SlideShare ist ein Scribd-Unternehmen logo

Penetration Security Testing

Sanjulika Rastogi
Sanjulika Rastogi
Technologie
1 von 12
Downloaden Sie, um offline zu lesen
  Penetration  Testing  &  Deep  Code  Analyst  Report   For  EXAMPLE  CLIENT   By  Matt  Dobinson    Date:  21/09/2011  Version:  V1.02   ATTENTION   This  document  contains  information  from  Fireworks  Websites  that  is  confidential  and   privileged.  The  information  is  intended  for  the  private  use  of  EXAMPLE CLIENT.  By   accepting  this  document  you  agree  to  keep  the  contents  in  confidence  and  not  copy,   disclose,  or  distribute  this  without  written  request  to  and  written  confirmation  from   NII.  If  you  are  not  the  intended  recipient,  be  aware  that  any  disclosure,  copying,  or   distribution  of  the  contents  of  this  document  is  prohibited.  
Fireworks  Websites   Penetration  Testing  &  Deep  Code  Analyst  Report   2       PENETRATION  TESTING  &  DEEP  CODE  ANALYST  REPORT   2       Document Details   Title   Penetration  Testing  &  Deep  Code   Analyst  Report   Version   V1.02   Author   Matthew  Dobinson   Pen-­‐testers   Matthew  Dobinson   Reviewed  By   EXAMPLE  CLIENT   Approved  By   EXAMPLE  CLIENT   Classification   Confidential     Recipient Name   Title   Company   EXAMPLE  CLIENT   Managing  Director   EXAMPLE  CLIENT     Version Control Version   Date   Author   Description   V1.01   14/09/2011   Matthew   Dobinson   Initial  Testing   V1.02   21/09/2011   Matthew   Dobinson   Final  Report    
Fireworks  Websites   Penetration  Testing  &  Deep  Code  Analyst  Report   3     PENETRATION  TESTING  &  DEEP  CODE  ANALYST  REPORT   3     Table  of  Contents   1  EXECUTIVE  SUMMARY ...............................................................................................................4   1.1  SUMMARY.....................................................................................................................................................4   1.1.1  Approach............................................................................................................................................... 4   1.1.2  Scope  of  Work..................................................................................................................................... 4   1.1.3  Project  Objectives.............................................................................................................................. 4   1.1.4  Timeline................................................................................................................................................. 5   1.1.5  Summary  of  Findings....................................................................................................................... 5   1.2  METHODOLOGY...........................................................................................................................................5   1.2.1  Planning ................................................................................................................................................ 5   1.2.2  Exploitation ......................................................................................................................................... 5   1.2.3  Reporting.............................................................................................................................................. 6   4.  TECHNICAL  REPORT ..................................................................................................................6   4.1  SESSION  HIJACKING....................................................................................................................................6   4.2  GENERIC  SQL  INJECTION  VULNERABILITY  (PARAMETERS  NAMES)................................................7   4.3  UNHANDLED  EXCEPTIONS  ON  MULTIPLE  PAGES...................................................................................7   4.4  CROSS  SITE  SCRIPTING ..............................................................................................................................8   4.5  LOCAL  FILESYSTEM  PATHS  FOUND.........................................................................................................9   4.6  PHP  EXPOSE_PHP  INFORMATION  DISCLOSURE ....................................................................................9   4.7  WEB  SERVER  ROBOTS.TXT  INFORMATION  DISCLOSURE..................................................................10   4.8  PHPINFO  PAGE  PRESENT ....................................................................................................................10   4.9  EMAIL  ADDRESS  DISCLOSURE...............................................................................................................11   5  CONCLUSION............................................................................................................................... 12   6  REFERENCES............................................................................................................................... 12   APPENDIX  A  -­‐  NESSUS  VULNERABILITY  SCANNING  REPORT .................................................................12   APPENDIX  B  –  WEBSECURIFY  REPORTS.....................................................................................................12      
Fireworks  Websites   Penetration  Testing  &  Deep  Code  Analyst  Report   4       PENETRATION  TESTING  &  DEEP  CODE  ANALYST  REPORT   4       1  Executive  Summary   1.1  Summary   EXAMPLE  CLIENT  has  assigned  the  task  of  carrying  out  a  deep  code  analyst  and   penetration  testing  of  the  web  application  located  on  EXAMPLE  CLIENT.com.au.   This  is  the  second  Penetration  Testing  report.  This  Penetration  Test  was   performed  during  22nd  September  2011  and  27th  September  2011.  The  detailed   report  about  each  task  and  our  findings  are  described  below.   The  purpose  of  the  test  is  to  determine  security  vulnerabilities  in  the  web   applications  running  on  the  server  specified  as  part  of  the  scope.  The  tests  are   carried  out  assuming  the  identity  of  an  attacker  or  a  user  with  malicious  intent.   At  the  same  time  due  care  is  taken  not  to  harm  the  server  or  database.         1.1.1  Approach   • Perform  broad  scans  to  identify  potential  areas  of  exposure  and  services  that   may  act  as  entry  points   • Perform  targeted  scans  and  manual  investigation  to  validate  vulnerabilities   • Test  identified  components  to  gain  access  to:  www.EXAMPLE  CLIENT.com.au   • Identify  and  validate  vulnerabilities   • Rank  vulnerabilities  based  on  risk  level  of  exploitation   • Perform  supplemental  research  and  development  activities  to  support   analysis   • Identify  issues  of  immediate  consequence  and  recommend  solutions   • Develop  long-­‐term  recommendations  to  enhance  security   • Transfer  knowledge   During  the  web  application  level  we  checked  the  web  servers’  configuration   issues,  and  more  importantly  the  logical  errors  in  the  web  application  itself. 1.1.2  Scope  of  Work   The  scope  of  this  penetration  test  was  limited  to  the  below  mentioned  web   application.   www.EXAMPLE  CLIENT.com.au     1.1.3  Project  Objectives   This  security  assessment  is  carried  out  to  gauge  the  security  posture  of   EXAMPLE  CLIENT's  Internet  facing  web  application.  The  result  of  the  assessment   is  then  analysed  for  vulnerabilities.  Given  the  limited  time  that  is  given  to   perform  the  assessment,  only  immediately  exploitable  services  have  been  tested.  
