Question

Plan your penetration testing processes for IMC and describe them in detail.

Answer 1

Penetration Teting:

It is also referred to as pen testing. It is a simulated cyber attack done on our systems to check for exploitable vulnerabilities. It is commonly used to augment a Web Application Firewall(WAF).

This helps to improve the WAF security policies and patch detected vulnerabilities.

Steps in penetration testing:

There are mainly 5 steps in pen testing. Lets see them in detail.

1) Planning and Reconnaissance:

• In this we define the scope and goals of a test, which include the system and the testing methods to be used.
• Gaining intelligence which include network and domain names to understand how a target works.

2) Scanning:

• In this step we will understand how the target application will respond to various intrusion attempts. This is done using Static Analysis and Dynamic Analysis.
• Static Analysis helps to estimate the way an application behaves while running.
• Dynamic Analysis is more practical way of scanning. It inspects an application code in a running state.

3) Gaining access:

• In this step some web application attacks such as SQL Injection, Cross-site scripting are simulated inorder to find the vulnerabilities of target application.
• Vulnerabilities are exploited by using some methods like intercepting traffic, stealing data and escalating privileges.

4) Maintaining access:

• In this stage, we will check whether vulnerability can be used to achieve a persistent presence in the exploited system.
• Main purpose is to imitate persistent threats which remain in the system for long period.

5) Analysis:

• At last we create a report detailing the results of penetration test which include,
• Vulnerabilities that were exploited
• Sensitive data accessed
• Time the pen tester remain in the system undetected
• By analysing these report necessary security actions are taken and vulnerabilities are avoided.

Penetration Testing Methods:

1) Blind Testing:

• In Blind testing, tester is only given the name of the enterprise that’s being targeted.
• This gives an idea about how an application assault would take place.

2) Double-Blind Testing:

• In this kind of testing, there is no prior knowledge of simulated attack. It would be similar to real time scenario where an attack happens suddenly.

3) External testing:

• It mainly targets the assets of company which are visible on the internet.
• It include Domain Name Server(DNS), website, email etc.

4) Internal Testing:

• In this type of testing, a tester with access to an application behind its firewall simulates an attack by a malicious insider.
• A malicious insider can be an employee whose credentials were stolen due to a phishing attack