Penetration Testing

Penetration test (Pen Test / Pen Testing) refers to processes, tools, and services designed and implemented for the purpose of simulating attacks and data breaches, and finding security vulnerabilities

Pentest can be run for a Computer System, an Entire Network, or a Web Application.

It is an authorized attack.  Penetration testers use the same tools, techniques, and processes as attackers to find and demonstrate the business impacts of weaknesses in a system

Cyber-security expert attempts to find and exploit vulnerabilities. The purpose of this simulated attack is to identify any weak spots in a system’s defenses which attackers could take advantage of.

Penetration Testing Process

Penetration testing involves the following five stages:

  1. Reconnaissance (Planning) : First step is defining the aim and scope of a test. To better understand the target, you should collect intelligence about how it functions and any possible weaknesses
  2. Scanning (Scan) – Static / Dynamic analysis to scan the network which provides information on how Application responds to various threats
  3. Vulnerability Assessment (Gain Access) – Locate vulnerabilities in the target application using penetration testing strategies such as cross-site scripting , SQL injection, etc.
  4. Exploitation (Maintain Access) – Check the ability of a cybercriminal to maintain a persistent presence through an exploited vulnerability or to gain deeper access
  5. Reporting (Analyze) – Assess the outcome of the penetration test with a report detailing the exploited vulnerabilities, the sensitive data accessed, and how long it took the system to respond to the pentester’s infiltration

Penetration Testing Types

Types of cyber security pen tests available, as engagements vary in focus, depth and duration. Common ethical hacking engagements include:

  1. Internal & External Network Penetration Testing , Network Services Penetration Testing
  2. Web Application Penetration Testing
  3. Mobile Application Penetration Testing
  4. Social Engineering Penetration Testing
  5. Client Side Penetration Testing
  6. Wireless Penetration Testing
  7. Cloud Penetration Testing
  8. Client Side Penetration Testing
  9. Build and Configuration Review
  10. Agile Penetration Testing

1. Internal & External Network Penetration Testing , Network Services Penetration Testing

The term network services testing, also known as infrastructure testing, refers to a type of pentest performed for the purpose of protecting the organization from common network attacks.

The goal of a network services pentest is to discover the most exposed security weaknesses and vulnerabilities in the network—before attackers can exploit these blindspots.

An assessment of on-premise and cloud network infrastructure, including firewalls, system hosts / workstation and devices such as routers , switches and printers.

Ideally, a network services test can help you protect against common network attacks, such as firewall misconfiguration, router attacks, switching or routing-based attacks, database attacks, man in the middle (MITM) attacks, proxy server attacks, and more.

Can be framed as either an internal penetration test, focusing on assets inside the corporate network, or an external penetration test, targeting internet-facing infrastructure. To scope a test, you will need to know the number of internal and external IPs to be tested, network subnet size and number of sites.

Since mission-critical systems rely on the health of the network for continuous availability, organizations should perform external and internal network services pentesting on an annual basis, at least.

2. Web Application Testing

The purpose of a web application pentest is to identify security weaknesses or vulnerabilities in web applications and their components, including the source code, the database, and any relevant backend network

An assessment of websites and custom applications delivered over the web, looking to uncover coding, design and development flaws that could be maliciously exploited. It is important to ascertain the number of apps that need testing, as well as the number of static pages, dynamic pages and input fields to be assessed.

3. Mobile Application Testing

A mobile application pentest attempts to discover vulnerabilities in mobile applications. This test does not include servers and mobile APIs

Mobile application penetration testing usually involves the use of the two following test:

  • Static analysis—involves extracting elements like source code and metadata, for the purpose of performing reverse engineering.
  • Dynamic analysis—involves looking for vulnerabilities during runtime. The tester, for example, may try to extract data from the RAM or bypass controls.

The testing of mobile applications on operating systems including Android and iOS to identify authentication, authorization, data leakage and session handling issues. To scope a test, Pen tester will need to know the operating system types and versions they’d like an app to be tested on, number of API calls and requirements for jailbreaking and root detection.

4. Social Engineering

A social engineering attack targets employees of the company or parties with access to company assets, trying to persuade, trick, or blackmail them into disclosing information and credentials.

A social engineering pentest tries to determine how the organization copes during a social engineering attack. In the end of this test, the organization is provided with information that can help create or improve a social engineering awareness program and related security protocols. An assessment of the ability of your systems and personnel to detect and respond to email phishing attacks. Gain precise insight into the potential risks through customized phishing, spear phishing and Business Email Compromise (BEC) attacks

5. Client Side Penetration Testing

A client-side pentest is performed for the purpose of detecting software vulnerabilities that can be easily exploited on a client device like workstations and web browsers. A client-side pentest can typically identify specific attacks. For example, cross-site scripting (XSS) attacks, form hijacking, HTML injections, clickjacking attacks, and malware infections.

6. Wireless Penetration Testing

A test that specifically targets an organization’s WLAN (wireless local area network), as well as wireless protocols including Bluetooth, ZigBee and Z-Wave. Helps to identify rogue access points, weaknesses in encryption and WPA vulnerabilities. To scope an engagement, testers will need to know the number of wireless and guest networks, locations and unique SSIDs to be assessed.

7. Cloud Penetration Testing

Custom cloud security assessments to help your organization overcome shared responsibility challenges by uncovering and addressing vulnerabilities across cloud and hybrid environments that could leave critical assets exposed

8. Client Side Penetration Testing

A client-side pentest is performed for the purpose of detecting software vulnerabilities that can be easily exploited on a client device like workstations and web browsers. A client-side pentest can typically identify specific attacks. For example, cross-site scripting (XSS) attacks, form hijacking, HTML injections, clickjacking attacks, and malware infections

9. Build and Configuration Review

Review of network builds and configurations to identify misconfigurations across web and app servers, routers and firewalls. The number of builds, operating systems and application servers to be reviewed during testing is crucial information to help scope this type of engagement.

10. Agile Penetration Testing

Continuous, developer-centric security assessments designed to identify and remediate security vulnerabilities throughout the entire development cycle. This agile approach helps to ensure that every product release, whether it is a minor bug fix or a major feature, has been vetted from a security perspective