Fireworks  Websites   Penetration  Testing  &  Deep  Code  Analyst  Report   5     PENETRATION  TESTING  &  DEEP  CODE  ANALYST  REPORT   5     The  vulnerabilities  are  assigned  a  risk  rating  based  on  threat,  vulnerability  and   impact.     1.1.4  Timeline   The timeline of the test is as below: Penetration  Testing   Start  Date/Time   End  Date/Time   Initial  Testing   14/09/2011   14/09/2011   Final  Testing   21/09/2011   27/09/2011     1.1.5  Summary  of  Findings   Value   Number  of  Risks   Low   4   Medium   3   High   2       1.2  Methodology   1.2.1  Planning   During  planning  we  gather  information  from  the  server  in  which  the  web   application  is  installed.  Then,  we  detect  the  path  information  and  identifiable   software  and  determined  the  running  their  versions.   1.2.2  Exploitation   Utilizing  the  information  gathered  in  planning  we  start  to  find  the  vulnerability   for  each  piece  of  software  and  service  that  we  discovered  after  that  trying  to   exploit  it.   Low   Medium   High   Vulnerabilities   Low   Medium   High  
Fireworks  Websites   Penetration  Testing  &  Deep  Code  Analyst  Report   6       PENETRATION  TESTING  &  DEEP  CODE  ANALYST  REPORT   6       1.2.3  Reporting   Based on the results from the first two steps, we start analysing the results. Our Risk rating is based on this calculation: Risk=Threat * Vulnerability * Impact Threat   Low   Medium   High   Critical   Vulnerability   L   M   H   C   L   M   H   C   L   M   H   C   L   M   H   C   Low                                   Medium                                   High                                   Impact   Critical                                     L   Low   1-­‐16   M   Medium   17-­‐32   H   High   33-­‐48   C   Critical   49-­‐64     After  calculating  the  risk  rating,  we  start  writing  the  report  on  each  risk  and  how   to  mitigate  it.   *Based  on  our  analysis  risks  that  falls  under  this  category  will  be  considered  as   High.     4.  Technical  Report     4.1  Session  Hijacking     Risk:  High   Classification:  Authorization   Resource:  All  shopping  cart  pages   Analyst:   Fireworks have found that it is possible to hijack another users session using their unique session identifier code. This can be used to hijack any account for which the attacker has a identifier code. This code is contained within the URL and as such can be easily copied using methods like network sniffing, cross site scripting, trojans/malware and viewing browser history.
Fireworks  Websites   Penetration  Testing  &  Deep  Code  Analyst  Report   7     PENETRATION  TESTING  &  DEEP  CODE  ANALYST  REPORT   7     Recommendation:   Force  the  session  to  contain  and  verify  an  ip  or  other  system  identifier,  also   restrict  session  files  to  be  cleared  out  at  a  regular  interval.   4.2  Generic  SQL  Injection  Vulnerability  (Parameters  Names)   Risk:  High   Classification:  Information   Resource:  /customers/login.php?'+convert(int,convert(varchar,0x7b5d))+'=1   Analyst:   By providing specially crafted parameters to PHP, we were able to get an error from the underlying database. This error suggests that the PHP is affected by a SQL injection vulnerability. An attacker may be able to exploit this flaw to bypass authentication, read confidential data, modify the remote database, or even take control of the remote operating system.   Recommendation:   Modify  the  relevant  PHP  so  that  it  properly  escape  arguments.     4.3  Unhandled  exceptions  on  multiple  pages   Risk:  Medium   Classification:  Information   Resource:     http://EXAMPLE  CLIENT.com.au/customers/login.php   http://EXAMPLE   CLIENT.com.au/subdirectory/wishlist.php?warning=wrong%20email   %20or%20password&wish=1&pid=&p=&v1=&t=   http://www.EXAMPLE  CLIENT.com.au/subdirectory/notify.php   http://www.EXAMPLE  CLIENT.com.au/subdirectory/specs.html?   cid=5625&myorder=price&mydirection=ASC'&limit=150d&mypage=0     Analyst:   Unhandled exceptions are instances where certain events occur in an unexpected manner in which the programmers did not foresee and therefore the programmed logic is unable to anticipate, resulting in an exception and non-user friendly error message.  
Fireworks  Websites   Penetration  Testing  &  Deep  Code  Analyst  Report   8       PENETRATION  TESTING  &  DEEP  CODE  ANALYST  REPORT   8       Recommendation:   Review  all  source  code  and  modify  logic  to  handle  unexpected  events,  and   declare  variables  first  prior  to  use.  There  is  also  a  PHP  API  function   mysql_real_escape_string.See:  http://php.net/manual/en/function.mysql-­‐real-­‐ escape-­‐string.php     4.4  Cross  Site  Scripting   Risk:  Medium   Classification:  Information   Resource:     http://www.EXAMPLE   CLIENT.com.au/subdirectory/search.php?search=<script>alert(1);</script>   http://www.EXAMPLE   CLIENT.com.au/subdirectory/editAll.php?email="><script>alert(1);</script>   http://www.EXAMPLE   CLIENT.com.au//datafolder/aMediaGallery.php?cid=10"/><h1>hello</h1>   http://www.EXAMPLE   CLIENT.com.au/products/index.php?warning="><script>alert(1);</script>   http://www.EXAMPLE  CLIENT.com.au/about_EXAMPLE   CLIENT.html?cur=<wslite>   http://www.EXAMPLE  CLIENT.com.au/index.html?cur=<wslite>   http://www.EXAMPLE  CLIENT.com.au/pages/help_top.html?cur=<wslite>   http://www.EXAMPLE  CLIENT.com.au/pages/security_new.html?cur=<wslite>   http://www.EXAMPLE  CLIENT.com.au/pages/help_main.html?cur=<wslite>   http://www.EXAMPLE  CLIENT.com.au/pages/help_left.html?cur=<wslite>   http://www.EXAMPLE  CLIENT.com.au/pages/privacy_new.html?cur=<wslite>   http://www.EXAMPLE  CLIENT.com.au/pages/returns_new.html?cur=<wslite>   http://www.EXAMPLE  CLIENT.com.au/pages/contact_new.html?cur=<wslite>   http://www.EXAMPLE  CLIENT.com.au/pages/sizing_new.html?cur=<wslite>   http://www.EXAMPLE  CLIENT.com.au/pages/faqs_new.html?cur=<wslite>   http://www.EXAMPLE  CLIENT.com.au/pages/terms_new.html?cur=<wslite>   http://www.EXAMPLE  CLIENT.com.au/pages/feedback_new.html?cur=<wslite>   Analyst:   A cross-site scripting vulnerability is a weakness in a website, where malicious content may be injected into a web page and thus attack the website visitor. It is commonly used in 'phising' campaigns for banking and other financial websites and to impersonate the legitimate business. Alternatively, it is often used to infect the client browser with malicious HTML or JavaScript where exploits may be inserted, thereby compromising the user experience and gaining access to their system, or stealing their authentication cookies and compromising their online account and password.
