What Is a Threat in Penetration Testing ?

Every system is exposed to threats. A computer center located in an area where power cuts are common will find it hard to live up to any greater promises on continuous delivery. A server running on an array of hard disks that have reached years beyond their designed life expectancy is a data loss disaster waiting to happen. And an Internet facing system that has not been configured to automatically install security updates is basically a standing invitation to every imaginable type of 

hacker.

What Is a Threat in Penetration Testing ?

Threats to computer systems can be divided into the following categories:

1. Natural: Mother Nature doing whatever she finds pleasing such as creating snowstorms, fire, volcanic eruptions, and solar storms.
2. Human-made: The deliberate actions of humans such as hacker attacks, sabotage, and riots.
3. Technical: Failure related to technical systems such as data loss, disk failure, and short circuits.
4. Supply system: Heating, ventilation, water, and every other type of supply system needed for a fully operational system.

The biggest threat to a system is a human made threat more specifically, a human made threat involving a deliberate hacker attack.

Threats and Threat Agents

A threat is materialized by a threat agent. This means, for example, that a human-made threat such as a hacker attack is materialized by a hacker.

In general, the human threat agent is the most probable source of disruption. This disruption can be both intentional and unintentional. An unintentional disruption could be a planned hardware or software upgrade gone wrong that caused the system to fail.Hackers, and their actions, fit well into the intentional disruption category. One such intentional disruption caused by hackers is a denial of service attack. Other types of intentional disruptions include spreading malware, hacktivism, and phishing.

What is Computer based social engineering ?

Computer-based social engineering refers to attacks carried out with the help of computer software to get the desired information. Some of these attack types are listed as follows: 

What is Computer based social engineering

• Pop-up windows: Pop ups trick users into clicking on a hyperlink that redirects them to visit an attacker's web page, asking them to give away their personal information or asking them to download software that could have attached viruses in the backend.

• Insider attack: This type of attack is performed from inside the target network. Most insider attacks are orchestrated by disgruntled employees who are not happy with their position in the organization or because they have personal grudges against another employee or the management.

• Phishing: Spammers often send e-mails in bulk to e-mail accounts, for example, those claiming to be from the UK lottery department and informing you that you have won a million pounds. They request you to click on a link in the e-mail to provide your credit card details or enter information such as your first name, address, age, and city. Using this method the social engineer can gather social security numbers and network information.

• The "Nigerian 419" scam: In the Nigerian scam, the attacker asks the target to make upfront payments or make money transfers. It is called 419 because "4-1-9" is a section of the Nigerian Criminal Code that outlaws this practice. The attacker or scammers usually send the target e-mails or letters with some lucrative offers stating that their money has been trapped in some country that is currently at war, so they need help in taking out the money and that they will give the target a share, which never really comes. These scammers ask you to pay money or give them your bank account details to help them transfer the money. You are then asked to pay fees, charges, or taxes to help release or transfer the money out of the country through your bank. These "fees" may start out as small amounts. If paid, the scammer comes up with new fees that require payment before you can receive your "reward". They will keep making up these excuses until they think they have got all the money they can out of you. You will never be sent the money that was promised. 

• Social engineering attack through a fake SMS: In this type of attack, the social engineer will send an SMS to the target claiming to be from the security department of their bank and also claiming that it is urgent that the target call the specified number. If the target is not too technically sound, they will call the specified number and the attacker can get the desired information.

You can also look at : The Social Engineer Toolkit | Kali Linux

and: What are Human based social engineering ?

What are Human based social engineering ?

In human-based social engineering attacks, the social engineer interacts directly with the target to get information. An example of this type of attack would be where the attacker calls the database administrator asking to reset the password for the targets account from a remote location by gathering the user information from any remote social networking site of the XYZ company.

What are Human based social engineering ?

Human based social engineering can be categorized as follows:

• Piggybacking: In this type of attack the attacker takes advantage by tricking authorized personnel to get inside a restricted area of the targeted company, such as the server room. For example, attacker X enters the ABC company as a candidate for an interview but later enters a restricted area by tricking an authorized person, claiming that he is a new employee of the company and so doesn't have an employee ID, and using the targets ID card. 

