Day: August 29, 2021

What is Penetration Testing? (Pen Testing) A penetration test uses ethical hackers to complete a planned attacks against a company’s infrastructure to identify security vulnerabilities that require fix work, such as patching. Pen testing is a crucial component within a comprehensive web application security approach. What is a Pentest? Penetration testing, or pen testing, involves authorised simulations of attacks on an organisation’s network or applications to pinpoint vulnerabilities and security concerns. The discovered vulnerabilities are exploited to confirm their severity and compromise machines. Machines or applications compromised in the process are utilized to access an organisation’s network, aiding in the assessment of potential attacker access levels. Penetration Testing Overview: How The Process Works It is important to note that penetration tests should be conducted by skilled and ethical professionals, and organisations should be aware of and approve the testing activities to prevent unnecessary disruptions. The goal is to provide valuable insights into security weaknesses and help organisations enhance their overall cybersecurity posture. Who Performs Penetration Testing There are various types of penetration tests, each focusing on specific aspects of a system’s security. Some common types include: Black Box Testing: Testers have little or no prior knowledge of the system, simulating an external hacker’s perspective. White Box Testing: Testers have full knowledge of the system, including source code and architecture, simulating an insider’s perspective. Grey Box Testing: Testers have partial knowledge of the system, combining elements of both black and white box testing. External Testing: Assessing the security of externally-facing systems, such as websites and servers. Internal Testing: Simulating an attack from within the organization to identify vulnerabilities that could be exploited by insiders. Web App Security Testing: Focusing specifically on the security of web applications to uncover vulnerabilities like SQL injection or cross-site scripting. Network Penetration Testing: Evaluating the security of network infrastructure, identifying weaknesses in routers, switches, and other network devices. Social Engineering Testing: Assessing human behavior and susceptibility to manipulation, often involving tactics like phishing. Mobile App Security Testing: Evaluating the security of mobile apps to identify vulnerabilities and potential exploits. The choice of which type of penetration test to perform depends on the specific goals and requirements of the organisation. The ultimate goal of a penetration test is to empower the organisation with insights that help enhance its cybersecurity defences, mitigate risks, and prevent potential security incidents. What Happens After a Penetration Test: Penetration testing is a vital element in bolstering an organisation’s cybersecurity defences. To employ it effectively, the initial step involves defining clear objectives. This entails outlining specific goals and objectives for the penetration test, providing a comprehensive understanding of the aspects within the organisation’s security framework that require assessment. Once these objectives are established, the next crucial step is to clearly define the scope of the penetration test. This involves specifying the systems, networks, and applications that will undergo testing, facilitating a focused and resource-optimised assessment. It’s important to tailor the penetration testing approach to the specific needs and environment of the organisation. A […]

What is Pentesting? What is a Pentest, and how can it be used to help improve the security posture of your organisation. What is a Pentest? Penetration testing, also known as pen testing, is an authorised attack simulation against an organisations network or applications identifying vulnerabilities and security issues. Vulnerabilities discovered when conducting a penetration testing service are exploited confirming the severity of the issue and compromised machines. Machines or applications compromised during the engagement are used to gain access into an organisations network, this process is carried out to help identify the level of access potential attacker could obtain. Pentest Process Overview: Authorised attack simulation Identifies vulnerabilities Identified vulnerabilities are exploited Privilege escalation is performed Discovered vulnerabilities are used together to gain a higher level of access Penetrated machines are used to access the network Pentesting is typically performed against a companies servers, web applications, external network infrastructure and mobile applications. The assessment process is manual with the use of industry standard commercial and open source tools to assist the testing process. Once a vulnerability has been successfully exploited, a tester may use the machine as an entry point to access other machines within the network, gaining access to data that would normally be protected by firewalls or requiring higher privilege level accounts. Penetration testing helps identify the potential risk factor by identifying the level of data a potential attacker could access. Pentesting is typically broken down into the following actions: Scoping Reconnaissance Discovery Exploitation Control Advancement Reporting What is Manual Pentesting? Manual pen testing leverages the best in class security auditing software and tools and uses human expertise to combine the best of both options and rule out any false positives in the final report. Automated software solutions are unable to identify specific logic flaws and manual Pentesting is required to identify issues based on technical experience. The process of combining both testing solutions is commonly referred to as Vulnerability Assessment and Penetration Testing (VAPT), see our what is VAPT resource for more information. Aptive provide a consultant lead manual web app security audit service to help identify logic flaws and complex application security issues. Pentest FAQ How Much Does a Pentest Cost? This depends on the size and complexity of what requires assessment, contact us for an estimate or read more on our penetration testing services page. Pentest vs Vulnerability Assessment? A pentest is performed manually by a security professional, a vulnerability assessment is an automated assessment conducted by software. What is the Purpose of Pentesting? A Pentest, assess the security of IT infrastructure, API’s or web / mobile applications by attempting to exploit discovered vulnerabilities in a controlled way. These vulnerabilities are then documented, allowing an organisation to see an overview of the discovered issues and their associated risks, perform remediation of the issues, and then have the discovered issues reassessed to verify the remediation efforts were successful. Learn about more about pentesting in our Cyber Security Academy.

What is OS Command Injection? An overview of what OS Command Injection is, how to detect, exploit and help prevent the web vulnerability. What is OS Command Injection? OS Command Injection occurs when input is passed from an application to the backend operating system (OS), the supplied input is then executed by the operating system as a OS command. The vulnerability is caused by the application lacking the correct controls, such as input validation or sanitisation to prevent dangerous input being accepted and rendered by the web application as an operating system command. The Impact of OS Command Injection If successfully exploited OS Command Injection could allow an attacker or malicious user command execution on the target with the same permissions as the exploited web server. Depending on the configuration of the target, and level of security hardening that has been conducted (or lack there of) successful exploitation of this vulnerability could, potentially result in the attacker gaining complete control of the vulnerable system, exfiltrating sensitive data or performing privilege escalation / lateral movement. Are you concerned about OS Command Injection? Aptive can perform a web app security test to help identify this and other injection attacks. How to Identify OS Command Injection A vulnerable input parameter is the typical entry point for command injection, however other entry points such as HTTP headers, have also been found to be vulnerable. A typical command injection example: https://www.example.com/function.php=blah|test123 If vulnerable, and the application permitted the error to be returned in the response, a “command not found error” would be reflected. The Different Types of OS Command Injection Similar to SQL Injection there are different types or command injection vulnerabilties: What is Error Based Command Injection The injected command induces an error message which is returned in the response by the web application (reflected). What is Blind Command Injection The target application is vulnerable to command injection, however no error is rendered by the application in this case the attacker would perform a proof of concept using either time based, out-of-band or by redirecting output to a file location they could read such a web root. A typical example of this would be echo test123 > /var/www/html/test.txt the attacker would then browse to the web root to verify the command output within the test.txt time. What is Time Based Command Injection The injected command uses a timed based payload, such as ping -c 10 127.0.0.1 the response from the web server is then timed to see if it roughly matches the injected payload delay time. What is Out-of-Band (OOB) Command Injection The injected OS command uses an Out-of-Band method of communication to perform a proof of concept, verifying that the injected OS command has been executed by the target operation system, as a command. For example a DNS lookup or a HTTP request to an attacker controlled server using nslookup nslookup+attacker-server . Learn more: Learn more about what pentesting is and how it can help your organisation identify security issues. How to Prevent […]