Fireworks  Websites   Penetration  Testing  &  Deep  Code  Analyst  Report   9     PENETRATION  TESTING  &  DEEP  CODE  ANALYST  REPORT   9     The www.EXAMPLE CLIENT.com.au website is vulnerable in almost every form.   Recommendation:   Modify  all  user  input  scripts  to  strip  malicious  characters  first,  such  as  '  “  <  >  *   and  other  symbols.  The  PHP  API  provides  the  htmlentities  function  to  facilitate   this.   See:  http://php.net/manual/en/function.htmlentities.php   4.5  Local  Filesystem  Paths  Found   Risk:  Medium   Classification:  Information   Resource:     /subdirectory/file.html?mycname=must-­‐haves   /products/pages/search.php?search=;   Analyst:   Fireworks have detected an absolute filesystem path (i.e. one that is not relative to the web root). This information is sensitive, as it may reveal things about the server environment to an attacker. Knowing filesystem layout can increase the chances of success for blind attacks. Full system paths are very often found in error output. This output should never be sent to clients on production systems. It should be redirected to another output channel (such as an error log) for analysis by developers and system administrators.   Recommendation:   Absolute  paths  are  often  found  in  error  output.   Both  the  system  administrators  and  developers  should  be  made  aware,  as  the   problem  may  be  due  to  an  application  error  or  server  misconfiguration.   Error  output  containing  sensitive  information  such  as  absolute  system  paths   should  not  be  sent  to  remote  clients  on  production  servers.   This  output  should  be  sent  to  another  output  stream,  such  as  an  error  log.     4.6  PHP  expose_php  Information  Disclosure   Risk:  Low   Classification:  Information   Resource:  http://EXAMPLE   CLIENT.com.au/customers/login.php/?=PHPB8B5F2A0-­‐3C92-­‐11d3-­‐A3A9-­‐ 4C7B08C10000  
Fireworks  Websites   Penetration  Testing  &  Deep  Code  Analyst  Report   10       PENETRATION  TESTING  &  DEEP  CODE  ANALYST  REPORT   10       Analyst:   The PHP install on the remote server is configured in a way that allows disclosure of potentially sensitive information to an attacker through a special URL. Such an URL triggers an Easter egg built into PHP itself. Other such Easter eggs likely exist, but Nessus has not checked for them. Recommendation:   In  the  PHP  configuration  file,  php.ini,  set  the  value  for  'expose_php'  to  'Off'  to   disable  this  behavior.    Restart  the  web  server  daemon  to  put  this  change  into   effect.   See  Also   http://www.0php.com/php_easter_egg.php   http://seclists.org/webappsec/2004/q4/324     4.7  Web  Server  robots.txt  Information  Disclosure   Risk:  Low   Classification:  Information   Resource:  /robots.txt   Analyst:   The remote host contains a file named 'robots.txt' that is intended to prevent web 'robots' from visiting certain directories in a web site for maintenance or indexing purposes. A malicious user may also be able to use the contents of this file to learn of sensitive documents or directories on the affected site and either retrieve them directly or target them for other attacks. Recommendation:   Review  the  contents  of  the  site's  robots.txt  file,  use  Robots  META  tags  instead  of   entries  in  the  robots.txt  file,  and/or  adjust  the  web  server's  access  controls  to   limit  access  to  sensitive  material.     4.8  PHPINFO  Page  Present   Risk:  Low   Classification:  Information   Resource:  http://www.EXAMPLE  CLIENT.com.au/phpinfo.php   Analyst:  
Fireworks  Websites   Penetration  Testing  &  Deep  Code  Analyst  Report   11     PENETRATION  TESTING  &  DEEP  CODE  ANALYST  REPORT   11     Many PHP installation tutorials instruct the user to create a PHP file that calls the PHP function 'phpinfo()' for debugging purposes. Various PHP applications may also include such a file. By accessing such a file, a remote attacker can discover a large amount of information about the remote web server, including : • The  username  of  the  user  who  installed  php  and  if  they  are  a  SUDO  user.   • The  IP  address  of  the  host.   • The  version  of  the  operating  system.   • The  web  server  version.   • The  root  directory  of  the  web  server.     • Configuration  information  about  the  remote  PHP   Recommendation:   The  phpinfo.php  script  is  harmless  and  may  be  deleted.  Removal  of  the  script   will  prevent  disclosure  of  sensitive  information  such  as  CPU  type,  memory,   kernel  version,  internal  system  paths,  security  features  enabled  or  disabled  and   installed  software.Another  possibility  is  that  the  server  is  automatically   configured  to  include  e-­‐mail  addresses.  Tweaking  configuration  can  usually   remove  these.     4.9  Email  Address  Disclosure   Risk:  Low   Classification:  Information   Resource:  All  *REMOVED*  Pages   Analyst:   Fireworks have found patterns that resemble e-mail addresses in scanned content. These may be user the addresses of system users, addresses inserted in user-supplied content, or third-party addresses embedded in components of the application (such as Javascript libraries). Automatically scraping websites is one way that spammers and phishers collect e-mail addresses for their distribution lists. It is recommended that e- mail addresses not be displayed on exposed parts of the web application, directly or indirectly. Recommendation:   If  the  e-­‐mail  addresses  are  those  of  users,  developers  should  investigate  why   they  are  being  output  and  try  to  remove  or  obfuscate  them.   E-­‐mail  addresses  embedded  in  user-­‐supplied  content  should  be  filtered  or   obfuscated  to  prevent  unintented  disclosure.   It  is  common  that  e-­‐mail  addresses  may  be  automatically  included  in  third-­‐party   components,  such  as  Javascript  libraries.   Another  possibility  is  that  the  server  is  automatically  configured  to  include  e-­‐ mail  addresses.  Tweaking  configuration  can  usually  remove  these.  
Fireworks  Websites   Penetration  Testing  &  Deep  Code  Analyst  Report   12       PENETRATION  TESTING  &  DEEP  CODE  ANALYST  REPORT   12       5  Conclusion   For  systems  to  remain  secure,  security  posture  must  be  evaluated  and  improved   continuously.  Establishing  the  organizational  structure  that  will  support  these   ongoing  improvements  is  essential  in  order  to  maintain  control  of  corporate   information  systems.   We  conclude  that  the  overall  security  has  been  improved.  We  hope  that  the  web   application  is  review  every  6  months  or  year  depending  on  the  amount  of   changes  to  the  source  code.   6  References   Appendix  A  -­‐  Nessus  Vulnerability  Scanning  Report   Attached  nessus  scan  executive  report.   Appendix  B  –  Websecurify  Reports     Attached  Websecurify  vulnerability  report.    