• Impersonating: In this type of attack, a social engineer pretends to be avalid employee of the organization and gains physical access. This can be perfectly carried out in the real world by wearing a suit or duplicate ID for the company. Once inside the premises, the social engineer can gain valuable information from a desktop computer. 

• Eavesdropping:This is the unauthorized listening to of communication between two people or the reading of private messages. It can be performed using communication channels such as telephone lines and e-mails. 

• Reverse social engineering: This is when the attacker creates a persona that appears to be in a position of authority. In such a situation, the target will ask for the information that they want. Reverse engineering attacks usually occur in areas of marketing and technical support. 

• Dumpster diving: Dumpster diving involves looking in the trash can for information written on pieces of paper or computer printouts. The hacker can often nd passwords, lenames, or other pieces of con dental information in trash cans. 

• Posing as a legitimate end user: In this type of attack, the social engineer assumes the identity of a legitimate user and tries to get the information, for example, calling the Helpdesk and saying, "Hi, I am Mary from the X department. I do not remember my account password; can you help me out?" 

What Allows Penetration Testing to Work ?

There are several general reasons why penetration tests are successful. Many of them are in the operational area; however, security problems can arise due to deficiencies in any of the three testing areas. A large number of security problems arise due to a lack of awareness on the part of a company’s employees of the company’s policies and procedures regarding information security and protection. If employees and contractors of a company do not know the proper procedures for handling proprietary or sensitive information, they are much more likely to allow that information to be left unprotected. If employees are unaware of the company policies on discussing sensitive company information, they will often volunteer (sometimes unknowingly) information about their company’s future sales, marketing, or research plans simply by being asked the right set of questions. The tester will exploit this lack of awareness and modify the testing procedure to account for the fact that the policies are not well known.

What Allows Penetration Testing to Work ?

In many cases, the subjects of the test will be very familiar with the company’s policies and the procedures for handling information. Despite this, however, penetration testing works because often people do not ad- here to standardized procedures defined by the company’s policies. Al- though the policies may say that system logs should be reviewed daily, most administrators are too busy to bother. Good administrative and security practices require that system configurations should be checked periodically to detect tampering, but this rarely happens. Most security policies indicate minimum complexities and maximum time limits for password, but many systems do not enforce these policies. Once the tester knows about these security procedural lapses, they become easy to exploit.

Many companies have disjointed operational procedures. The processes in use by one organization within a company may often conflict with the processes used by another organization. Do the procedures used by one application to authenticate users complement the procedures used by other applications, or are there different standards in use by different applications? Is the access security of one area of a company’s network lower than that of another part of the network? Are log files and audit records reviewed uniformly for all systems and services, or are some systems monitored more closely than others? All these are examples of a lack of coordination between organizations and processes. These examples can be exploited by the tester and used to get closer to the goal of the test. A tester needs only to target the area with the lower authentication standards, the lower access security, or the lower audit re- view procedures in order to advance the test. 

Many penetration tests succeed because people often do not pay ad- equate attention to the situations and circumstances in which they find themselves. The hacker’s art of social engineering relies heavily on this fact. Social engineering is a con game used by intruders to trick people who know secrets into revealing them. People who take great care in protecting information when at work (locking it up or encrypting sensitive data, for example) suddenly forget about those procedures when asked by an acquaintance at a party to talk about their work. Employees who follow strict user authentication and system change control procedures suddenly “forget” all about them when they get a call from the “Vice President of Such and Such” needing something done “right away.” Does the “Vice President” himself usually call the technical support line with problems? Probably not, but people do not question the need for in- formation, do not challenge requests for access to sensitive information even if the person asking for it does not clearly have a need to access that data, and do not compare the immediate circumstances with normal pat- terns of behavior. 

