penetration testing

Report

Post on 31-Dec-2015

54 Views

Category:

Documents

1 Downloads

Preview:

Click to see full reader

DESCRIPTION

Penetration Testing. Matthew Leonard Troy Matthews COP4910. Overview. Vulnerability Testing How Vulnerability Scans Work What is Penetration Testing? Comparing The Two Need for Pen-Testing Process For Pen-Testing Planning Discovery Attack Reporting. Vulnerability Assessment. - PowerPoint PPT Presentation

TRANSCRIPT

Penetration Testing

Matthew LeonardTroy MatthewsCOP4910

OverviewVulnerability TestingHow Vulnerability Scans WorkWhat is Penetration Testing?Comparing The TwoNeed for Pen-TestingProcess For Pen-Testing

◦Planning◦Discovery◦Attack◦Reporting

Vulnerability AssessmentAka VulnScanAble to detect vulnerabilities on a

wide range of systemsAssessments conducted through

Vulnerability ScansNon-intrusiveReport focus on what

vulnerabilities exist and how they can be mitigated

How do Vulnerability Scans work?Uses a database of well know

exploitsBegins with a specified range of

hostsDetects open TCP and UDP ports

within range, and determine which services are running on each host

Runs vulnerability checks based on the information gathered for each host

Creates report of exploitable vulnerabilities and remediation steps

What is Penetration Testing?Aka PenTestingEvaluate security Simulating an attack against a

vulnerabilityCompromises systems to show

potential threatsReports focus on what data was

compromised and how

VulnScan vs. PenTest

Vulnerability Scan

Penetration Test

How often to run

Monthly; before equipment is added to a network

Yearly

Reports Comprehensive list of vulnerabilities for each host. Remediation steps

Identifies what data was compromised and how

Performed by

In house staff Independent outside service

Need for Pen-testingData is a company’s most

important assetPerform external security checkIdentify holes in systemHelps justify need to fixFix before system goes live

Process of Pen-testing

PlanningRules for testingFinal management approvalTesting goals are setNo testing occurs in this stage

DiscoveryStarts actual system testingPort ScanningVulnerability analysisSystem is compared against

vulnerability databasesAutomated scanner can do this

AttackExploit vulnerabilities found from

testsExploits fall into several

categoriesKernel FlawsBuffer OverflowsRace ConditionsTrojansSocial Engineering

ReportingOccurs simultaneously with other

phasesTest plans, permission, rules of

engagement (Planning)Written logs, description of

vulnerabilities, risk ratings, (optional) guidance to fix (Discovery)

Attack results, how it was done, impact on system (Attack)

Referenceshttp://www.pentest.com/overviewMesoploit Attacks by David

Kennedywww.offensive-security.com/

pentest

Penetration Testing

Matthew LeonardTroy MatthewsCOP4910

top related

expert penetration testing
Documents
chapter22 penetration testing
Documents
android penetration testing
Documents
penetration testing report
Documents
cone penetration testing
Documents
penetration testing methodologies testing... · penetration...
Documents
demystifying penetration testing
Documents
internal penetration testing
Documents
penetration testing network & perimeter testing
Documents
penetration testing - perspective risk · pdf filea provider...
Documents
penetration testing - university of texas at...
Documents
information sheet penetration testing...vulnerability...
Documents
penetration testing presentation
Documents
penetration testing basics
Technology
penetration testing methodology
Documents
backtrack 5 wireless penetration testing beginner's...
Documents
penetration testing - brown university...
Documents
penetration testing professional
Documents
penetration testing services - opposition security ·...
Documents
web application penetration testing · penetration testing...
Documents