Penetration Testing / Ethical Hacking
A penetration test, or the short form pentest, is an attack on a computer system with the intention of finding security weaknesses, potentially gaining access to it, its functionality and data.
The process involves identifying the target systems and the goal, then reviewing the information available and undertaking available means to attain the goal. A penetration test target may be a white box (where all background and system information is provided) or black box (where only basic or no information is provided except the company name). A penetration test will advise if a system is vulnerable to attack, if the defenses were sufficient and which defenses (if any) were defeated in the penetration test.
A penetration can be likened to surveying a rabbit proof fence, which must be whole to keep the rabbits out. In surveying the fence the penetration tester may identify a single hole large enough for a rabbit (or themselves) to move through, once the defense is passed, any further review of that defense may not occur as the penetration tester moves on to the next security control. This means there may be several holes or vulnerabilities in the first line of defense and the penetration tester only identified the first one found as it was a successful exploit. This is where the difference lay between a vulnerability assessment and penetration test – the vulnerability assessment is everything that you may be susceptible to, the penetration test is based on if your defense can be defeated.
Security issues uncovered through the penetration test are presented to the system’s owner. Effective penetration tests will couple this information with an accurate assessment of the potential impacts to the organization and outline a range of technical and procedural countermeasures to reduce risks.
Penetration tests are valuable for several reasons:
- Determining the feasibility of a particular set of attack vectors
- Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities exploited in a particular sequence
- Identifying vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software
- Assessing the magnitude of potential business and operational impacts of successful attacks
- Testing the ability of network defenders to successfully detect and respond to the attacks
- Providing evidence to support increased investments in security personnel and technology
A penetration test is useful service if your business can justify the expense and importance of having its web facing equipment properly secured. Rest assured that cybercrime is a growing problem, costing business and the government millions each year. The cyber criminals don’t look to be giving up anytime soon and with all this money to be made by them online, who’s to say your business won’t be next?
Advantages of a Penetration Test
Having a penetration test conducted can be extremely useful to people who wish to get extra reassurance when it comes to critical web facing systems, however they can also be useful in a variety of other ways, such as:
- Testing a System Administrator to see if he is keeping systems updated and secured.
- Compliance & the Payment Card Industry (PCI), when operating an online payments system.
- Risk reduction and risk mitigation factors for insurance or other industries.
- Protection of Confidentially, Integrity and Availability (CIA triad) of data.
We use the same tools and knowledge as a malicious hacker, but with the goal of helping take pre-emptive measures against malicious attacks by attacking the target system themselves; while staying within legal limits and doing no lasting damage. Our main goal is exposing vulnerabilities internally to approved personal and helping the development teams undertake preventative corrective and preventative countermeasures before an actual compromise of the system takes place.
- SQL, OS, and LDAP injection
- Parameter tampering
- Broken Authentication and Session Management
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Insecure Direct Object References
- Security Misconfiguration
- Sensitive Data Exposure
- Missing Function Level Access Control
- Using Components with Known Vulnerabilities
- Unvalidated Redirects and ForwardsEthics and Legality
- System Hacking
- Trojans and Backdoors
- Denial of Service
- Social Engineering
- Session Hijacking
- Hacking Web Servers
- Web Application Vulnerabilities
- Web Based Password Cracking Techniques
- SQL Injection
- Hacking Wireless Networks
- Virus and Worms
- Physical Security
- Linux Hacking
- Evading Firewalls, IDS and Honeypots
- Buffer Overflows
Alternatives to Penetration Testing
Yes, there are network scanners available, however if you don’t know enough about the security results displayed in a scanner or how to confirm the results are not false positives, it is highly advised you seek out professional help, rather than taking a chance and putting your business at risk.