Penetration Testing
A penetration test, also known as a pen test, is a simulated cyber attack against your computer system to check for exploitable vulnerabilities. In the context of web application security, penetration testing is commonly used to augment a web application firewall (WAF).
Note - Insights provided by the penetration test can be used to fine-tune your WAF security policies and patch detected vulnerabilities.
Penetration Testing Stages
The penetration testing process has five stages as -
Penetration Testing Methods
1. External testing
External penetration tests target the assets of a company that is visible on the internet, e.g. the web application itself, the company website, and email and domain name servers (DNS). The goal is to gain access and extract valuable data.2. Internal testing
In an internal test, a tester with access to an application behind its firewall simulates an attack by a malicious insider. This isn’t necessarily simulating a rogue employee. A common starting scenario can be an employee whose credentials were stolen due to a phishing attack.3. Blind testing
In a blind test, a tester is only given the name of the enterprise that’s being targeted. This gives security personnel a real-time look into how an actual application assault would take place.4. Double-blind testing
In a double-blind test, security personnel has no prior knowledge of the simulated attack. As in the real world, they won’t have any time to shore up their defenses before an attempted breach.5. Targeted testing
In this scenario, both the tester and security personnel work together and keep each other appraised of their movements. This is a valuable training exercise that provides a security team with real-time feedback from a hacker’s point of view.What is Penetration Testing Tools?
The following table collects some of the most significant penetration tools and illustrates their features −| Tool Name | Purpose | Portability | Expected Cost | |
|---|---|---|---|---|
| Hping | Port Scanning Remote OC fingerprinting |
Linux, NetBSD, FreeBSD, OpenBSD, |
Free | |
| Nmap | Network Scanning Port Scanning OS Detection |
Linux, Windows, FreeBSD, OS X, HP-UX, NetBSD, Sun, OpenBSD, Solaris, IRIX, Mac, etc. | Free | |
| SuperScan | Runs queries including ping, whois, hostname lookups, etc. Detects open UDP/TCP ports and determines which services are running on those ports. |
Windows 2000/XP/Vista/7 | Free | |
| p0f | Os fingerprinting Firewall detection |
Linux, FreeBSD, NetBSD, OpenBSD, Mac OS X, Solaris, Windows, and AIX | Free | |
| Xprobe | Remote active OS fingerprinting Port Scanning TCP fingerprinting |
Linux | Free | |
| Httprint | Web server fingerprinting SSL detection Detect web-enabled devices (e.g., wireless access points, switches, modems, routers) |
Linux, Mac OS X, FreeBSD, Win32 (command line & GUI | Free | |
| Nessus | Detect vulnerabilities that allow the remote cracker to control/access sensitive data | Mac OS X, Linux, FreeBSD, Apple, Oracle Solaris, Windows | Free to limited | |
| GFI LANguard | Detect network vulnerabilities | Windows Server 2003/2008, Windows 7 Ultimate/ Vista, Windows 2000 Professional, Business/XP, Sever 2000/2003/2008 | Only Trial | |
| Iss Scanner | Detect network vulnerabilities | Windows 2000 Professional with SP4, Windows Server 2003 Standard with SO1, Windows XP Professional with SP1a | Only Trial | |
| Shadow Security Scanner | Detect network vulnerabilities, audit proxy and LDAP servers | Windows but scan servers built on any platform | Only Trial | |
| Metasploit Framework | Develop and execute exploit code against a remote target Test vulnerability of computer systems |
All versions of Unix and Windows | Free | |
| Brutus | Telnet, FTP, and HTTP password cracker | Windows 9x/NT/2000 | Free |
No comments:
Post a Comment