A penetration test, occasionally pentest, is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders (who do not have an authorized means of accessing the organization’s systems) and malicious insiders (who have some level of authorized access).
The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures.
This analysis is carried out from the position of a potential attacker and can involve active exploitation of security vulnerabilities.
Security issues uncovered through the penetration test are presented to the system’s owner. Effective penetration tests will couple this information with an accurate assessment of the potential impacts to the organization and outline a range of technical and procedural countermeasures to reduce risks.
Penetration tests are valuable for several reasons:
- Determining the feasibility of a particular set of attack vectors
- Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities exploited in a particular sequence
- Identifying vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software
- Assessing the magnitude of potential business and operational impacts of successful attacks
- Testing the ability of network defenders to successfully detect and respond to the attacks
- Providing evidence to support increased investments in security personnel and technology
White, Black or Gray box
Penetration tests can be conducted in several ways. The most common difference is the amount of knowledge of the implementation details of the system being tested that are available to the testers. Black box testing assumes no prior knowledge of the infrastructure to be tested. The testers must first determine the location and extent of the systems before commencing their analysis.
At the other end of the spectrum, white box testing provides the testers with complete knowledge of the infrastructure to be tested, often including network diagrams, source code, and IP addressing information. There are also several variations in between, often known as grey box tests. Penetration tests can also be described as “full disclosure” (white box), “partial disclosure” (grey box), or “blind” (black box) tests based on the amount of information provided to the testing party.
The relative merits of these approaches are debated. Black box testing simulates an attack from someone who is unfamiliar with the system. White box testing simulates what might happen during an “inside job” or after a “leak” of sensitive information, where the attacker has access to source code, network layouts, and possibly even some passwords.
The services offered by penetration testing firms span a similar range, from a simple scan of an organization’s IP address space for open ports and identification banners to a full audit of source code for an application.
Information Leak is an application weakness where an application reveals sensitive data, such as technical details of the web application, environment, or user-specific data. Sensitive data may be used by an attacker to exploit the target web application, its hosting network, or its users. Therefore, leakage of sensitive data should be limited or prevented whenever possible. Information Leakage, in its most common form, is the result of one or more of the following conditions: A failure to scrub out HTML/Script comments containing sensitive information, improper application or server configurations, or differences in page responses for valid versus invalid data.
We test for OWASP Top 10 in order to offer your company the best possible protection.
OWASP Top 10 searches for the following vulnerabilities:
- Injection (SQL, LDAP, XPATH inter alia)
- Cross-site scripting (XSS)
- Poor authentication and session management
- Direct access to inadequately secured objects
- Cross-Site Request Forgery (CSRF)
- Insufficient configuration
- Insecure Cryptographic Storage
- Unsecured direct URL access
- Inadequate protection of the transport layer
- Unsafe redirects and forwards