Many companies rely on a single source for enabling an employee to prove identity, and often that source has no built-in protection. Most companies assign employee identification (ID) numbers to their associates. That number enables access to many services the company has to offer, yet is displayed openly on employee badges and freely given when re- quested. The successful tester might determine a method for obtaining or generating a valid employee ID number in order to impersonate a valid employee. 

Many hackers rely on the anonymity that large organizations provide. Once a company grows beyond a few hundred employees, it becomes increasingly difficult for anyone to know all employees by sight or by voice. Thus, the IT and HR staff of the company need to rely on other methods of user authentication, such as passwords, key cards, or the above-mentioned employee ID number. Under such a system, employees become anonymous entities, identified only by their ID number or their password. This makes it easier to assume the identity of a legitimate employee or to use social engineering to trick people into divulging information. Once the tester is able to hide within the anonymous structure of the organization, the fear of discovery is reduced and the tester will be in a much better position to continue to test. 

Another contributor to the successful completion of most penetration tests is the simple fact that most system administrators do not keep their systems up to date with the latest security patches and fixes for the systems under their control. A vast majority of system break-ins occur as a result of exploitation of known vulnerabilities, vulnerabilities that could have easily been eliminated by the application of a system patch, configuration change, or procedural change. The fact that system operators continue to let systems fall behind in security configuration means that testers will continuously succeed in penetrating their systems. 

The tools available for performing a penetration test are becoming more sophisticated and more widely distributed. This has allowed even the novice hacker to pick up highly sophisticated tools for exploiting system weaknesses and applying them without requiring any technical background in how the tool works. Often these tools can try hundreds of vulnerabilities on a system at one time. As new holes are found, the hacker tools exploit them faster than the software companies can release fixes, making life even more miserable for the poor administrator who has to keep pace. Eventually, the administrator will miss something, and that something is usually the one hole that a tester can use to gain entry into a system.

WLAN Penetration Testing Methodology | Wireless

To perform a wireless penetration test, it is important to follow a defined methodology. Simply ring up the airbase or airodump command and hoping for the best will not satisfy the goals of a test. When working as a penetration tester, you must ensure that you adhere to the standards of the organization you're working for, and if they don't have any, then you should hold yourself to the highest standards. Broadly, we can break up a wireless penetration testing exercise into the following phases:

1. Planning phase. 
2. Discovery phase. 
3. Attack phase. 
4. Reporting phase.

WLAN Penetration Testing Methodology | Wireless

Planning Phase

The penetration tester should work with the client to define a scope that is achievable and will also provide the greatest amount of insight into the security of a network. Typically, the following information is gathered:

• Location of the penetration test
• Total coverage area of the premises
• Approximate number of access points and wireless clients deployed
• Which wireless networks are included in the assessment?
• Is exploitation in scope?
• Are attacks against users in scope?
• Is denial of service in scope?

Estimate Based on the scope defined, the tester will then have to estimate how much me is required. Bear in mind that restoring may occur following this estimate, as organizations may have limited resources available in terms of both me and money.

Legality: Prior to performing a test, the client must give consent. This should explain the testing to be covered and clearly define the level of indemnity, insurance, and the limitations of the scope. If you are unsure, you will need to speak to a professional in these areas. Most organizations will have their own versions that will likely also incorporate an Non-Disclosure Agreement (NDA). Once all of the preceding requirements are in place.

Discovery Phase

In this phase, the aim is to identify and apply characteristics to the wireless devices and wireless networks within the scope. All the techniques to perform these have been laid out in the previous chapters but, in brief, the aim is to:

Enumerate visible and hidden wireless networks in the area

Enumerate devices in the area, along with those connected to the targeted networks

Map the range of the networks, where they are reachable from and whether there are places a malicious individual could operate from to perform an attack, for example, a cafe.

