Understand the 360 Degrees of Penetration Testing: Why, When and How


Breaking down a company’s security protections required a lot of time and skills a long time ago. However, with today’s technological advances, finding an organization’s loopholes have become a piece of cake for the cybercriminals out there. Enterprise networks are facing non-stop attacks. Your business, institute or organization also can be a target of the cybercriminals in any minute. Ignoring these vulnerabilities can lead to system breaches, loss of personal customer data and affect the reputation of your business at the end of the day. Security and penetration testing is the only way to identify those exposures. So let’s give a break to your curiosity and start talking about “Penetration Testing”.

What is Penetration Testing?

Penetration testing is a common way for organizations to test their security maturity and identify potential vulnerabilities in a system (ex: application protocol interfaces (APIs), frontend/backend servers), network, or application. Poor architecture design, weak coding, wrong configuration, and other reasons may become the root cause for mentioned vulnerabilities. To uncover them, an ethical hacker would perform the penetration test. The ultimate objective of penetration testing is to recognize security weaknesses. Penetration testing can also be applied to test an organization's security policy, its bond to compliance requirements, its employees' security awareness and the organization's ability to address to security conflicts.

A penetration test aligns in 5 main stages and let’s explore those stages in detail.


1. Planning and reconnaissance

As the initiative of penetration testing this involves in defining the scope and goals of a test, including the systems to be addressed and the testing methods to be used and gathering intelligence (ex: network and domain names, mail server) for better understanding on how a target works and its potential vulnerabilities.

2. Scanning

This stage helps to understand how the target application will react to various intervention attempts and typically done using 2 analyses as Static and Dynamic. In Static analysis, it inspects an application’s code to estimate the way it behaves while running by scanning the entirety of the code in a single pass. Dynamic analysis, it investigates an application’s code in a running state. As it provides a real-time view into an application’s performance, it considers as a more practical way of scanning.

3. Gaining Access

Web application attacks (cross-site scripting, SQL injection and backdoors) are used to expose a target’s vulnerabilities at this stage. Testers then exploit these patches, typically by escalating privileges, stealing data, intercepting traffic, etc., to understand the damage that can cause.

4. Maintaining access

Under maintaining access, it checks if the vulnerability can be used to attain a persistent presence in the exploited system by imitating advanced persistent threats, which remain in a system for months to hack sensitive data of an organization.

5. Analysis

In this final stage, the results of the penetration test are compiled into a report detailing the specific vulnerabilities that were exploited, sensitive data that was accessed while highlighting what was used to successfully enter the system, what security weaknesses were identified, other pertinent information determined, and suggestions for remediation.

Why the Penetration Test is Important?

Nowadays an organization can’t keep isolated without having any online presence. More you expose your organization on the internet, more it becomes vulnerable. Pen testing is important to your organization due to the following reasons.

  • Helps to identify and prioritize security risks
  • Manages vulnerabilities intelligently
  • Leverage the proactive security approach
  • Verify existing security strategies are working and discover your security strength
  • Meeting compliance and regulatory requirements

Penetration testing methods

  • External testing

Targets the assets of an organisation that are exposed to the internet such as web applications, the company website, and email and domain name servers (DNS). Through this, it tries to gain access and extract sensitive data.

  • Internal testing

A tester with access to an application behind its firewall simulates an attack by a malicious member. This isn’t inevitably simulating a rogue employee (ex: an employee whose credentials were stolen by a phishing attack.)

  • Blind testing

A tester is given only the name of the target enterprise. This gives security employees a real-time investigation of how an actual application assault would take place.

  • Double-blind testing

In here, security personnel have no prior knowledge of the simulated attack. As in the real world, they have no time to reinforce their defences before an attempted breach.

  • Targeted testing

Both the tester and security personnel work collaboratively and keep each other apprised of their movements. It gives a security team with real-time feedback from a hacker’s point of view.

Apart from these testing methods, there are a couple of different penetration test types as well. Some of them are Web application tests, Network security tests, Cloud security tests, IoT security tests, Cryptocurrency tests and Social engineering.

Any Tools for Pen Testing?

There are many pen-testing tools on different penetration testing tasks. Following is a list of some of the best.

  • Powershell-Suite
  • Zmap
  • SimplyEmail
  • Wireshark
  • Hashcat
  • John the Ripper
  • Hydra
  • Metasploit

Cutting the Long Story Short

The use of penetration tests is inevitable for any organization with an online presence. It uncovers the critical security issues of your systems, how vulnerabilities are exploited and what requires to fix them. Only licensed ethical hackers may perform penetration tests.

 References

 

 

 

 

 

 

 

Comments

  1. Good read Ruvishka.
    I noticed your mention of many Pen testing tools in the article. what tools you would recommend as the best to use?

    ReplyDelete
    Replies
    1. The mentioned are some of the best tools Asenika. But FYI, those tools are used in different purposes like Exploitation and Collecting Info (Powershell-Suite, Zmap), Credentials and Wireless (Wireshark, Hashcat), Web Apps and Shells (Burp Suite, Metasploit), Vulnerabilities (NMAP/ZenMap, sqlmap), Reverse Engineering (Apktool, Resource Hacker), and other additional tools. To have a comprehensive understanding please refer this link. https://www.varonis.com/blog/penetration-testing-tools/#additional

      Delete
  2. Nice flow Ruvishka. Keep writing! Could you please tell me that, how often an organization should have pen tests?

