Ethical Hacking - Overview
Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit.
Penetration testing is a type of security testing that is used to test the insecurity of an application. It is conducted to find the security risk which might be present in the system. If a system is not secured, then any attacker can disrupt or take authorized access to that system. Security risk is normally an accidental error that occurs while developing and implementing the software. For example, configuration errors, design errors, and software bugs, etc
To uncover the vulnerabilities which can be found in type or kind of Web Application, there are three types of Pen Testing which can be used, which are as follows:
Black Box Testing
White Box Testing
Gray Box Testing.
Black Box Testing
In a real world Cyber-attack, the hacker probably will not know all of the ins and outs of the IT infrastructure of a corporation. Because of this, he or she will launch an all-out, brute force attack against the IT infrastructure, in the hopes of trying to find a vulnerability or weakness on which they latch onto.
In other words, in this type of Pen Test, there is no information given to the tester about the internal workings of the particular Web Application, nor about its source code or software architecture. As a result, this particular type of test can take a very long time to complete, so very often, the tester will rely upon the use of automated processes to completely uncover the weaknesses and vulnerabilities. This type of test is also referred to as the “trial and error” approach.
White Box Testing
In this type of Pen test, also known as “Clear Box Testing,” the tester has full knowledge and access to both the source code and software architecture of the Web Application. Because of this, a White Box Test can be accomplished in a much quicker time frame when compared to a Black Box Test. The other advantage of this is that a much more thorough Pen Test can be completed.
But, this approach also has its set of disadvantages. First, since a tester has complete knowledge, it could take more time to decide on what to focus specifically on regarding system and component testing and analysis. Second, to conduct this type of test, more sophisticated tools are required such as that of software code analyzers and debuggers.
Gray Box Testing
As the name implies, this type of test is a combination of both the Black Box and the White Box Test. In other words, the penetration tester only has a partial knowledge of the internal workings of the Web Applications. This is often restricted to just getting access to the software code and system architecture diagrams.
With the Gray Box Test, both manual and automated testing processes can be utilized. Because of this approach, a pen tester can focus their main efforts focus on those areas of the Web Application, which he or she knows the most about, and from there, and from there, exploit any weaknesses or vulnerabilities. With this particular method, there is a higher probability that more hard to find “security holes” will also be discovered as well.
The Penetration Testing Teams
Very often, when it comes, Pen Testing, the image of just one person doing the test is conjured up. But keep in mind, the best types of Pen Testing come into play when multiple testers are utilized and are broken down into three teams, which are as follows:
The Red Team
The Blue Team
The Purple Team.
The Red Team
The Red Team can be considered as those individuals who are the actual Pen Testers. Their primary goal and objective are to mimic or emulate the mindset of an attacker, trying to break down through all of the weaknesses and vulnerabilities which are present. In other words, it is the Red Team which attacks all fronts possible.
The Blue Team
The Blue Team can be considered that personnel from within the infrastructure of the business itself. This can be the IT Security team, and their primary goal and objective are to thwart off and defend against any attacks from the Red Team. It is important that anybody participating on the Blue Team must possess the mindset of constant proactiveness and vigilance to defend the corporation against any and all attacks.
If you think about it, both the Red Team and Blue Team can be viewed as the two sides of a particular coin, or the Ying and the Yang. The summation goal of these two teams is great to enhance the security posture of the corporation on a constant basis, by sharing feedback with another. However, this does not always happen. Thus there is the need for the Purple Team.
The Purple Team
The Purple Team can be viewed as the composite of both the Red Team and the Blue Team. In other words, the Purple Team adopts the security controls and tactics from the Blue Team, as well as the security weaknesses and vulnerabilities which are discovered by the Red Team. This is then all translated into a one, single narrative which can be shared across all of the teams fully to implement a policy of continuous and constant security improvements for the corpora
In other words, the Purple Team can be viewed as literally the “bridge” between the Red Team and the Blue Team, to help instill a sense of continuous integration amongst the two. To fully ensure that the Purple Team is providing the most robust lines of communication and information, it should remain as a separate entity and neutral of all views and circumstances, so there is no bias.
The Types of Penetration Tests
Now that the teams have been divided and their roles and responsibilities clearly defined, there are some different types of Pen Testing which can be engaged. These are as follows:
In the word of Pen Testing, this is viewed as the most common and most in demand test to conduct for a client. This type of test involves finding security weaknesses and vulnerabilities in the network infrastructure of a corporation. This test can be done locally at the place of business, or even be done remotely. It is highly recommended that both approaches be utilized, to glean the most information possible. This type of test involves examining the following:
Firewall configuration testing
Stateful analysis testing
Firewall bypass testing
DNS attacks which include:
*Zone transfer testing;
*Any types or kinds of switching or routing issues;
*Any other required network testing.
Some of the most common software packages which are examined in this test include:
Secure Shell (SSH)
Simple Mail Transfer Protocol (SMTP)
File Transfer Protocol
Microsoft Outlook login pages.
It is important to note that Network Service testing is not considered to be a deep kind of testing. This is left to the Web Application Test.
This can be viewed specifically as a “deeper dive” of the test, in that it is much more thorough and detailed. With this test, any security vulnerabilities or weaknesses are discovered in Web-based applications. Such components as ActiveX, Silverlight, and Java Applets, and APIs are all examined. This type of test is considered to be much more complex, and as a result, a large amount of time is needed to correctly and thoroughly test the Web application in question.
This type of test designed to find any types or kinds of security vulnerabilities on software which can be exploited very easily on a client computer, such as an employee workstation. Examples of this include Web browsers (such as that of Internet Explorer, Google Chrome, Mozilla Firefox, Safari), content creation software packages (such as MadCap Flare or Adobe Framemaker and Adobe RoboHelp), media players, etc.
As the name implies, this test involves examining all of the wireless devices which are used in a corporation. This includes such items as tablets, notebooks, smartphones, etc. The following are also tested to find any security holes:
Wireless protocols (to determine which ones are deemed to be “weak” in nature)
Wireless access points (to determine which ones are “rogue”)
In most cases, a Wireless test is conducted at the client site, because the Pen Testing equipment has to be in reasonably close proximity to the wireless network signals.
This type of test involves attempting to get confidential or proprietary information by purposely tricking an employee of the corporation to reveal such items. There are two types of subtests which can be carried out with Social Engineering:
Remote testing: This involvstyle=es tricking an employee to reveal sensitive information via an electronic means. This is often conducted with creating and launching a Phishing E-mail Campaign.
Physical testing: This involves the use of a physical means or presence to garner sensitive information. This includes Dumpster Diving, Impersonation, threatening and/or convincing phone calls, etc.
Penetration Testing Method
Penetration testing is a combination of techniques that considers various issues of the systems and tests, analyzes, and gives solutions. It is based on a structured procedure that performs penetration testing step-by-step. This chapter describes various steps or phases of penetration testing method.
Steps of Penetration Testing Method