Presentation is loading. Please wait.

Presentation is loading. Please wait.

Topic 5 Penetration Testing 滲透測試

Published byMaria Blair Modified over 6 years ago

Similar presentations

Presentation on theme: "Topic 5 Penetration Testing 滲透測試"— Presentation transcript:

1 Topic 5 Penetration Testing 滲透測試

2 Introduction to Penetration Testing
Defined as a legal and authorized attempt to locate and exploit the vulnerabilities of systems for the purpose of reducing risks in those systems. Penetration testing is also known as pen testing, PT, ethical hacking, white hat hacking. The process includes detecting vulnerabilities as well as providing proof of concept (POC) attacks to demonstrate the vulnerabilities are exist. Provides specific recommendations for addressing and fixing the issues that were discovered during the test.

3 Penetration Testing Strategies
Based on the amount of information available to the pen testers, there are three penetration testing strategies: black box, white box and gray box. Black Box Testing Pen testers have no knowledge about the target. They have to figure out the vulnerabilities of the system on their own from scratch. Simulates the actions and procedures of a real attacker. All they really know are the rules of engagement. For example, social engineering and physical security testing might be permitted, but no Denial of Service is allowed.

4 Penetration Testing Strategies
White Box Testing Pen testers have full knowledge of the network, system, and infrastructure they’re targeting. Simulate a knowledgeable internal threat, such as a disgruntled network administrator or other trusted user. Gray Box Testing Also known as partial knowledge testing. Only assumes that the pen testers are insiders. They need to gather further information before conducting the test. Because most attacks do originate from inside a network, this type of testing is very valuable and can demonstrate privilege escalation from a trusted employee.

5 Pre-engagement/Preparation
Define the goal of the test Identifying risks that will adversely impact the organization. Scope for the penetration test Agree with the client what you are going to test. Educate client on what to expect. Rules of engagement (ROE) Detailed guidelines and constraints regarding the execution of testing. Gives the test team authority to conduct defined activities without the need for additional permissions.

6 Five Phases of a Penetration Testing
Reconnaissance Scanning Gaining Access Maintaining Access Clearing Tracks

7 Five Phases of a Penetration Testing
Phase 1 - Reconnaissance Gathering as much information as possible about the target of evaluation. Passive reconnaissance approach is taken and will not raise any alarms. (whois, nslookup, company website, Google) Phase 2 - Scanning With information gathered, the goal of scanning is to apply tools and techniques to learn as much technical data about the systems as possible. Live hosts are found and the network is footprinted. Services that are available are confirmed and the operating systems of each platform are verified, and vulnerabilities are assessed.

8 Five Phases of a Penetration Testing
Phase 3 - Gaining Access True attacks are carried out against the targets. Examples of attacks: Accessing an open and non-secured wireless access point, delivering a buffer overflow or SQL injection against a web application. Phase 4 - Maintaining Access Attempting to ensure penetration testers have a way back into the compromised machine or system. Back doors are left open for future use, a sniffer is placed on a compromised machine to watch traffic on a specific subnet. Access can be maintained through the use of Trojans, rootkits, or any number of other methods.

9 Five Phases of a Penetration Testing
Phase 5- Covering Tracks Attempting to hide attack activities from detecting by security professionals. Steps ranges from removing or altering log files, hiding files with hidden attributes or directories, and even using tunneling protocols to communicate with the system. Sometimes even simply corrupting the log files as files get corrupted all the time, and chances are that the administrator will not aware of the problem. Good pen testers should make sensible judgments in this phase.

10 Demonstration - Reconnaissance
DNS Zone Transfer (nslookup)

11 Demonstration - Reconnaissance
Using DNSstuff (

12 Demonstration - Scanning
Using Netsparker web application security scanner

13 Demonstration - Gaining Access
Using Metasploit

14 Demonstration - Maintaining Access
Using Metasploit Persistent Backdoor Source: Video:

15 Penetration Testing Tools
Purpose Nmap Network and port scanning, OS detection Netcat Port scanning, transferring files, a backdoor Nessus Detect vulnerabilities and misconfiguration, dictionary attack, denial of service Metasploit Framework Develop and execute exploit code against a remote target, test vulnerabilities SuperScan Port scanning, run queries like whois, ping, and hostname lookups Netsparker Web application security scanner

16 Benefits of Penetration Testing
Helps safeguard the organization against failure through preventing financial loss. Proving due diligence and compliance to industry regulators (HKMA), customers and shareholders. Preserving corporate image and justify information security investment. Helps shape information security strategy through quick and accurate identification of vulnerabilities. Proactive elimination of identified risks. Implementation of corrective measures and enhancement of IT knowledge.

17 Reporting Executive Summary Technical Report Sample Report
Communicate to the reader the specific goals of the pen test and the high level findings of the testing exercise Technical Report Present the technical details of the test and all of the aspects/components agreed upon as key success indicators within the pre-engagement exercise Describe in detail the scope, information, attack path, impact and remediation suggestions of the test Sample Report

18 Standards and Regulations
Source:

19 Standards and Regulations
HKMA - Management of Security Risks in Electronic Banking Services Source:

20 References (1) Pre-engagement
(2) Reporting (3) Sample Penetration Test Report security-testing.pdf (4) An Overview of Penetration Testing (5) Conducting a Penetration Test on an Organization g-penetration-test-organization_67 (6) 滲透測試簡介

Download ppt "Topic 5 Penetration Testing 滲透測試"

Similar presentations

ETHICAL HACKING.

ETHICAL HACKING.
Introduction to Ethical Hacking, Ethics, and Legality.

Introduction to Ethical Hacking, Ethics, and Legality.
I NDULGENC E There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.

I NDULGENC E There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.
Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.

Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.

Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.
Rochester Institute of Technology Secure IT 2007 Security Auditing Course Development Rochester Institute of Technology Yin Pan

Rochester Institute of Technology Secure IT 2007 Security Auditing Course Development Rochester Institute of Technology Yin Pan
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008.

Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Network security policy: best practices

Network security policy: best practices
Penetration Testing Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802

Penetration Testing Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802
The Business of Penetration Testing

The Business of Penetration Testing
Penetration Testing.

Penetration Testing.
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Sam Cook April 18, 2013. Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.

Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Performing a Penetration Test.  Penetration Tester  Attempts to reveal potential consequences of a real attack  Security Audit / Vulnerability Assessment.

Performing a Penetration Test.  Penetration Tester  Attempts to reveal potential consequences of a real attack  Security Audit / Vulnerability Assessment.
0 Kluge Burch Zimmerling GRC Advisors Commodity Services Specification Penetration Testing & Application Security Assessment January 2015.

0 Kluge Burch Zimmerling GRC Advisors Commodity Services Specification Penetration Testing & Application Security Assessment January 2015.
Pen testing to ensure your security

Pen testing to ensure your security

Similar presentations

Ads by Google