All of this information should be recorded. If the test is limited to the performance of reconnaissance only, the test will end here, and the tester will attempt to draw conclusions based on this information. Some statements that would be useful to a client are be

as follows:

• The number of devices that have associations with open networks and the corporate network
• The number of devices that have networks that can be linked to locations through
• solutions such as WiGLE
• The existence of weak encryption
• The networks set up are too strong 

Attacking Phase

Once reconnaissance has been performed, exploitation must be performed for proof of concept. If the Attack is being performed as part of a red team or wider assessment, then exploitation should be performed to gain access to the network as surreptitiously as possible.

In our attacking phase, we will explore the following:

• Cracking the encryption
• Attacking the infrastructure
• Compromising clients
• Finding vulnerable clients
• Finding unauthorized clients 

Cracking The Encryption

The first step is to retrieve the keys for any vulnerable networks identified. If networks with WEP exist, perform the WEP-cracking method. If WPA2-secured systems are present, you have two choices. If aiming to be stealthy, arrive on-site at mes when individuals are likely to be authenticating or re-authenticating. These times are likely to be:

• Start of the day
• Lunch me
• End of the day

If WPA-Enterprise is in place, bear in mind you will have to use the information gathered from the reconnaissance to target the correct network and set up your dummy Enterprise setup.

You can attempt to break all passphrase but bear in mind that some will be unbreakable. Following the performance of the test, check with the wireless administrator for the passphrase in use. Check to see whether it is a secure passphrase and that you, as a tester, did not experience a tool failure or were merely unlucky. 

Attacking infrastructure 

If network access is gained through cracking the encryption, perform a standard network penetration test if allowed in scope. The following should be performed as a minimum: 

• A port scan

• Identifying which services are running

• Enumerating any open services, such as unauthenticated FTP, SMB, or HTTP 

• Exploiting any vulnerable services identified 

Composition infrastructure 

After enumerating and testing all wireless systems, there are various types of engagements that would suit performing attacks against clients. If necessary, after establishing which clients are vulnerable to Karma attacks, create a Honeypot to force them to connect with the methods laid out in the Attacking PEAP. There are various useful pieces of information that can be gathered through this method, but ensure that the collected data serves a purpose and is stored, transmitted, and used in an ethical and safe manner. 

Reporting Phase

Finally, at the end of testing, it is necessary to report your findings to the client. It's important to ensure that the report matches the quality of your testing. As the client will only see the report, you have to give it as much love and a en on as you do to your testing. The following is a guideline to the layout of the report:

1. Management summary.
2. Technical summary.
3. Findings:

• Vulnerability description
• Severity
• Affected devices
• Vulnerability type—software/hardware/configuration
• Remediation

       4- Appendices.

The management summary should be aimed at talking to a senior nontechnical audience with a focus on the effects and mitigations required at a high level. Avoid language that is too technical and ensure that the root causes are covered.

The technical summary should be a midpoint between the management summary and findings list. It should be aimed at a developer or a technical lead with a focus on how to x the issues and broad solutions that could be implemented.
The findings list should describe each vulnerability at a low level, explaining the methods to identify, and replicate, and vulnerabilities.

Appendices should contain any extra information that would be too long to describe in a short description. This is where any screenshots, proof-of-concept code, or stolen data should be presented. 

What is a Penetration Testing ?

Security is one of the major issues of information systems. The growing connectivity of computers through the internet, the increasing extensibility of systems, and the unbridled growth of the size and complexity of systems have made software security a bigger problem now than in the past. Furthermore, it is a business imperative to adequately protect an organization’s information assets by following a comprehensive, and structured approach to provide protection from the risks an organization might face. In an attempt to solve the security problem and comply with the mandated security regulations, security experts have developed various security assurance methods including proof of correctness, layered design, software engineering environments and penetration testing.

What is Penetration testing ?

Penetration testing involves performing various reconnaissance scans against your perimeter defenses, boundary routers, firewalls, switches, network devices, servers, and workstations to allow you to see which devices are within your environment and to determine the overall plan of the network and topology. Once this has been gathered, you can then collate this information and then look at an attack vector to try and penetrate identified systems to see if they can be compromised by using known vulnerability scans, attacks and denial of service attacks. When performing penetration testing you are essentially taking on the role of the hacker. You will be looking at using tools like PING to detect if hosts are live, port scanners for any hosts that may deny ICMP Echo/Reply requests (PING’s) and to also identify which ports are open on devices enabling you to create a footprint of what these devices are used for.

Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are attempting to break in. The term "white hat" in Internet slang refers to an ethical computer hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems

in other point Penetration Tessting is:

Penetration testing is defined as a formalized set of procedures designed to bypass the security controls of a system or organization for the purpose of testing that system’s or organization’s resistance to such an attack. Penetration testing is performed to uncover the security weaknesses of a system and to determine the ways in which the system can be compromised by a potential attacker. Penetration testing can take several forms (which will be discussed later) but, in general, a test consists of a series of “attacks” against a target. The success or failure of the attacks, and how the target reacts to each attack, will determine the outcome of the test.

What is the purpose of a penetration testing ?

The purpose of a penetration test is to determine the subject’s ability to withstand an attack by a hostile intruder. As such, the tester will be using the tricks and techniques a reallife attacker might use. This simulated attack strategy allows the subject to discover and mitigate its security weak spots before a real attacker discovers them.

Why Penetration Testing is exists ?

the reason is some organizations need to figure the effectiveness of their security measures before any other does. The fact that they want tests performed indicates that they believe there might be (or want to discover) some deficiency in their security. While the testing itself might uncover problems in the organization’s security, the tester should attempt to discover and explain the underlying cause of the lapses in security that allowed the test to succeed. The tester should explain that the lapse was due to inadequate attention by the guard on duty or a lack of guard staff training that would enable them to recognize valuable or sensitive information.

How to know whether your network or system is secure or not? Is any body latching up your personal data or violating your Privacy? Well for few of you it don’t matter a lot but what about the companies having there money logs/transactions or secrete data or any private data regarding customers where it is the duty of Companies to protect there privacy and to fix those vulnerabilities and clean up.

• Computer related crime is on the rise.
• Find holes now before somebody else does.
• Report problems to management.
• Verify secure configurations.
• Security training for network staff.
• Discover gaps in compliance.
• Testing new technology.

What is the difference between a Penetration Tester and a Hacker?

• Penetration Tester’s have prior approval from Senior Management
  • Hackers have prior approval from themselves.
• Penetration Tester’s social engineering attacks are there to raise awareness
  • Hackers social engineering attacks are there to trick the DMV into divulging sensitive information about the whereabouts of their estranged ex-spouse.
• Penetration Tester’s war driving = geeks driving cars with really long antennas, license plate reading “r00t3d” while dying their hair green looking to discover the hidden, unapproved networks your users thought it would be OK to install for you.
  • Hackers wireless war driving doesn’t happen so often because 14 year olds typically don’t have their license yet.
• Penetration Tester’s have pink mohawks and wear trenchcoats in July.
  • Hackers have pink mohawks and wear trenchcoats.... that they bought with your bank account info.

What is the Types of  Penetration Testing ?

• Network Penetration Testing.
• Web Application Penetration Testing.
• Wireless Penetration Testing.
• Social Engineering Penetration Testing.
• and much more...

The Terminology of  Penetration Testing

There are several terms associated with penetration testing. These terms are used throughout this article to describe penetration testing and the people and events involved in a penetration testing.

Tester:

The person or group who is performing the penetration test. The purpose of the tester is to plan and execute the penetration test and analyze the results for management. In many cases, the tester will be a member of the company or organization that is the subject of the test. However, a company may hire an outside firm to conduct the penetration test if it does not have the personnel or the expertise to do it itself.

Attacker:

A real-life version of a tester. However, where the tester works with a company to improve its security, the attacker works against a company to steal information or resources.

Attack:

The series of activities performed by the tester in an attempt to circumvent the security controls of a particular target. The attack may consist of physical, procedural, or electronic methods.

Subject of the test:

The organization upon whom the penetration test is being performed. The subject can be an entire company or it can be a smaller organizational unit within that company.

