Penetration Testing: Its Phases PDF
Document Details
Uploaded by FoolproofAmaranth575
Fazaia Inter College PAF Base Kohat
Tags
Summary
This document describes the five phases of penetration testing, from planning and research to analysis. It outlines the tools used at each stage and includes examples such as Nmap, Nessus, and Metasploit. The document covers the various methods and tools used for penetration testing, including static and dynamic analysis techniques. It also explains why penetration testing is crucial for organizations to secure their systems and protect sensitive data.
Full Transcript
# What is Penetration Testing? An intrusion or penetration test, also called a pen test, is a mock cyber-attack against your computer system to test exploit vulnerabilities. In the context of web application security, penetration testing is commonly used to enhance the web application firewall (WAF...
# What is Penetration Testing? An intrusion or penetration test, also called a pen test, is a mock cyber-attack against your computer system to test exploit vulnerabilities. In the context of web application security, penetration testing is commonly used to enhance the web application firewall (WAF). Pen testing may involve attempts to breach any type of application system, (e.g., application protocol interfaces (APIs), frontend/backend servers) to cover vulnerabilities, such as non-archived inputs that are vulnerable to code injection attacks. The insights provided by the penetration test can be used to correct your WAF security policies and to identify complications. # Why Penetration is Important? The main reason that penetration tests are important for the security of an organization is that they help employees learn how to handle any kind of malicious break. Pen tests serve as a way to test whether an organization's security policies are truly effective. They serve as a kind of fire drill for organizations. Penetration tests can also provide solutions that will help organizations not only prevent and detect attackers but also effectively remove such intruders from their systems. # 5 Phases of Penetration Testing with Tools ## 1. Planning and Research The first phase includes: * Explain the scope and objectives of the test, including the systems to be considered and the testing methods to be used. * Collecting intelligence (e.g., network and domain names, mail servers) to better understand how the target works and its potential risks. ### Tools Used for Planning and Reconnaissance * Shodan Search Engine * Google Search Engine * Wireshark * Nmap (probably the most well-known tool for active network reconnaissance) * Nessus (a commercial vulnerability scanner tool) * OpenVAS (a vulnerability scanner tool that was developed in response to the commercialization of Nessus) * Nikto (a web vulnerability scanner tool) * Metasploit * FindSubDomains.com ## 2. Scanning The next step is to understand how the target application will respond to the various intervention attempts. This is usually done using: ### Static Analysis Examining the application code to evaluate its behavior while running. These tools can scan the entire code in one go. ### Dynamic Analysis Inspecting application code while running. This is a more practical method of scanning, as it provides a real-time view of the performance of the application. ### Tools Used for Scanning Phase * Nexpose (network scanning tool) * Nessus * Nmap * Qualys * Nikto * Zenmap * OpenVAS ## 3. Getting Access This step uses web application attacks, such as cross-site scripting, MySQL injection and backdoor, to expose any target vulnerabilities. Testers then try to take advantage of these vulnerabilities, especially by increasing incentives, stealing data, blocking traffic, etc., in order to understand the damage they can cause. ### Tools Used for Getting Access * Metasploit * Nmap * Wireshark * OpenVAS * IronWASP * Nikto * SQLMap * SQLNinja * Maltego * John the Ripper * Burp Suite * NetStumbler * Ettercap * Canvas ## 4. Maintain Access The purpose of this phase is to see if the weakness can be used to gain a permanent presence in the exploited system long enough for a bad actor to gain access to depth. The idea is to mimic high level persistent threats, which often stay in the system for months to steal highly sensitive data from an organization. ### Maintaining Access Tools in Penetration Testing * Malware * Backdoors * Trojan Horse * Viruses * Worms * Keyloggers (one of the popular Maintaining Access tools) * Botnets (most used Maintaining Access tools) * Remote Communications * Command and Control ## 5. Analysis The penetration test results are then compiled into a report detailing: * Specific weaknesses that have been exploited. * Sensitive data accessed. * How much the tester was able to live in the system. This information is analyzed by security personnel to help configure an enterprise's WAF settings and other application security solutions to correct vulnerabilities and prevent future attacks. ### Tools Used for Analysis of Attack * PeStudio * Process Hacker * Process Monitor (ProcMon) * ProcDot * Autoruns * Fiddler * Wireshark * x64dbg.
