Penetration
Teting:
It is also referred to as pen testing. It is a simulated cyber
attack done on our systems to check for exploitable
vulnerabilities. It is commonly used to augment a Web Application
Firewall(WAF).
This helps to improve the WAF security policies and patch
detected vulnerabilities.
Steps in penetration
testing:
There are mainly 5 steps in pen testing. Lets see them in
detail.
1) Planning and
Reconnaissance:
- In this we define the scope and goals of a test, which include
the system and the testing methods to be used.
- Gaining intelligence which include network and domain names to
understand how a target works.
2) Scanning:
- In this step we will understand how the target application will
respond to various intrusion attempts. This is done using Static
Analysis and Dynamic Analysis.
- Static Analysis helps to estimate the way an application
behaves while running.
- Dynamic Analysis is more practical way of scanning. It inspects
an application code in a running state.
3) Gaining
access:
- In this step some web application attacks such as SQL
Injection, Cross-site scripting are simulated inorder to find the
vulnerabilities of target application.
- Vulnerabilities are exploited by using some methods like
intercepting traffic, stealing data and escalating privileges.
4) Maintaining
access:
- In this stage, we will check whether vulnerability can be used
to achieve a persistent presence in the exploited system.
- Main purpose is to imitate persistent threats which remain in
the system for long period.
5) Analysis:
- At last we create a report detailing the results of penetration
test which include,
- Vulnerabilities that were exploited
- Sensitive data accessed
- Time the pen tester remain in the system undetected
- By analysing these report necessary security actions are taken
and vulnerabilities are avoided.
Penetration
Testing Methods:
1) Blind
Testing:
- In Blind testing, tester is only given the name of the
enterprise that’s being targeted.
- This gives an idea about how an application assault would take
place.
2) Double-Blind
Testing:
- In this kind of testing, there is no prior knowledge of
simulated attack. It would be similar to real time scenario where
an attack happens suddenly.
3) External
testing:
- It mainly targets the assets of company which are visible on
the internet.
- It include Domain Name Server(DNS), website, email etc.
4) Internal
Testing:
- In this type of testing, a tester with access to an application
behind its firewall simulates an attack by a malicious
insider.
- A malicious insider can be an employee whose credentials were
stolen due to a phishing attack