Empfohlen

Vulnerability Assessment Report
Vulnerability Assessment ReportVulnerability Assessment Report
Vulnerability Assessment Report
Harshit Singh Bhatia
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report
Rishabh Upadhyay
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample Report
Octogence
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
Pasta Threat Modeling
Pasta Threat ModelingPasta Threat Modeling
Pasta Threat Modeling
EC-Council
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 

Empfohlen

Vulnerability Assessment Report
Vulnerability Assessment ReportVulnerability Assessment Report
Vulnerability Assessment Report
Harshit Singh Bhatia
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report
Rishabh Upadhyay
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample Report
Octogence
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
Pasta Threat Modeling
Pasta Threat ModelingPasta Threat Modeling
Pasta Threat Modeling
EC-Council
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
n|u - The Open Security Community
 
Nii sample pt_report
Nii sample pt_reportNii sample pt_report
Nii sample pt_report
Chandan Bagai, GWAPT, CEHv8, CCNA
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Netsparker
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) security
Nahidul Kibria
 
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Report
btpsec
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling Everything
Anne Oikarinen
 
Vulnerability assessment &amp; Penetration testing Basics
Vulnerability assessment &amp; Penetration testing Basics Vulnerability assessment &amp; Penetration testing Basics
Vulnerability assessment &amp; Penetration testing Basics
Mohammed Adam
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
Supply Chain Attacks
Supply Chain AttacksSupply Chain Attacks
Supply Chain Attacks
Lionel Faleiro
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing
RomSoft SRL
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
Scott Sutherland
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
Cyber attaques APT avec le framework MITRE ATT&CK
Cyber attaques APT avec le framework MITRE ATT&CKCyber attaques APT avec le framework MITRE ATT&CK
Cyber attaques APT avec le framework MITRE ATT&CK
EyesOpen Association
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
Marco Morana
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
Application Security in the Age of Open Source
Application Security in the Age of Open SourceApplication Security in the Age of Open Source
Application Security in the Age of Open Source
Black Duck by Synopsys
 
Penetration testing the cloud - vlad gostom
Penetration testing the cloud - vlad gostomPenetration testing the cloud - vlad gostom
Penetration testing the cloud - vlad gostom
Hardway Hou
 

Weitere ähnliche Inhalte

Was ist angesagt?

Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling Everything
Anne Oikarinen
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
Scott Sutherland
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
Marco Morana
 

Was ist angesagt? (20)

Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
 
Nii sample pt_report
Nii sample pt_reportNii sample pt_report
Nii sample pt_report
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) security
 
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Report
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling Everything
 
Vulnerability assessment &amp; Penetration testing Basics
Vulnerability assessment &amp; Penetration testing Basics Vulnerability assessment &amp; Penetration testing Basics
Vulnerability assessment &amp; Penetration testing Basics
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
 
Supply Chain Attacks
Supply Chain AttacksSupply Chain Attacks
Supply Chain Attacks
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Cyber attaques APT avec le framework MITRE ATT&CK
Cyber attaques APT avec le framework MITRE ATT&CKCyber attaques APT avec le framework MITRE ATT&CK
Cyber attaques APT avec le framework MITRE ATT&CK
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 

Andere mochten auch

Running a Software Security Program with Open Source Tools (Course)
Running a Software Security Program with Open Source Tools (Course)Running a Software Security Program with Open Source Tools (Course)
Running a Software Security Program with Open Source Tools (Course)
Denim Group
 
Running a Software Security Program with Open Source Tools
Running a Software Security Program with Open Source ToolsRunning a Software Security Program with Open Source Tools
Running a Software Security Program with Open Source Tools
Denim Group
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best Practices
Kellep Charles
 
Docker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on Linux
Michael Boelen
 
2016 Future of Open Source Study
2016 Future of Open Source Study2016 Future of Open Source Study
2016 Future of Open Source Study
North Bridge
 
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron GrattafioriThe Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
Docker, Inc.
 

Andere mochten auch (20)

Application Security in the Age of Open Source
Application Security in the Age of Open SourceApplication Security in the Age of Open Source
Application Security in the Age of Open Source
 
Penetration testing the cloud - vlad gostom
Penetration testing the cloud - vlad gostomPenetration testing the cloud - vlad gostom
Penetration testing the cloud - vlad gostom
 
Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0
 
Running a Software Security Program with Open Source Tools (Course)
Running a Software Security Program with Open Source Tools (Course)Running a Software Security Program with Open Source Tools (Course)
Running a Software Security Program with Open Source Tools (Course)
 
Ethical Hacking &amp; Penetration Testing
Ethical Hacking &amp; Penetration TestingEthical Hacking &amp; Penetration Testing
Ethical Hacking &amp; Penetration Testing
 
Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and WhyFilling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
 
Running a Software Security Program with Open Source Tools
Running a Software Security Program with Open Source ToolsRunning a Software Security Program with Open Source Tools
Running a Software Security Program with Open Source Tools
 
PCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s MissingPCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s Missing
 
Don't Let Open Source be the Deal Breaker In Your M&A
Don't Let Open Source be the Deal Breaker In Your M&A Don't Let Open Source be the Deal Breaker In Your M&A
Don't Let Open Source be the Deal Breaker In Your M&A
 
Securing Docker Containers
Securing Docker ContainersSecuring Docker Containers
Securing Docker Containers
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best Practices
 
Open Source in Application Security
Open Source in Application SecurityOpen Source in Application Security
Open Source in Application Security
 
ASP.NET Web Security
ASP.NET Web SecurityASP.NET Web Security
ASP.NET Web Security
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
 
The 4 Levels of Open Source Risk Management
The 4 Levels of Open Source Risk ManagementThe 4 Levels of Open Source Risk Management
The 4 Levels of Open Source Risk Management
 
Docker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on Linux
 
2016 Future of Open Source Study
2016 Future of Open Source Study2016 Future of Open Source Study
2016 Future of Open Source Study
 
Docker Security Deep Dive by Ying Li and David Lawrence
Docker Security Deep Dive by Ying Li and David LawrenceDocker Security Deep Dive by Ying Li and David Lawrence
Docker Security Deep Dive by Ying Li and David Lawrence
 
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron GrattafioriThe Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
 
Pen test methodology
Pen test methodologyPen test methodology
Pen test methodology
 

Ähnlich wie Penetration Security Testing

Peck shield audit-report-strips-1.0-for_medium
Peck shield audit-report-strips-1.0-for_mediumPeck shield audit-report-strips-1.0-for_medium
Peck shield audit-report-strips-1.0-for_medium
ChengZhu22
 
52892006 manual-testing-real-time
52892006 manual-testing-real-time52892006 manual-testing-real-time
52892006 manual-testing-real-time
Sunil Pandey
 
Semi-Automated Security Testing of Web applications
Semi-Automated Security Testing of Web applicationsSemi-Automated Security Testing of Web applications
Semi-Automated Security Testing of Web applications
Ram G Athreya
 
