Penetration Testing Overview

Questions and Answers

What is another name for a penetration test?

Pen test

In the context of web application security, what is penetration testing commonly used to enhance?

Web Application Firewall (WAF)

Which of the following are examples of application systems that may be targeted during a penetration test? (Select all that apply)

• Application Protocol Interfaces (APIs) (correct)
• Frontend/Backend Servers (correct)
• Hardware components
• Operating systems

What type of attack is often targeted by testers when examining non-archived inputs?

Code injection attacks

The insights from penetration tests can be used to identify and correct vulnerabilities that might exist in a WAF.

True (A)

What is the primary benefit of penetration tests for organizational security?

They help employees learn how to handle malicious breaks.

Penetration tests are only effective for organizations with large IT teams.

False (B)

What analogy is often used to describe penetration tests?

Fire drills

Penetration tests can only be used to detect attackers.

False (B)

What is the first phase involved in penetration testing?

Planning and research

What are the two key aspects addressed in the planning and research phase?

Scope and objectives, and testing methods

What is the primary goal of collecting intelligence in the planning and research phase?

To understand the target's workings and potential risks

What is a widely known tool used for active network reconnaissance in penetration testing?

Nmap

What is the purpose of the Scanning phase in penetration testing?

To understand the target's response to intervention attempts

What are the two types of analysis employed in the Scanning phase?

Static analysis and dynamic analysis

What is the main objective of the Getting Access phase in penetration testing?

To exploit target vulnerabilities and understand the potential damage

What is the primary objective of the Maintain Access phase?

To establish a persistent presence within the exploited system

What is the objective of the Analysis phase?

To compile test results into a report that outlines vulnerabilities

What is the main purpose of analyzing penetration test results?

To configure security solutions and prevent future attacks

Penetration testing techniques are only employed against web applications.

False (B)

The use of a web application firewall (WAF) eliminates the need for penetration testing.

False (B)

Penetration testing can only be performed by highly specialized individuals.

False (B)

Penetration testing is a one-time process that should be conducted only once.

False (B)

Penetration testing poses no risk to the target system.

False (B)

Penetration testing is a mandatory requirement for all organizations.

False (B)

Flashcards

What is penetration testing?

A simulated cyberattack on your computer system to find vulnerabilities.

What is web application penetration testing?

A type of penetration test that focuses on web applications.

What is a web application firewall (WAF)?

A network security device that helps protect web applications from attacks.

What is Nmap?

A tool used to scan networks for vulnerabilities.

What is Nikto?

A tool used to identify security vulnerabilities in web applications.

What is Metasploit?

A framework used to develop and execute exploits.

What is static analysis?

A technique used to analyze application code without running it.

What is dynamic analysis?

A technique used to analyze application code while it is running.

What is getting access in penetration testing?

A penetration testing technique that involves exploiting vulnerabilities to gain access to a system.

What is maintaining access in penetration testing?

A penetration testing technique that aims to maintain access to a system after exploiting a vulnerability.

What is analysis in penetration testing?

A penetration testing technique that involves analyzing the results of a test to identify vulnerabilities.

What are network scanning tools?

A collection of tools used to scan networks for vulnerabilities.

What is a web vulnerability scanner?

A tool used to scan web applications for vulnerabilities.

What are exploitation tools?

A collection of tools used to exploit vulnerabilities and gain access to systems.

What are maintaining access tools?

A collection of tools used to maintain access to a system after gaining access.

What is cross-site scripting (XSS)?

A type of attack that aims to inject malicious scripts into a website.

What is SQL injection?

A type of attack that aims to exploit vulnerabilities in databases.

What is a backdoor?

A type of attack that aims to provide unauthorized access to a system.

What is a botnet?

A type of malware that can be used to remotely control a computer.

What is a keylogger?

A type of malware that can be used to steal information from a computer.

What is a port scanner?

A tool used to scan for active network devices on a network.

What is a packet sniffer?

A tool used to capture and analyze network traffic.

What is a debugger?

A tool used to examine the behavior of an application while it's running.

What is a reporting tool?

A tool used to analyze the results of a penetration test.

What is a penetration testing toolkit?

A collection of tools used to perform penetration testing.

What is vulnerability assessment?

A process used to identify and assess the security of a system.

What is a security control?

A security measure designed to protect a system from unauthorized access.

What is a preventative control?

A type of security control that focuses on preventing unauthorized access to a system.

What is a detective control?

A type of security control that focuses on detecting unauthorized access to a system.

Study Notes

Penetration Testing Overview

• Penetration testing (pen test) is a simulated cyberattack to identify vulnerabilities in a computer system
• It's used in web application security to improve web application firewalls (WAFs)
• Pen tests can target various application aspects, including APIs, front-end/back-end servers, and code injection points
• Results help correct WAF security policies and pinpoint issues
• Pen tests are crucial for security training; they help staff handle malicious breaches
• They evaluate organizational security policies and provide a "fire drill" scenario
• Penetration tests also aid in removing attackers and preventing future attacks

Penetration Testing Phases and Tools

1. Planning and Research

• Defining test scope and objectives, including systems to evaluate and testing methods
• Information gathering (network, domain names, mail servers) to understand the target's infrastructure and potential risks
• Tools include Shodan, Google Search, Wireshark, Nmap, Nessus, OpenVAS, Nikto, Metasploit, and FindSubDomains.com

2. Scanning

• Understanding how the target application reacts to various intrusion attempts
• Employing static and dynamic analysis
• Static Analysis: Examines application code to analyze behavior. This is a one-time scan
• Dynamic Analysis: Scans running application code for a real-time performance view. This is a more practical and dynamic method
• Tools include Nexpose, Nessus, Nmap, Qualys, Nikto, Zenmap, and OpenVAS

3. Getting Access

• Exploiting web application vulnerabilities (e.g., cross-site scripting, MySQL injection, backdoors) to expose weaknesses
• Exploiting vulnerabilities to gain better insight into the potential impact
• Tools include Metasploit, Nmap, Wireshark, OpenVAS, IronWASP, Nikto, SQLMap, SQLNinja, Maltego, John the Ripper, Burp Suite, NetStumbler, Ettercap, and Canvas

4. Maintaining Access

• Evaluating the ability to sustain access to the exploited system
• Mimicking persistent threats to understand how long attackers could maintain presence inside the system and gather data.
• Tools include Malware, Backdoors, Trojans, Viruses, Worms, Keyloggers, Botnets, Remote Communications, and Command and Control

5. Analysis

• Compiling test results into a detailed report
• Identifying exploited weaknesses, sensitive data accessed, and the tester's level of system access in the report
• Security personnel analyze the results to configure WAF settings and other application security measures to reduce vulnerabilities for future prevention
• Tools for analysis include PeStudio, Process Hacker, Process Monitor (ProcMon), ProcDot, Autoruns, Fiddler, Wireshark, and x64dbg