Uploaded byPRISMA CSI
Sızma Testi Metodolojileri
The document outlines various penetration testing methodologies, covering types of tests such as network, web application, mobile application, and physical penetration testing. It details methodologies based on standards like OWASP and OSSTMM, and describes the stages of penetration testing including pre-engagement interactions, intelligence gathering, and reporting. Additionally, it mentions specific vulnerabilities identified in the OWASP Top 10 lists for both web and mobile applications.
![[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух](https://cdn.slidesharecdn.com/ss_thumbnails/1-141207100815-conversion-gate01-thumbnail.jpg?width=640&height=640&fit=bounds)
![How To [relatively] Secure your Web Applications](https://cdn.slidesharecdn.com/ss_thumbnails/fgdhowtosecurewebapplications-180816015815-thumbnail.jpg?width=640&height=640&fit=bounds)
Sızma Testi Metodolojileri
- 1. www.prismacsi.com © All RightsReserved. 1111 Sızma Testi Metodolojileri Bu doküman, alıntı vererek kullanılabilir ya da paylaşılabilir ancak değiştirilemez ve ticari amaçla kullanılamaz. Detaylı bilgiye https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode.tr bağlantısından erişebilirsiniz.
- 2. www.prismacsi.com © All RightsReserved. 2 www.prismacsi.com © All Rights Reserved. 2 www.prismacsi.com © All Rights Reserved. 2 www.prismacsi.com © All Rights Reserved. 2 • Ağ Sızma Testi • Web Uygulama Sızma Testi • Mobil Uygulama Sızma Testi • SCADA Sızma Testi • Red Team Sızma Testi • Sosyal Mühendislik Testi • Servis Dışı Bırakma Testi • APT Saldırı Simülasyonu • Mail Gateway Güvenlik Testi • Fiziksel Sızma Testi • Yük & Stress Testi • BDDK Uyumlu Sızma Testi Sızma Testleri
- 3. www.prismacsi.com © All RightsReserved. 3 www.prismacsi.com © All Rights Reserved. 3 www.prismacsi.com © All Rights Reserved. 3 www.prismacsi.com © All Rights Reserved. 3 Sızma Testleri Metodolojileri • OWASP • Web Güvenliği Testleri • Mobil Uygulama Güvenliği Testleri • IoT Güvenlik Testleri • OSSTMM • Open Source Security Testing Methodology Manual • Pentest-Standard
- 4. www.prismacsi.com © All RightsReserved. 4 www.prismacsi.com © All Rights Reserved. 4 www.prismacsi.com © All Rights Reserved. 4 www.prismacsi.com © All Rights Reserved. 4 Sızma Testleri Metodolojileri • PTEST (Penetration Testing Execution Standard) • Pre-engagement Interactions • Intelligence Gathering • Threat Modeling • Vulnerability Analysis • Exploitation • Post Exploitation • Reporting
- 5. www.prismacsi.com © All RightsReserved. 5 www.prismacsi.com © All Rights Reserved. 5 www.prismacsi.com © All Rights Reserved. 5 www.prismacsi.com © All Rights Reserved. 5 Sızma Testleri Metodolojileri • OWASP – Web Application Penetration Testing
- 6. www.prismacsi.com © All RightsReserved. 6 www.prismacsi.com © All Rights Reserved. 6 www.prismacsi.com © All Rights Reserved. 6 www.prismacsi.com © All Rights Reserved. 6 Sızma Testleri Metodolojileri • OWASP Web Security TOP 10
- 7. www.prismacsi.com © All RightsReserved. 7 www.prismacsi.com © All Rights Reserved. 7 www.prismacsi.com © All Rights Reserved. 7 www.prismacsi.com © All Rights Reserved. 7 Sızma Testleri Metodolojileri • OWASP Mobile TOP 10 • M1: Improper Platform Usage • M2: Insecure Data Storage • M3: Insecure Communication • M4: Insecure Authentication • M5: Insufficient Cryptography • M6: Insecure Authorization • M7: Client Code Quality • M8: Code Tampering • M9: Reverse Engineering • M10: Extraneous Functionality
- 8. www.prismacsi.com © All RightsReserved. 8 www.prismacsi.com © All Rights Reserved. 8 www.prismacsi.com © All Rights Reserved. 8 www.prismacsi.com © All Rights Reserved. 8 Sızma Testleri Metodolojileri • OSSTMM - http://www.isecom.org/mirror/OSSTMM.3.pdf
- 9. www.prismacsi.com © All RightsReserved. 9 www.prismacsi.com © All Rights Reserved. 9 www.prismacsi.com © All Rights Reserved. 9 www.prismacsi.com © All Rights Reserved. 9 www.prismacsi.com info@prismacsi.com 0 850 303 85 35 /prismacsi İletişim