Target of a penetration test:

The system or organization that is being subjected to a particular attack at any given time. The target may or may not be aware that it is being tested. In either case, the target will have a set of defenses it presents to the outside world to protect itself against intrusion. It is those defenses that the penetration test is designed to test. A full penetration test usually consists of a number of attacks against a number of different targets.

Management:

The term used to describe the leadership of an organization involved in the penetration test. There may be several levels of management involved in any testing effort, including the management of the specific areas of the company being tested, as well as the upper management of the company as a whole. The specific levels of management involved in the penetration testing effort will have a direct impact on the scope of the test. In all cases, however, it is assumed that the tester is working on behalf of (and sponsored by) at least one level of management within the company.

Penetration test:

The actual performance of a simulated attack on the target.

What is Penetration Black Box Gray Box White Box Testing ?

Penetration Testing – Black Box, Gray Box, and White Box Testing

• Penetration testing usually falls under three categories: Black Box, Gray Box, and White Box.
• Black Box does not include any knowledge of the structure of the system, so this type of testing simulates the approach of an outside attacker.
• Gray Box includes only a limited knowledge of the layout of the target.
• White Box testing occurs when a penetration tester has complete knowledge of the layout of the target(s).

in the last i think now you have a full knoldge what  Penetration Testing is, so i hope you share this article ti reach a lot of people around the globe.

Whats the Areas of Penetration Testing ?

There are three areas to test in penetration testing: the physical structure of the system, the logical structure of the system, and the response or workflow of the system. These three areas define the scope and the types of penetration testing which are network, application, and social engineering.

Areas of Penetration Testing

Penetration Testing Areas

Network penetration testing
is an ethical and safe way to identify security gaps or flaws in the design, implementation or operation of the organization’s network. The testers perform analysis and exploits to assess whether modems, remote access devices and maintenance connections can be used to penetrate the test target.

Wireless Penetration Testing

Wireless Testing If the organization has a wireless network, the following activities may be undertaken. This is not an exhaustive list, and the tester is encouraged to update the list with new testing methods. Activities include the following methods:

Web Application penetration testing
is an attack simulation intended to expose the effectiveness of an application's security controls by highlighting risks posed by actual exploitable vulnerabilities. Although organizations use firewall and monitoring systems to protect information, security can still be compromised since traffic can be allowed to pass through the firewall.

Social engineering
preys on human interaction to obtain or compromise information about an organization and its computer systems. It is used to determine the level of security awareness among the employees in the organization that owns the target system. This is useful to test the ability of the organization to prevent unauthorized access to its information and information systems. Thus, this is a test focused on the workflow of the organization.

---

The typical image of a penetration test is that of a team of high-tech computer experts sitting in a small room attacking a company’s network for days on end or crawling through the ventilation shafts to get into the company’s “secret room.” While this may be a glamorous image to use in the movies, in reality the penetration test works in a variety of different (and very nonglamorous) ways.

What is Penetration Testing Types | Black Box, White Box, Gray Box

The typical image of a penetration test is that of a team of high-tech com- puter experts sitting in a small room attacking a company’s network for days on end or crawling through the ventilation shafts to get into the company’s “secret room.” While this may be a glamorous image to use in the movies, in reality the penetration test works in a variety of different (and very nonglamorous) ways.

The first type of penetration testing involves the physical infrastructure of the subject. Very often, the most vulnerable parts of a company are not found in the technology of its information network or the access controls found in its databases. Security problems can be found in the way the subject han- dles its physical security. The penetration tester will seek to exploit these physical weaknesses. For example, does the building provide adequate access control? Does the building have security guards, and do the guards check people as they enter or leave a building? If intruders are able to walk unchecked into a company’s building, they will be able to gain physical access to the information they seek. A good test is to try to walk into a building during the morning when everyone is arriving to work. Try to get in the middle of a crowd of people to see if the guard is adequately checking the badges of those entering the building.

