What is penetration testing?
A penetration test is an authorized attack on a computer system, to evaluate the security of the system. Penetration testing is the formal process of assessing the strength of the security systems. Penetration testing at regular intervals enables businesses to find emerging security threats/vulnerabilities, gain important insights into the exploitation of security vulnerabilities, and assess the security risks.
Pen testing can target to find out breaches in all system components including APIs, servers, databases, etc. to uncover vulnerabilities.
Pen testing is conducted by CSE (certified security experts). It is a very planned process. Testing is performed after obtaining all the necessary permissions from the management/ business, without halting the regular flow of work.
Pen-testing stages —
“Give me six hours to chop down a tree and I will spend the first four. sharpening the axe.” — Abraham Lincoln
The idea of this stage is to gather as much information about the target as possible. Some of the methods to do so are:
- Search engines.
- Domain name searches, For Eg — WHOIS lookups and reverse DNS lookup.
- Social engineering methods.
- Tools, For Eg — Maltego.
- etc. etc.
This is the phase where the attacker will interact with the target with an intention to identify the vulnerabilities in the system. The tester will inject various inputs to the web application and capture the responses; various vulnerabilities like injection, cross-site scripting, XXE (XML external entity), remote code execution can be identified in this phase. The tester can also leverage various tools like Burp / ZAP to inject inputs in this stage.
Scanning gives useful information about the target For Eg — Open ports, IP addresses, services installed and OS information, etc…
There are different tools for port scanning — Nmap, Shodan, Netcraft, Nessus, etc.
This is the stage where the tester gains access to the system. A successful exploit requires at least a basic level of control to the system, thereafter further penetration can be done at the network level to escalate the privilege.
There are different techniques for exploitation like fuzzing (ZAP’s Fuzzer), review responses (From target system), SecLists, Burp intruder (Sniper, Battering Ram, Pitchfork, Cluster Bomb techniques), side-channel attacks, session attacks, Authorization attacks, LFI (local file inclusion), RFI (remote file inclusion), BeEF (Browser exploitation framework), etc.
Reporting is the final part of a penetration test. This is the stage where the pen tester would tell the client about the system’s weaknesses and give them remediation.
Pentester should exactly describe the exploits, where he/she could compromise the system, and the steps which were taken to remediate them.
In my upcoming future blogs, I will explain in detail each section of penetration testing.