Manual testing real time questions by subbu
Manual testing real time questions by subbuManual testing real time questions by subbu
Manual testing real time questions by subbu
palla subrahmanyam
 
Specifications for the real world — Using Specification by Example and Gherkin
Specifications for the real world — Using Specification by Example and GherkinSpecifications for the real world — Using Specification by Example and Gherkin
Specifications for the real world — Using Specification by Example and Gherkin
Kamil Nicieja
 
Manual testing
Manual testingManual testing
Manual testing
Ajit Jain
 
7 Reasons Your Applications are Attractive to Adversaries
7 Reasons Your Applications are Attractive to Adversaries7 Reasons Your Applications are Attractive to Adversaries
7 Reasons Your Applications are Attractive to Adversaries
Derek E. Weeks
 
A%20study%20of%20web%20application%20vulnerabilities%20and%20vulnerability%20...
A%20study%20of%20web%20application%20vulnerabilities%20and%20vulnerability%20...A%20study%20of%20web%20application%20vulnerabilities%20and%20vulnerability%20...
A%20study%20of%20web%20application%20vulnerabilities%20and%20vulnerability%20...
Chinnappa Doss
 
Risk Oriented Testing of Web-Based Applications
Risk Oriented Testing of Web-Based ApplicationsRisk Oriented Testing of Web-Based Applications
Risk Oriented Testing of Web-Based Applications
Paxcel Technologies
 

Ähnlich wie Penetration Security Testing (20)

Peck shield audit-report-strips-1.0-for_medium
Peck shield audit-report-strips-1.0-for_mediumPeck shield audit-report-strips-1.0-for_medium
Peck shield audit-report-strips-1.0-for_medium
 
52892006 manual-testing-real-time
52892006 manual-testing-real-time52892006 manual-testing-real-time
52892006 manual-testing-real-time
 
Manual
ManualManual
Manual
 
Vulnerability Assesment Subscriptions Cyber51
Vulnerability Assesment Subscriptions Cyber51Vulnerability Assesment Subscriptions Cyber51
Vulnerability Assesment Subscriptions Cyber51
 
Semi-Automated Security Testing of Web applications
Semi-Automated Security Testing of Web applicationsSemi-Automated Security Testing of Web applications
Semi-Automated Security Testing of Web applications
 
Manual testing real time questions by subbu
Manual testing real time questions by subbuManual testing real time questions by subbu
Manual testing real time questions by subbu
 
Peck shield audit-report-umee-v1.0
Peck shield audit-report-umee-v1.0Peck shield audit-report-umee-v1.0
Peck shield audit-report-umee-v1.0
 
Specifications for the real world — Using Specification by Example and Gherkin
Specifications for the real world — Using Specification by Example and GherkinSpecifications for the real world — Using Specification by Example and Gherkin
Specifications for the real world — Using Specification by Example and Gherkin
 
Thick Client Penetration Testing Modern Approaches and Techniques.pdf
Thick Client Penetration Testing Modern Approaches and Techniques.pdfThick Client Penetration Testing Modern Approaches and Techniques.pdf
Thick Client Penetration Testing Modern Approaches and Techniques.pdf
 
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51
 
ByteCode pentest report example
ByteCode pentest report exampleByteCode pentest report example
ByteCode pentest report example
 
Open text security services catalog
Open text security services catalogOpen text security services catalog
Open text security services catalog
 
Open Source Software Testing Tools
Open Source Software Testing ToolsOpen Source Software Testing Tools
Open Source Software Testing Tools
 
Manual testing
Manual testingManual testing
Manual testing
 
Peer Review
Peer ReviewPeer Review
Peer Review
 
7 Reasons Your Applications are Attractive to Adversaries
7 Reasons Your Applications are Attractive to Adversaries7 Reasons Your Applications are Attractive to Adversaries
7 Reasons Your Applications are Attractive to Adversaries
 
business
businessbusiness
business
 
A%20study%20of%20web%20application%20vulnerabilities%20and%20vulnerability%20...
A%20study%20of%20web%20application%20vulnerabilities%20and%20vulnerability%20...A%20study%20of%20web%20application%20vulnerabilities%20and%20vulnerability%20...
A%20study%20of%20web%20application%20vulnerabilities%20and%20vulnerability%20...
 
Security Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfSecurity Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdf
 
Risk Oriented Testing of Web-Based Applications
Risk Oriented Testing of Web-Based ApplicationsRisk Oriented Testing of Web-Based Applications
Risk Oriented Testing of Web-Based Applications
 

Mehr von Sanjulika Rastogi

Methods-Building Developmental Lessons
Methods-Building Developmental LessonsMethods-Building Developmental Lessons
Methods-Building Developmental Lessons
Sanjulika Rastogi
 
Language Experience Lesson Activity
Language Experience Lesson ActivityLanguage Experience Lesson Activity
Language Experience Lesson Activity
Sanjulika Rastogi
 
Cooperative Learning Activity
Cooperative Learning ActivityCooperative Learning Activity
Cooperative Learning Activity
Sanjulika Rastogi
 

Mehr von Sanjulika Rastogi (20)

Using Proficiency Testing
Using Proficiency Testing Using Proficiency Testing
Using Proficiency Testing
 
WIDA CELLA
WIDA CELLAWIDA CELLA
WIDA CELLA
 
Using Proficiency Testing
Using Proficiency Testing Using Proficiency Testing
Using Proficiency Testing
 
Using Proficiency Testing
Using Proficiency Testing Using Proficiency Testing
Using Proficiency Testing
 
WIDA CELLA
WIDA CELLAWIDA CELLA
WIDA CELLA
 
Methods-Building Developmental Lessons
Methods-Building Developmental LessonsMethods-Building Developmental Lessons
Methods-Building Developmental Lessons
 
SLA Theories-Chapter 6
SLA Theories-Chapter 6SLA Theories-Chapter 6
SLA Theories-Chapter 6
 
Language Experience Lesson Activity
Language Experience Lesson ActivityLanguage Experience Lesson Activity
Language Experience Lesson Activity
 
Cooperative Learning Activity
Cooperative Learning ActivityCooperative Learning Activity
Cooperative Learning Activity
 
ganesh testing
ganesh testing ganesh testing
ganesh testing
 
ganesh testing
ganesh testing ganesh testing
ganesh testing
 
Test resource 2
Test resource 2Test resource 2
Test resource 2
 
Pop Tart Cat 3
Pop Tart Cat 3Pop Tart Cat 3
Pop Tart Cat 3
 
Resource Erin
Resource ErinResource Erin
Resource Erin
 
Resource Erin
Resource ErinResource Erin
Resource Erin
 
Test resource 2
Test resource 2Test resource 2
Test resource 2
 
Pop Tart Cat 3
Pop Tart Cat 3Pop Tart Cat 3
Pop Tart Cat 3
 
Pop Tart Cat 3
Pop Tart Cat 3Pop Tart Cat 3
Pop Tart Cat 3
 
Test resource 2
Test resource 2Test resource 2
Test resource 2
 
Resource Erin
Resource ErinResource Erin
Resource Erin
 

Kürzlich hochgeladen

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Kürzlich hochgeladen (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 

