Penetration Testing Company NYC
What Is A Penetration Test?
Penetration testing AKA pen-testing or pen test is a process where a tester looks for exploitable vulnerabilities from within an IT infrastructure that may allow the tester to subvert, modify and extract information.
Attacker’s objective is to identify entry points accessing your data; these entry points can have vulnerabilities in one or more systems that may include Operation System, Firewalls, Web servers, web applications, services and other devices.
External Penetration Testing will simulate an attacker targeting Internet facing systems that are connected to internal resources such as database extracting data or installing back-doors for a later use, in most cases that attacker would do both (see diagram). This penetration testing will include three main ways into a given system: (1) open services on servers. (2) Network devices such as routers, and Firewalls. (3) Find weakness within Web Application retrieving sensitive information by using code injections and other methods. Within each method we search for human-errors in the design and/or implementation, and/or user miss-configurations that can pose potential weaknesses. These weaknesses can be later exploited to deface website, upload files, obtaining access to user’s mailbox and obtaining administrative rights.
Internal Penetration Testing will simulate an attacker that has a foot hold in the internal perimeter (see diagram). This penetration testing will include three main ways into a given system: (1) open services on servers and workstations. (2) Find and locate systems defaults, security updates and etc. (3) Find databases that may have sensitive information due to vulnerabilities, updates, miss-configuration targeting internal resources such as servers, workstation, storage devices and other devices gaining unauthorized access to said systems.
There are three methods to perform above penetrations: Automated, manual and hybrid.
Automated: Using set of tools that can simulate different types of attacks, this type has three major advantages: (1) it’s fast (2) lower costs (3) will get the low hanging fruits. There is one major disadvantage: cannot “see” unexpected systems behavioral by using “fuzzing” techniques that can later be used to create other types of attacks such as buffer overflow & other types of code injections.
Manual: In this case using tools that are configured & written every time differently, so testing is done deeply, this method has one major advantage: getting more weakness that an attacker may find and exploit. There is one major disadvantage: takes longer time with higher costs.
Hybrid: This method takes the best from both methods; getting the low hanging fruits faster plus other hidden attack vectors using the manual method at reasonable cost.
The Application Level
Attacker will leverage the application level trying to gain unauthorized access to data from both Internal & External pathways. In this case the consultant will start with network tests and will continue testing the application level using the hybrid method. Next the consultant will check the application trying to find entry points in one or more:
- Network Analysis
- Foot printing
- Publicly available information
- WHOIS & DNS enumeration
- DNS Interrogation
- Network Reconnaissance
- Search for listening services and ports
- Detect Operation System
- Banner Grabbing
- Enumerate for Common Network Services
- Web Server Vulnerabilities
- Test for default credentials
- Test for default content
- Test for Web Server Software Bugs
- HTTP Methods
- Web Application Analysis
- Core Defense Mechanisms
- Web Application Technologies
- Mapping the Application
- Bypassing Client-Side Controls
- Attacking Authentication
- Attacking Session Management
- Attacking Access Controls
- Attacking Data Stores
- Attacking Back-End Components
- Attacking Users: XSS
- Attacking Users: Other Techniques
- Attacking Application Logic
- Exploiting Information Disclosure
- Attacking Application Architecture
- Attacking the Application Server
- Code Injection
- SQL Injections
- Fuzzing: Server and Application
- Format Strings
- Buffer Overflow
- Buffer Overrun
The final report will include detailed information on security risk, vulnerabilities, and the necessary countermeasures and recommended corrective actions.
The final report will consist of the following sections:
- Introduction – including the scope and methodology used for this pen-testing.
- Executive Summary – appropriate for senior management to review and understand the current level of risk.
- Findings and Recommendations – providing sufficient technical details for the IT team to understand and correct the issues.
Ready to start conversation
your cybersecurity assessments needs?
Talk to us now.