The words you are searching are inside this book. To get more targeted content, please make full-text search by clicking here.
Discover the best professional documents and content resources in AnyFlip Document Base.
Published by Enhelion, 2020-01-09 08:35:09




Penetration Testing

What is Penetration Testing?

In simple terms Vulnerability assessment and penetration testing are two different and
complimentary proactive approaches to assess the security posture of an information system’s
network. The Vulnerability Assessment is performed to test the security posture of the
information system both internally and externally. Penetration tests provide evidence that
vulnerabilities do exist and due to them network penetrations are possible. They provide a
blueprint for remediation.

Pen tests can be performed manually, or they can be automated with software applications.
The process includes gathering information about the target before the test (reconnaissance),
identifying possible entry points, attempting to break in (either virtually or for real) and
reporting the findings.

The main aim of penetration testing is to determine security weaknesses. A pen test can also be
used to test an organization's security policy compliance, their employees' security awareness
and the organization's ability to identify and respond to security incidents.

Why do we need penetration testing?

With cyber-attacks on the rise, it is more important than ever before to undertake
regular vulnerability scans and penetration testing to identify vulnerabilities and ensure
regularly that the cyber controls are working.

A Senior Consultant explains : “Vulnerability scanning examines the exposed assets (network,
server, applications) for vulnerabilities – the down side of a vulnerability scan is that false
positives are frequently reported. False positives may be a sign that an existing control is not
fully effective, i.e. sanitizing of application input and output, especially on web applications.

Penetration testing looks at vulnerabilities and will try and exploit them. The testing is often
stopped when the objective is achieved, i.e. when an access to a network has been gained - this
means there can be other exploitable vulnerabilities not tested.”

Organizations should conduct regular testing of their systems for the following key reasons:

To determine the weakness in the infrastructure (hardware), application (software) and
personnel, in order to develop proper controls.
To ensure controls that been implemented and are effective. This provides assurance to
information security and senior management.
To test applications that are often the avenues of attack (Applications are built by
people who can make mistakes despite best practices in software development).
To discover new bugs in existing software (patches and updates can fix existing
vulnerabilities, but they can also introduce new vulnerabilities).

What are the benefits of a Pen-Test?

Avoid network downtime due to breach.
Discover methods that hackers use to compromise the network.
Enhancive effectiveness of an overall security life cycle.
Provide strong grounds to help determine appropriate security budgets.
Helps in business continuity.
Decreases the Possibility of real time attacks.
Preserve company reputation


1. Network Penetration Testing and Exploitation

Network testing is one of the most common methods of penetration testing. After the
penetration tester performs Intelligence gathering and threat modeling, the tester
completes a series of network tests. After a hacker gains access to the network, 90% of
the obstacles are removed for a threat actor.

A pentester can conduct an internal and external network exploitation. This allows them
to simulate a successful hack that has penetrated the external network defenses. This
gives them an opportunity to explore many aspects of the security posture of an

Network testing typically includes:

Bypassing Firewalls
Router testing
IPS/IDS evasion
DNS footprinting

Open port scanning and testing
SSH attacks
Proxy Servers
Network vulnerabilities
Application penetration testing

Application testing is another common type of pentest. For penetration testing
applications, the ethical hacker searches for vulnerabilities within all your server

Typical applications for exploit include:

Web Applications Languages

APIs Connections


-CRM systems
-Financial systems
-HR systems
Mobile applications

This testing goes even further than the typical network penetration test and
identifies vulnerabilities within these common business applications.

2. Website & Wireless Network Penetration Testing

With this penetration test, the devices and infrastructure within the wireless network
are tested for vulnerabilities.

The pen tester will commonly exploit these areas during a wireless network penetration

Wireless encryption protocols
Wireless network traffic
Unauthorized access points and hotspots

MAC address spoofing
Poorly used or default passwords
Cross-site scripting
SQL injections
Denial of Service (DoS) attacks
Web server misconfiguration
The website and/or web server for sensitive customer data
The web server(s) using malware to gain deeper access into your network

Poorly secured wireless networks are often used to hack into organizations. There are
numerous ways for a threat actor to use multiple vulnerabilities within your website and
wireless network to gain sensitive data.