Penetration Security Testing

  • 1.   Penetration  Testing  &  Deep  Code  Analyst  Report   For  EXAMPLE  CLIENT   By  Matt  Dobinson    Date:  21/09/2011  Version:  V1.02   ATTENTION   This  document  contains  information  from  Fireworks  Websites  that  is  confidential  and   privileged.  The  information  is  intended  for  the  private  use  of  EXAMPLE CLIENT.  By   accepting  this  document  you  agree  to  keep  the  contents  in  confidence  and  not  copy,   disclose,  or  distribute  this  without  written  request  to  and  written  confirmation  from   NII.  If  you  are  not  the  intended  recipient,  be  aware  that  any  disclosure,  copying,  or   distribution  of  the  contents  of  this  document  is  prohibited.  
  • 2. Fireworks  Websites   Penetration  Testing  &  Deep  Code  Analyst  Report   2       PENETRATION  TESTING  &  DEEP  CODE  ANALYST  REPORT   2       Document Details   Title   Penetration  Testing  &  Deep  Code   Analyst  Report   Version   V1.02   Author   Matthew  Dobinson   Pen-­‐testers   Matthew  Dobinson   Reviewed  By   EXAMPLE  CLIENT   Approved  By   EXAMPLE  CLIENT   Classification   Confidential     Recipient Name   Title   Company   EXAMPLE  CLIENT   Managing  Director   EXAMPLE  CLIENT     Version Control Version   Date   Author   Description   V1.01   14/09/2011   Matthew   Dobinson   Initial  Testing   V1.02   21/09/2011   Matthew   Dobinson   Final  Report    
  • 3. Fireworks  Websites   Penetration  Testing  &  Deep  Code  Analyst  Report   3     PENETRATION  TESTING  &  DEEP  CODE  ANALYST  REPORT   3     Table  of  Contents   1  EXECUTIVE  SUMMARY ...............................................................................................................4   1.1  SUMMARY.....................................................................................................................................................4   1.1.1  Approach............................................................................................................................................... 4   1.1.2  Scope  of  Work..................................................................................................................................... 4   1.1.3  Project  Objectives.............................................................................................................................. 4   1.1.4  Timeline................................................................................................................................................. 5   1.1.5  Summary  of  Findings....................................................................................................................... 5   1.2  METHODOLOGY...........................................................................................................................................5   1.2.1  Planning ................................................................................................................................................ 5   1.2.2  Exploitation ......................................................................................................................................... 5   1.2.3  Reporting.............................................................................................................................................. 6   4.  TECHNICAL  REPORT ..................................................................................................................6   4.1  SESSION  HIJACKING....................................................................................................................................6   4.2  GENERIC  SQL  INJECTION  VULNERABILITY  (PARAMETERS  NAMES)................................................7   4.3  UNHANDLED  EXCEPTIONS  ON  MULTIPLE  PAGES...................................................................................7   4.4  CROSS  SITE  SCRIPTING ..............................................................................................................................8   4.5  LOCAL  FILESYSTEM  PATHS  FOUND.........................................................................................................9   4.6  PHP  EXPOSE_PHP  INFORMATION  DISCLOSURE ....................................................................................9   4.7  WEB  SERVER  ROBOTS.TXT  INFORMATION  DISCLOSURE..................................................................10   4.8  PHPINFO  PAGE  PRESENT ....................................................................................................................10   4.9  EMAIL  ADDRESS  DISCLOSURE...............................................................................................................11   5  CONCLUSION............................................................................................................................... 12   6  REFERENCES............................................................................................................................... 12   APPENDIX  A  -­‐  NESSUS  VULNERABILITY  SCANNING  REPORT .................................................................12   APPENDIX  B  –  WEBSECURIFY  REPORTS.....................................................................................................12      
  • 4. Fireworks  Websites   Penetration  Testing  &  Deep  Code  Analyst  Report   4       PENETRATION  TESTING  &  DEEP  CODE  ANALYST  REPORT   4       1  Executive  Summary   1.1  Summary   EXAMPLE  CLIENT  has  assigned  the  task  of  carrying  out  a  deep  code  analyst  and   penetration  testing  of  the  web  application  located  on  EXAMPLE  CLIENT.com.au.   This  is  the  second  Penetration  Testing  report.  This  Penetration  Test  was   performed  during  22nd  September  2011  and  27th  September  2011.  The  detailed   report  about  each  task  and  our  findings  are  described  below.   The  purpose  of  the  test  is  to  determine  security  vulnerabilities  in  the  web   applications  running  on  the  server  specified  as  part  of  the  scope.  The  tests  are   carried  out  assuming  the  identity  of  an  attacker  or  a  user  with  malicious  intent.   At  the  same  time  due  care  is  taken  not  to  harm  the  server  or  database.         1.1.1  Approach   • Perform  broad  scans  to  identify  potential  areas  of  exposure  and  services  that   may  act  as  entry  points   • Perform  targeted  scans  and  manual  investigation  to  validate  vulnerabilities   • Test  identified  components  to  gain  access  to:  www.EXAMPLE  CLIENT.com.au   • Identify  and  validate  vulnerabilities   • Rank  vulnerabilities  based  on  risk  level  of  exploitation   • Perform  supplemental  research  and  development  activities  to  support   analysis   • Identify  issues  of  immediate  consequence  and  recommend  solutions   • Develop  long-­‐term  recommendations  to  enhance  security   • Transfer  knowledge   During  the  web  application  level  we  checked  the  web  servers’  configuration   issues,  and  more  importantly  the  logical  errors  in  the  web  application  itself. 1.1.2  Scope  of  Work   The  scope  of  this  penetration  test  was  limited  to  the  below  mentioned  web   application.   www.EXAMPLE  CLIENT.com.au     1.1.3  Project  Objectives   This  security  assessment  is  carried  out  to  gauge  the  security  posture  of   EXAMPLE  CLIENT's  Internet  facing  web  application.  The  result  of  the  assessment   is  then  analysed  for  vulnerabilities.  Given  the  limited  time  that  is  given  to   perform  the  assessment,  only  immediately  exploitable  services  have  been  tested.  