    ReplyDelete
    Replies
    1. Thank you Suranga.
      As per my reading, it is recommended to conduct regularly scheduled penetration testing. Because it allows businesses to locate and mitigate security risks. To get the job done, an organization can get the service from a Red team. If I mention some occasions that are encouraged to conduct this test,
      1. Adding network infrastructure
      2. Applying security patches
      3. Performing upgrades to applications or other infrastructure
      4. Modifications to end-user policies
      5. Establishment of new office locations can be mentioned.

      Delete
    2. Don't you think for this pen testing blue team is the most suitable team?

      Delete
    3. Hi Rajitha,
      I guess you are saying that considering on giving access to an external party. Well, in my opinion, blue teams are for defensive task on behalf of the organization. They are for building up an organization’s protective measures, and taking action when needed. As per my knowledge, these blue teams are attacking the systems with a prenotice. So, the organization already knows when the attack will happen and they have plenty of time to get prepared for that. Red teams are on the offensive side. Their job is to identify and assessing vulnerabilities, test assumptions, view alternate options for attack, and reveal the limitations and security risks for that organization. And they do these attack without any prenotice. So it is almost like a real attack which helps to identify the security vulnerabilities. If an organization can have the service of both of these teams, that's good. But, as I think Red teams would be more effective. If you are interested more I would suggest you this article. In there you will find another team called "Purple Team". Just have a look :)
      https://www.coresecurity.com/blog/whats-your-defense-strategy-best-practices-red-teams-blue-teams-purple-teams

      Delete
  3. How the penetration testing differs from the vulnerability scanning?

    ReplyDelete
    Replies
    1. If I briefly explain you, a penetration test is a detailed hands-on examination by a real person that tries to detect and exploit weaknesses in your system. A vulnerability scan is an automated, high-level test that looks for and reports potential vulnerabilities. Vulnerability scans can make on scheduling (quarterly (PCI)) or on-demand service unlike pen testing. When comparing the costs. vulnerability scans are relatively low cost but again it depends on the scope, scans. In a vulnerability scan you will receive a comprehensive report and it's a level of risk and potential exposure by ranking vulnerabilities high, medium or low reporting with a pen test.

      Delete
  4. Nicely written. Just to know. Is pen testing expensive?

    ReplyDelete
    Replies
    1. Thank you Kawee! A high-quality, professional pen test would cost between $15,000-$30,000. But it depends on the requirement of the client. More the variable, more the cost is. Some of the common variables that consider while doing a pen testing are Complexity, methodology, experience, onsite and remediation.

      Delete
  5. You have nicely covered many aspects of penetration testing. Btw, is penetration testing done manually or can it be automated as well? Also, are there any drawbacks in this?

    ReplyDelete
    Replies
    1. Thanks Dulanga! Pen tests can be conducted in both manually and automatically. If you are following the automated path, you can use the mentioned tools in this article. Let me suggest you an article for further reading. It may help to have a comprehensive answer.
      https://www.tutorialspoint.com/penetration_testing/penetration_testing_manual_automated.htm#:~:text=Both%20manual%20penetration%20testing%20and,the%20way%20they%20are%20conducted.
      To answer your question, "are there any drawbacks in this?", yes, there are drawbacks as well as the pros in this testing. If I list them down for you,

      1. Tests that are not done properly can crash servers, expose sensitive data, corrupt crucial production data, or cause a host of other adverse effects associated with mimicking a criminal hack.

      2. You should trust the penetration tester.

      3. If you don’t employ realistic test conditions, the results will be misleading.

      4. It takes a pen tester more time to inspect a given system to identify to attack vectors than doing a vulnerability assessment being the test scope is greater.

      Delete
  6. Hi Ruvishka. Thankyou for the very informative article. Just a little clarification, so is a pen test a sort of a simulated cyber attack and does it only target web applications of an organization?

    ReplyDelete
    Replies
    1. You are most welcome! Yes, you may call it in that way. It is a simulated cyber attack against your computer system to check for exploitable vulnerabilities. The only difference is we know that this kind of attack would happen in any minute. Pen testing is not limited only to the web applications. As I mentioned pen testing can be used on network security, cloud security, IoT security, cryptocurrency and social engineering as well.

      Delete
  7. Good article Ruvishka. Small clarification, "what do you mean by licensed ethical hackers"?

    ReplyDelete
    Replies
    1. Hi Prabod. Certified Ethical Hacker (CEH) or a licensed ethical hacker is a professional designation to describe hackers that perform legitimate services for organizations and IT companies. A certified ethical hacker is a skilled individual who uses the same knowledge and tools as a malicious hacker, but who does so in a lawful and legitimate manner to assess the security risks of a network or system. There are may ethical hacking certifications which can help in there like, Certified Ethical Hacking Certification, GIAC Penetration Tester, Offensive Security Certified Professional and many more. Please follow the link if you are interested in more details on those exams.
      https://www.prepaway.com/certification/7-ethical-hacking-certifications-for-your-it-career/

      Delete

Post a Comment

Popular posts from this blog

Why an Effective Security Operations Center (SOC) is Essential for Your Organization?

Are You a Victim of a Ransomware Attack?

Let’s Mitigate the Cyber Treats in Video Surveillance