3. Physical penetration testing

Physical security controls can be an open door for cybercriminals.

During a physical penetration test, the pen tester will attempt to gain access to the
facility through:

RFID & Door Entry Systems
Personnel or vendor impersonation
Motion sensors

Often, a physical penetration test is performed with some form of social engineering.
They may need to manipulate or deceive employees to obtain physical access to the
facility. This leads us to our next type of penetration test.

4. Social Engineering Tests

An organization’s security is only as strong as the weakest link in the chain. People make
mistakes and can be easily manipulated. The weakest link is often employees. Social
engineering is one of the most prevalent ways in which threat actors can infiltrate

The most common types of social engineering tactics used by ethical hackers are:

Phishing attacks
Imposters – fellow employees, external vendors or contractors

Dumpster Diving

A social engineering test is helpful for telling you about vulnerabilities in your human
capital. Also, social engineering is one of the most vital skills used by threat actors.
Manipulation, deception and influence are all common skills used by attackers to
persuade your employees into providing access to systems and data.

5. Client-Side Tests

The goal of these tests is to pinpoint security threats that emerge locally. For example,
there could be a flaw in a software application running on the user’s workstation which
a hacker can easily exploit.

These may be programs or applications like Putty, Git clients, Sniffers, browsers
(Chrome, Firefox, Safari, IE, Opera), and even presentation as well as content creation
packages like MS Power Point, Adobe Page Maker, Photoshop, and media players.

In addition to third-party software, threats could be home grown. Using uncertified
open source software to create or extend homemade applications could cause severe
threats that one can’t even anticipate. Hence, these locally developed tools should also
pass through the penetration test cycle.


1. Reconnaissance
2. Scanning
3. Exploiting
4. Covering tracks

1. Reconnaissance:

In the reconnaissance phase information is gathered about the target to gain
information about possible attack vectors. In general, this is Open Source

Intelligence gathering from public sources, which can range from passive to active

a. Active Method:

Active methods can include port scanning, banner grabbing and zone transfers.
There are many tools that can accomplish this, such as Nmap, as well as different
query methods to avoid detection by the host.

b. Passive Method:

Passive methods do not involve direct interaction with the target. They consist of
information gathered from third parties, such as WHOIS queries.

2. Scanning

Based on the data collected in the first step, the attacker will interact with the target
with an aim to identify the vulnerabilities. This aids a tester to launch attacks
using vulnerabilities in the system. This phase includes the use of tools such as port
scanners, vulnerability scanners, ping tools, and network mappers.

While testing web applications, scanning can be either dynamic or static.

In static scanning, the goal is to identify the vulnerable functions, libraries, and logic
implementation. Dynamic analysis is the more practical way of scanning compared
to static analysis. Here, the tester will pass various inputs to the application and
record the responses.

3. Exploitation

This is a crucial phase that must be performed with due diligence. In this step actual
damage is done. A penetration tester needs to have some special skills and
techniques to launch an attack on the target system. Using these techniques an
attacker will try to gain data, compromise the system, launch DoS attacks, and much

4. Covering Tracks

After the penetration test is complete, the final goal is to collect the evidence of the
exploited vulnerabilities. This step mostly considers all the steps discussed above
and an evaluation of the vulnerabilities present in the form of potential

risks. Sometimes, in this step pen-tester also provides some useful
recommendations to implement in order to improve security levels.
Now, this is the final and the most important step. In this phase, the results of the
penetration test are compiled into a detailed report. This report usually has the
following details:

Recommendations made in the previous phase
Vulnerabilities that were discovered and the risk levels they posses
Overall summary of the penetration test
Suggestions for future security
These phases may vary depending on the organization and the type of penetration
test being conducted.


How important is penetration testing? – Help Net Security
What is penetration Testing- Methodologies and Tools – Archana Choudary
The types of Pentests you must know about – Diego Rodriguez

Click to View FlipBook Version