  • 5. Fireworks  Websites   Penetration  Testing  &  Deep  Code  Analyst  Report   5     PENETRATION  TESTING  &  DEEP  CODE  ANALYST  REPORT   5     The  vulnerabilities  are  assigned  a  risk  rating  based  on  threat,  vulnerability  and   impact.     1.1.4  Timeline   The timeline of the test is as below: Penetration  Testing   Start  Date/Time   End  Date/Time   Initial  Testing   14/09/2011   14/09/2011   Final  Testing   21/09/2011   27/09/2011     1.1.5  Summary  of  Findings   Value   Number  of  Risks   Low   4   Medium   3   High   2       1.2  Methodology   1.2.1  Planning   During  planning  we  gather  information  from  the  server  in  which  the  web   application  is  installed.  Then,  we  detect  the  path  information  and  identifiable   software  and  determined  the  running  their  versions.   1.2.2  Exploitation   Utilizing  the  information  gathered  in  planning  we  start  to  find  the  vulnerability   for  each  piece  of  software  and  service  that  we  discovered  after  that  trying  to   exploit  it.   Low   Medium   High   Vulnerabilities   Low   Medium   High  
  • 6. Fireworks  Websites   Penetration  Testing  &  Deep  Code  Analyst  Report   6       PENETRATION  TESTING  &  DEEP  CODE  ANALYST  REPORT   6       1.2.3  Reporting   Based on the results from the first two steps, we start analysing the results. Our Risk rating is based on this calculation: Risk=Threat * Vulnerability * Impact Threat   Low   Medium   High   Critical   Vulnerability   L   M   H   C   L   M   H   C   L   M   H   C   L   M   H   C   Low                                   Medium                                   High                                   Impact   Critical                                     L   Low   1-­‐16   M   Medium   17-­‐32   H   High   33-­‐48   C   Critical   49-­‐64     After  calculating  the  risk  rating,  we  start  writing  the  report  on  each  risk  and  how   to  mitigate  it.   *Based  on  our  analysis  risks  that  falls  under  this  category  will  be  considered  as   High.     4.  Technical  Report     4.1  Session  Hijacking     Risk:  High   Classification:  Authorization   Resource:  All  shopping  cart  pages   Analyst:   Fireworks have found that it is possible to hijack another users session using their unique session identifier code. This can be used to hijack any account for which the attacker has a identifier code. This code is contained within the URL and as such can be easily copied using methods like network sniffing, cross site scripting, trojans/malware and viewing browser history.
  • 7. Fireworks  Websites   Penetration  Testing  &  Deep  Code  Analyst  Report   7     PENETRATION  TESTING  &  DEEP  CODE  ANALYST  REPORT   7     Recommendation:   Force  the  session  to  contain  and  verify  an  ip  or  other  system  identifier,  also   restrict  session  files  to  be  cleared  out  at  a  regular  interval.   4.2  Generic  SQL  Injection  Vulnerability  (Parameters  Names)   Risk:  High   Classification:  Information   Resource:  /customers/login.php?'+convert(int,convert(varchar,0x7b5d))+'=1   Analyst:   By providing specially crafted parameters to PHP, we were able to get an error from the underlying database. This error suggests that the PHP is affected by a SQL injection vulnerability. An attacker may be able to exploit this flaw to bypass authentication, read confidential data, modify the remote database, or even take control of the remote operating system.   Recommendation:   Modify  the  relevant  PHP  so  that  it  properly  escape  arguments.     4.3  Unhandled  exceptions  on  multiple  pages   Risk:  Medium   Classification:  Information   Resource:     http://EXAMPLE  CLIENT.com.au/customers/login.php   http://EXAMPLE   CLIENT.com.au/subdirectory/wishlist.php?warning=wrong%20email   %20or%20password&wish=1&pid=&p=&v1=&t=   http://www.EXAMPLE  CLIENT.com.au/subdirectory/notify.php   http://www.EXAMPLE  CLIENT.com.au/subdirectory/specs.html?   cid=5625&myorder=price&mydirection=ASC'&limit=150d&mypage=0     Analyst:   Unhandled exceptions are instances where certain events occur in an unexpected manner in which the programmers did not foresee and therefore the programmed logic is unable to anticipate, resulting in an exception and non-user friendly error message.  
  • 8. Fireworks  Websites   Penetration  Testing  &  Deep  Code  Analyst  Report   8       PENETRATION  TESTING  &  DEEP  CODE  ANALYST  REPORT   8       Recommendation:   Review  all  source  code  and  modify  logic  to  handle  unexpected  events,  and   declare  variables  first  prior  to  use.  There  is  also  a  PHP  API  function   mysql_real_escape_string.See:  http://php.net/manual/en/function.mysql-­‐real-­‐ escape-­‐string.php     4.4  Cross  Site  Scripting   Risk:  Medium   Classification:  Information   Resource:     http://www.EXAMPLE   CLIENT.com.au/subdirectory/search.php?search=<script>alert(1);</script>   http://www.EXAMPLE   CLIENT.com.au/subdirectory/editAll.php?email="><script>alert(1);</script>   http://www.EXAMPLE   CLIENT.com.au//datafolder/aMediaGallery.php?cid=10"/><h1>hello</h1>   http://www.EXAMPLE   CLIENT.com.au/products/index.php?warning="><script>alert(1);</script>   http://www.EXAMPLE  CLIENT.com.au/about_EXAMPLE   CLIENT.html?cur=<wslite>   http://www.EXAMPLE  CLIENT.com.au/index.html?cur=<wslite>   http://www.EXAMPLE  CLIENT.com.au/pages/help_top.html?cur=<wslite>   http://www.EXAMPLE  CLIENT.com.au/pages/security_new.html?cur=<wslite>   http://www.EXAMPLE  CLIENT.com.au/pages/help_main.html?cur=<wslite>   http://www.EXAMPLE  CLIENT.com.au/pages/help_left.html?cur=<wslite>   http://www.EXAMPLE  CLIENT.com.au/pages/privacy_new.html?cur=<wslite>   http://www.EXAMPLE  CLIENT.com.au/pages/returns_new.html?cur=<wslite>   http://www.EXAMPLE  CLIENT.com.au/pages/contact_new.html?cur=<wslite>   http://www.EXAMPLE  CLIENT.com.au/pages/sizing_new.html?cur=<wslite>   http://www.EXAMPLE  CLIENT.com.au/pages/faqs_new.html?cur=<wslite>   http://www.EXAMPLE  CLIENT.com.au/pages/terms_new.html?cur=<wslite>   http://www.EXAMPLE  CLIENT.com.au/pages/feedback_new.html?cur=<wslite>   Analyst:   A cross-site scripting vulnerability is a weakness in a website, where malicious content may be injected into a web page and thus attack the website visitor. It is commonly used in 'phising' campaigns for banking and other financial websites and to impersonate the legitimate business. Alternatively, it is often used to infect the client browser with malicious HTML or JavaScript where exploits may be inserted, thereby compromising the user experience and gaining access to their system, or stealing their authentication cookies and compromising their online account and password.
