Pen Testing and It's Phases

By -
Cybersecurity audit and its type

1) Security Audit
2) Vulnerability Assessment
3) Penetration test

Let us understand above all terms  in the below section So first is

1) Security Audit:

Security audit is a manual or systematic assessment of any vulnerable system. It includes
  • Check all the configuration of the system and a network
  • Interview all the staff of the organization in which we are penetrating.
  • Review all the policies of the organization
  • Check if the operating system they are using and software they are using that are not outdated or they need any updation.
  • To get the best result we have to perform a security audit with admin privileges.

2) Vulnerability Assessment

Vulnerability assessment means to identify the vulnerability and the classifying then into a security loophole group.

An attacker can use the vulnerability to misuse the system by exploiting them and violate the security of the system.

Vulnerability means weakness of the system, or we can say a loophole in a system some of  the examples of vulnerabilities are given below

1. Vulnerability in the authentication process
2. Vulnerability in the authorization process
3. Vulnerability in input validation

and there are so many tools available for vulnerability assessment few of them are given below:

1.Nessus
2 Qualys
3.OpenVAS (open vulnerability Assessment tool){free and open-source }
4.Nexpose
5.Accuntix

What is Pen testing?

Pen testing means an attack on a system for finding a vulnerability and gaining access to a system. 

3) Penetration testing

Penetration testing also called pen testing, it is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit.

Penetration testing can be automated with software applications or performed manually. Either way, the process involves gathering information about the target before the test.

Identifying possible entry points, attempting to break the security -- either virtually or for real -- and reporting back the findings.

The main objective of penetration testing is to identify security weaknesses. Penetration testing can also be used to test an organization's security policy,

There are some approaches to the pen-testing they are listed below:

1. White Box Testing

In the white box, the testing attacker does have information about the tested machine.

To understand we took one exam if there is an organization who test our network then they give all the network-related information to the pen tester itself, they give some of the passwords of the host

So here is one advantage to the tester that he/she does not have to waste time to find out the initial information because they have it before testing starts.

Some of its advantages are that we can have enough time and if we need more time for a test we can extend the time of the test

Another advantage of white box testing is we can go deep down and test because we have all the assets which are required to test that hard, but at some point some people believe that it is not a realistic scenario.

2. Black Box Testing

This type of testing, the attacker does not contain any information about the target system or a victim machine.

In black-box testing, the attacker has to find all important information by itself.

Blackbox testing took so much of time because of that we can count it as a disadvantage of the black box  testing

While doing black-box testing some of the area of the testing object remain  without tests.

3. Gray Box Testing

Gray box testing is a mixer of white box testing and the black box testing.

This attacker has partial knowledge of the attacker machine.

With the help of this limited amount of information attacker attack the system and find vulnerability and exploit them.

Phases of penetration testing

The Penetration Testing Execution Standard (PTES) was created by some of the brightest minds and definitive experts in the penetration testing industry. It consists seven phases of penetration testing and can be used to perform an effective penetration test on any environment.

The seven stages of penetration testing that are detailed by this standard are

• Pre-engagement interactions
• Intelligence gathering
• Threat modeling and Vulnerability analysis
• Exploitation
• Post-exploitation
• Reporting
• Retesting

1) Pre-engagement interactions:

This pre-phase usually begins with defining the test’s scope.

In the client's scenario what they want to be tested and by what methods

They may, for example, to know what type of testing they need .as they want network wireless and wired test or they may only want social engineering tests. Once you understand that, you Get the scope targets from the client

Make sure you know which networks and addresses are in range and which are not means what type of networks and terminologies they used.

After you have worked out an acceptable scope and the engagement’s objectives in the contract, make sure both party’s legal counsel reviews it. It’s important! ,Make sure you are legally covered.
Once that’s complete, you are pretty much ready to head to phase 2.

2) Intelligence gathering

The idea of this phase is to gather as much info about the subject as possible as you can. It’s really important that you have a clear understanding of the client’s systems and operations before you begin exploiting. Some people call this phase “foot-printing”.

The information that you gather about your target will give you valuable insight into the types of security controls.

During intelligence gathering, you attempt to identify what protection mechanisms are in place at the target by slowly starting to probe its systems


3) Threat Modeling and Vulnerability Analysis
Once you have sufficient info about the client’s systems, you can start modeling the threats that the client would realistically face and identify vulnerabilities.

It’s kind of a pre-attack phase in which you get everything ready and All that data you gathered during reconnaissance will pay off

Here You have to use scanning tools or port scanners to find open ports, live hosts, etc. Or you may use a vulnerability scanner to find possible vulnerabilities on the network.

In short, You’re looking to get as many details about the systems as you can.

• Are the systems up?
• What OS are they?
• Is there any firewall?
• Is antivirus installed?
• Intrusion detection? Is it easily avoided?

4) The Exploitation Phase

The goal of this phase – you have to gain high administrator access as possible.

There may be other goals and a ton of damage can still be done even without admin rights.

Think about the company’s assets and how they may be used.

Things like employee info: Who works in what departments, employees role, Customer data can also    be a valuable target, costumer access any system in organization and how                                             costumer communicated with organization, Technical data that can be breach. Or Servers that could possibly be exploited.

Once you’ve fully exploited the information systems or your engagement time has run out, it’s time to go to the next phase.

5) The Post-exploitation Phase

After you have completely exploited the systems or reached the end of the testing time, you’ll have to document the methods that you used.

We keep a list of devices that we access and the associated vulnerabilities, ports, personnel, etc. As we work through exploitation, we keep notes and screenshots – especially of the attacks that worked.

The other big thing that needs to be done in this phase is clean up. Remove any scripts and files that you may have planted and used. If you changed settings on devices, revert them back to what they were. Remove any accounts that you may have created during your exploiting
 
6) The reporting phase

Reporting is probably the most important phase. Because here that you tell your client about their systems’ weaknesses and give them suggestions to resolve those weaknesses.

You should tell the client exactly what the exploits where that you used to compromise their systems as well as exactly what steps should be taken to remediate them.

To make things totally clear for the client, we can classify each exploit or weakness using a metric based on their risk level Low, moderate, high, or extreme

7) The Resolution & Re-testing Phase
Not all penetration testers do this phase. After a pen test when we’ve given the client our full findings and recommendations list, we usually give them a space of time to resolve the issues then, if they want, we’ll re-test the items they fixed and verify the vulnerability no longer exists.

Comments

  1. cybersecurity12/04/2022, 16:28

    For this website, you will see our account, remember to go through this info. application security services

    ReplyDelete

Post a Comment

Popular Posts

INFORMATION GATHERING WITH RECON-NG Part-1

By -
Image
INFORMATION GATHERING WITH RECON-NG Part-1 Recon-ng is a Web Reconnaissance tool written in Python for information gathering, which helps you to retrieve or gather various information from a domain or a company name like, you can gather detail information about contacts from particular website or company as well as information such as what are the subdomains, which are linked with any particular URL. This framework is built with several ‘module’ classes which enable users to reconnaissance easily and retrieve information by using command code in the terminal. Recon-ng tool also gives the functionality of generating report, regarding whatever things you have gathered. Recon-ng can generate reports in various formats such as html, csv and json etc. 1. Installation of Recon-ng You can simply run recon-ng command in terminal to start recon-ng.   If recon-ng is not installed in your computer then you can install it by using command apt-get update && apt-get ins...
Read more