The three types of penetration testing :

1. Black-box penetration testing: (zero-knowledge testing): In order to simulate real-world attacks and minimize false positives, penetration testers can choose to undertake black-box testing (or zero knowledge testing, with no information or assistance from the client) and map the network while enumerating services, shared file systems, and operating systems discreetly. Additionally, the penetration tester can undertake wardialing to detect listening modems and wardriving to discover vulnerable access points, provided these activities are within the scope of the project.
2. White-box penetration testing: (complete-knowledge testing): If the organization needs to assess its security against a specific kind of attack or a specific target, complete information about the organization’s network may be given to the penetration testers. The information provided can include network-topology documents, asset inventory, and valuation information. Typically, an organization would opt for this when it wants a complete audit of its security. It is critical to note that despite all this, information security is an ongoing process and penetration testing gives a snapshot of the security posture of an organization at any given point in time. White-box testing can be done with and without the knowledge of the IT staff. Only the top management is kept in the loop when a test is conducted without the involvement of the organization’s IT staff.
3. Gray-box penetration testing: Gray-box penetration testing is the most common approach to test the vulnerabilities that an attacker can find and exploit. This testing process functions in a similar way to black-box testing. Both the attack team and normal users are provided with the same privileges. The purpose of these tests is to simulate an attack by a malicious insider.

Black Box Penetration Testing

Black box penetration testing, the testers have no prior knowledge of the infrastructure that is to be tested. The tester uses fingerprinting methods to acquire information about the inputs and the expected outputs but is not aware of the internal workings of a system. This test is carried out only after extensive research related to the organization is done. It is carried out from the user’s point of view. Designing test cases is difficult without clear and concise specifications, but it is done once the specifications are complete. This test simulates the process of a real hacker. Black-box testing is quite time-consuming and expensive. It is also known as functional testing.

White Box Penetration Testing

White box penetration testing is also known as complete-knowledge testing. The tester is provided with various pieces of information about the organization before the white-box testing is started. This test simulates the process of the company’s employees. The following information is often provided during white-box testing:

1. Company infrastructure: This includes information related to the different departments of the organization. Information related to hardware, software, and controls are also revealed to the penetration tester.
2. Network type: The network-type information could be regarding the organization’s LAN and the topology used to connect the systems. It could also be information regarding access to remote networks or the Internet.
3. Current security implementations: Current security implementations are the various security measures adopted by the organization to safeguard vital information against any kind of damage or theft.
4. IP address/firewall/IDS details: This information includes details of the IP addresses the organization uses, the firewalls used to protect data from unauthorized users, and other important technical details about the network. The firewall and IDS policies are made available to the penetration tester.
5. Company policies: The various policies that the organization has adopted to carry out business could be made available, depending on the nature of the test. Security policies, legal policies, and labor policies can all be useful to the penetration tester.

Gray Box Penetration Testing

Gray box penetration testing involves a security assessment and internal testing; the process of testing examines the scope of access by insiders within the organization’s network. Both the attack team and normal users are provided with the same privileges, and the purpose is to simulate an attack by a malicious insider. Here, the tester usually is given limited information.

What is the steps of Penetration Testing ?

steps of Penetration Testing: As we all know Penetration testing is a series of activities under taken to identify and exploit security vulnerabilities. It helps confirm the effectiveness or ineffectiveness of the security measures that have been implemented. This Article provides an overview of penetration testing. It's showing the steps of penetration testing and the strategies and the methodology of conducting penetration testing. The methodology of penetration testing includes three phases: test preparation, test and test analysis. The test phase involves the following steps: information gathering, vulnerability analysis, and vulnerability exploit.

What is the steps of Penetration Testing ?

Steps of  Web Application Penetration Testing:

based on OWASP methodology.