  • 9. Fireworks  Websites   Penetration  Testing  &  Deep  Code  Analyst  Report   9     PENETRATION  TESTING  &  DEEP  CODE  ANALYST  REPORT   9     The www.EXAMPLE CLIENT.com.au website is vulnerable in almost every form.   Recommendation:   Modify  all  user  input  scripts  to  strip  malicious  characters  first,  such  as  '  “  <  >  *   and  other  symbols.  The  PHP  API  provides  the  htmlentities  function  to  facilitate   this.   See:  http://php.net/manual/en/function.htmlentities.php   4.5  Local  Filesystem  Paths  Found   Risk:  Medium   Classification:  Information   Resource:     /subdirectory/file.html?mycname=must-­‐haves   /products/pages/search.php?search=;   Analyst:   Fireworks have detected an absolute filesystem path (i.e. one that is not relative to the web root). This information is sensitive, as it may reveal things about the server environment to an attacker. Knowing filesystem layout can increase the chances of success for blind attacks. Full system paths are very often found in error output. This output should never be sent to clients on production systems. It should be redirected to another output channel (such as an error log) for analysis by developers and system administrators.   Recommendation:   Absolute  paths  are  often  found  in  error  output.   Both  the  system  administrators  and  developers  should  be  made  aware,  as  the   problem  may  be  due  to  an  application  error  or  server  misconfiguration.   Error  output  containing  sensitive  information  such  as  absolute  system  paths   should  not  be  sent  to  remote  clients  on  production  servers.   This  output  should  be  sent  to  another  output  stream,  such  as  an  error  log.     4.6  PHP  expose_php  Information  Disclosure   Risk:  Low   Classification:  Information   Resource:  http://EXAMPLE   CLIENT.com.au/customers/login.php/?=PHPB8B5F2A0-­‐3C92-­‐11d3-­‐A3A9-­‐ 4C7B08C10000  
  • 10. Fireworks  Websites   Penetration  Testing  &  Deep  Code  Analyst  Report   10       PENETRATION  TESTING  &  DEEP  CODE  ANALYST  REPORT   10       Analyst:   The PHP install on the remote server is configured in a way that allows disclosure of potentially sensitive information to an attacker through a special URL. Such an URL triggers an Easter egg built into PHP itself. Other such Easter eggs likely exist, but Nessus has not checked for them. Recommendation:   In  the  PHP  configuration  file,  php.ini,  set  the  value  for  'expose_php'  to  'Off'  to   disable  this  behavior.    Restart  the  web  server  daemon  to  put  this  change  into   effect.   See  Also   http://www.0php.com/php_easter_egg.php   http://seclists.org/webappsec/2004/q4/324     4.7  Web  Server  robots.txt  Information  Disclosure   Risk:  Low   Classification:  Information   Resource:  /robots.txt   Analyst:   The remote host contains a file named 'robots.txt' that is intended to prevent web 'robots' from visiting certain directories in a web site for maintenance or indexing purposes. A malicious user may also be able to use the contents of this file to learn of sensitive documents or directories on the affected site and either retrieve them directly or target them for other attacks. Recommendation:   Review  the  contents  of  the  site's  robots.txt  file,  use  Robots  META  tags  instead  of   entries  in  the  robots.txt  file,  and/or  adjust  the  web  server's  access  controls  to   limit  access  to  sensitive  material.     4.8  PHPINFO  Page  Present   Risk:  Low   Classification:  Information   Resource:  http://www.EXAMPLE  CLIENT.com.au/phpinfo.php   Analyst:  
  • 11. Fireworks  Websites   Penetration  Testing  &  Deep  Code  Analyst  Report   11     PENETRATION  TESTING  &  DEEP  CODE  ANALYST  REPORT   11     Many PHP installation tutorials instruct the user to create a PHP file that calls the PHP function 'phpinfo()' for debugging purposes. Various PHP applications may also include such a file. By accessing such a file, a remote attacker can discover a large amount of information about the remote web server, including : • The  username  of  the  user  who  installed  php  and  if  they  are  a  SUDO  user.   • The  IP  address  of  the  host.   • The  version  of  the  operating  system.   • The  web  server  version.   • The  root  directory  of  the  web  server.     • Configuration  information  about  the  remote  PHP   Recommendation:   The  phpinfo.php  script  is  harmless  and  may  be  deleted.  Removal  of  the  script   will  prevent  disclosure  of  sensitive  information  such  as  CPU  type,  memory,   kernel  version,  internal  system  paths,  security  features  enabled  or  disabled  and   installed  software.Another  possibility  is  that  the  server  is  automatically   configured  to  include  e-­‐mail  addresses.  Tweaking  configuration  can  usually   remove  these.     4.9  Email  Address  Disclosure   Risk:  Low   Classification:  Information   Resource:  All  *REMOVED*  Pages   Analyst:   Fireworks have found patterns that resemble e-mail addresses in scanned content. These may be user the addresses of system users, addresses inserted in user-supplied content, or third-party addresses embedded in components of the application (such as Javascript libraries). Automatically scraping websites is one way that spammers and phishers collect e-mail addresses for their distribution lists. It is recommended that e- mail addresses not be displayed on exposed parts of the web application, directly or indirectly. Recommendation:   If  the  e-­‐mail  addresses  are  those  of  users,  developers  should  investigate  why   they  are  being  output  and  try  to  remove  or  obfuscate  them.   E-­‐mail  addresses  embedded  in  user-­‐supplied  content  should  be  filtered  or   obfuscated  to  prevent  unintented  disclosure.   It  is  common  that  e-­‐mail  addresses  may  be  automatically  included  in  third-­‐party   components,  such  as  Javascript  libraries.   Another  possibility  is  that  the  server  is  automatically  configured  to  include  e-­‐ mail  addresses.  Tweaking  configuration  can  usually  remove  these.  
  • 12. Fireworks  Websites   Penetration  Testing  &  Deep  Code  Analyst  Report   12       PENETRATION  TESTING  &  DEEP  CODE  ANALYST  REPORT   12       5  Conclusion   For  systems  to  remain  secure,  security  posture  must  be  evaluated  and  improved   continuously.  Establishing  the  organizational  structure  that  will  support  these   ongoing  improvements  is  essential  in  order  to  maintain  control  of  corporate   information  systems.   We  conclude  that  the  overall  security  has  been  improved.  We  hope  that  the  web   application  is  review  every  6  months  or  year  depending  on  the  amount  of   changes  to  the  source  code.   6  References   Appendix  A  -­‐  Nessus  Vulnerability  Scanning  Report   Attached  nessus  scan  executive  report.   Appendix  B  –  Websecurify  Reports     Attached  Websecurify  vulnerability  report.