAP / SMTP.  Evidence Code Injection.  Injection Test Operating System Commands.  Evidence of buffer overflow.  Evidence of Splitting / Smuggling of HTTP.  Evidence of evasion of clearance mechanisms.  Evidence of privilege escalation.Analysis of Web ServicesConsultants evaluate the web application services related to SOA (Service Oriented Architecture):  Security testing of WSDL.  Evidence of structural Security of XML.  Testing of security at XML content.  Test HTTP GET parameters / REST.  Tests with contaminated SOAP attachments.  Repeat testing of web services.  Testing AJAX Web application vulnerabilities regarding this technology.ReportingThe report will be delivered for both Management and Technical audiences to properly convey atthe correct level any findings, risks and their priorities. The report will include Management andExecutive summaries with any recommendationsAlso detailed technical descriptions of the vulnerabilities and the recommendations to mitigatethem will be documented. All the security holes found and exploited will be accompanied withproper evidence by means of screenshots and information of the successful exploits. Cyber 51 Ltd. | www.cyber51.co.uk | info@cyber51.co.uk