1. Introduction and Objectives
2. Information Gathering
3. Configuration and Deploy Management Testing
4. Identity Management Testing
5. Authentication Testing
6. Authorization Testing
7. Session Management Testing
8. Data Validation Testing
9. Error Handling
10. Cryptography
11. Business Logic Testing
12. Client Side Testing

Steps of  Network Penetration Testing:

1. Information about the target system
2. Scan target systems for services on offer
3. Identify systems and applications
4. Researching Vulnerabilities
5. Exploiting vulnerabilities

Steps of Social Engeneering:

1. Identify Target.
2. Information Gathering.
3. Developing Relationship.
4. Exploitation.
5. Execution.

Common Techniques of Social Engeneering

• Social Engineering by Phone
• Dumpster Diving
• On-line Social Engineering
• Persuasion
• Reverse Social Engineering

Difference between Penetration Testing and Vulnerability Assessment

Penetration testing is a series of activities undertaken to identify and exploit security vulnerabilities. Formalized set of procedures designed to bypass the security controls of a system or organization for the purpose of testing that system’s ororganization’s resistance to such an attack. Penetration testing is performed to uncover the security weaknesses of a system and to determine the ways in which the system can be compromised by a potential attacker.

Vulnerability assessment (Vulnerability): Any weakness that can be exploited by an aggressor or, in a non-terrorist threat environment, make an asset susceptible to hazard damage) is an important subset of the risk assessment process, Vulnerability assessment involves looking at the system elements and layout and their failure modes based on a given set of threats or insults. The vulnerability assessment answers the basic question, what can go wrong should the system be exposed to threats and hazards of concern? Line managers and technical staff at individual facilities or service provider organizations can perform a vulnerability assessment.

Difference between Penetration Testing and Vulnerability Assessment

• Vulnerability Assessment:

  • Typically is general in scope and includes a large assessment.
  • Predictable. (You know when those @@@ Security guys scan us.)
  • Unreliable at times and high rate of false positives.
  • Vulnerability assessment invites debate among System Admins.
  • Produces a report with mitigation guidelines and action items.
  • Is the assessment of a system to determine if it has vulnerabilities or weaknesses that need to be resolved or patched.
  • Is also known as a security audit.
  • Can be performed by one person or a team of vulnerability researchers or security engineers.
  • Is often known as a flaw or weakness that could be exploited by an outside attacker or compromised by internal personnel.
  • Is necessary because many organizations, companies, and health facilities are required to meet certain compliance.
  • HIPPA regulations are important so that health facilities hire the services of pen testers in order to meet compliance with vulnerability assessment being a great portion of the service.

• Penetration Testing:

  • Focused in scope and may include targeted attempts to exploit specific vectors (Both IT and Physical)
  • Unpredictable by the recipient. (Don’t know the “how?” and “when?”)
  • Highly accurate and reliable. (I’ve got root!)
  • Penetration Testing = Proof of Concept against vulnerabilities.
  • Produces a binary result:  Either the team owned you, or they didn't.
  • Penetration Testing includes the actual exploitation of the vulnerabilities that are discovered during the phases of the vulnerability assessment.
  • It includes vulnerability assessment; however, vulnerability assessment does not include penetration testing.
  • Rules of engagement (ROE) are signed and understood by both parties before the beginning of a penetration test. The ROE limits the penetration testers from touching targets that are not permitted by the client.

This Lead us to say

Vulnerability assessment is a process of identifying quantifying, and prioritizing (or ranking) the vulnerabilities in a system. It reveals potential security vulnerabilities or changes in the network which can be exploited by an attacker for malicious intent.

Penetration testing is a method of evaluating the security state of a system or network by simulating an attack from a malicious source. This process involves identification and exploitation of vulnerabilities in real world scenario which may exists in the systems due to improper configuration, known or unknown weaknesses in hardware or software systems, operational weaknesses or loopholes in deployed safeguards.

The Key Different between Penetration Testing and Vulnerability Assessment

• The key difference between vulnerability assessment and penetration testing is the lack of exploitation in vulnerability assessment and the actual exploitation in penetration testing.
• Permission must be granted to carry out either or both of these operations.
• Obey the cybercrime laws and regulations at all times.
• There are many available tools, yet one should not simply rely on only one tool to fit every situation.
• To gain further experience and training; research OWASP, create virtual labs.