SlideShare ist ein Scribd-Unternehmen logo

Nii sample pt_report

‱
‱
Chandan Bagai, GWAPT, CEHv8, CCNA
Chandan Bagai, GWAPT, CEHv8, CCNA

NIIT REPORT

Technologie
1 von 23
Downloaden Sie, um offline zu lesen
For <> From ATTENTION: This document contains information from NII that is confidential and privileged. The information is intended for the private use of <>. By accepting this document you agree to keep the contents in confidence and not copy, disclose, or distribute this without written request to and written confirmation from NII. If you are not the intended recipient, be aware that any disclosure, copying, or distribution of the contents of this document is prohibited. Penetration Testing Report
CONFIDENTIAL 2 © NETWORK INTELLIGENCE (I) PVT. LTD. Document Details Company <> Document Title Penetration Testing Report Date Ref <>/NII/06122005 Classification Public Internal Confidential Highly Confidential Document Type Report Recipient Name Title Company <> Document History Date Version Author Comments 1.0 Initial draft 1.1 Review and formatting
CONFIDENTIAL 3 © NETWORK INTELLIGENCE (I) PVT. LTD. Contents 1 EXECUTIVE SUMMARY ............................................................... 4 1.1 SUMMARY ............................................................................... 4 1.1.1 Approach .................................................................... 4 1.2 SCOPE .................................................................................. 5 1.3 KEY FINDINGS........................................................................... 6 1.3.1 Insufficient Authentication .............................................. 6 1.3.2 Improper Input Filtration ................................................ 6 1.3.3 Administrator login and Username Enumeration .................... 7 1.4 RECOMMENDATIONS ..................................................................... 8 1.4.1 Tactical Recommendations .............................................. 8 1.4.2 Strategic Recommendations ............................................. 9 1.5 TABULAR SUMMARY ....................................................................10 1.6 GRAPHICAL SUMMARY ..................................................................11 1.6.1 Overall Risk Chart ........................................................11 2 TECHNICAL REPORT ............................................................... 12 2.1 NETWORK SECURITY ...................................................................12 2.1.1 Port Scan Status ..........................................................12 2.1.2 Service Banner Disclosure ...............................................14 2.2 WEB APPLICATION VULNERABILITIES ....................................................16 3 CONCLUSION ........................................................................ 21 4 APPENDIX ............................................................................ 22 4.1 SQL INJECTION ........................................................................22
Penetration Testing Report CONFIDENTIAL 4 © NETWORK INTELLIGENCE (I) PVT. LTD. 11 EExxeeccuuttiivvee SSuummmmaarryy 1.1 Summary <> has assigned the task of carrying out Quarterly Penetration Testing of <domain>, to Network Intelligence (I) Pvt. Ltd. This is the second quarter Penetration Testing report. This Penetration Test was performed during <Date>. The detailed report about each task and our findings are described below. The purpose of the test is to determine security vulnerabilities in the server configurations and web applications running on the servers specified as part of the scope. The tests are carried out assuming the identity of an attacker or a user with malicious intent. At the same time due care is taken not to harm the server. 1.1.1 Approach Perform broad scans to identify potential areas of exposure and services that may act as entry points Perform targeted scans and manual investigation to validate vulnerabilities Test identified components to gain access to: o <10 IP addressed devices> Identify and validate vulnerabilities Rank vulnerabilities based on threat level, loss potential, and likelihood of exploitation Perform supplemental research and development activities to support analysis Identify issues of immediate consequence and recommend solutions Develop long-term recommendations to enhance security Transfer knowledge During the network level security checks we tried to probe the ports present on the various servers and detect the services running on them with the existing security holes, if any. At the web application level we checked the web servers’ configuration issues, and more importantly the logical errors in the web application itself.
Penetration Testing Report CONFIDENTIAL 5 © NETWORK INTELLIGENCE (I) PVT. LTD. 1.2 Scope The scope of this penetration test was limited to the below mentioned IP addresses. <IP address list>
Penetration Testing Report CONFIDENTIAL 6 © NETWORK INTELLIGENCE (I) PVT. LTD. 1.3 Key Findings In this section we would like to highlight summary of the critical issues that we discovered during our Penetration Testing exercise. 1.3.1 Insufficient Authentication On pages [..], the user can login and get the access with any username and password. Recommendation Proper authentication mechanism should be implemented along with a good password policy. 1.3.2 Improper Input Filtration The input values are not parsed properly. By exploiting this vulnerability, an attacker can insert a single URL, and send it to another user or steal session IDs. Improper filtration has revealed the following vulnerabilities. ‱ Database manipulation is possible through an attack technique - SQL injection1 . The vulnerability can be exploited through the username and password fields. Successful exploitation may also allow an attacker to run arbitrary SQL Query on the server. ‱ The xyz.com servers were found vulnerable to Cross-site scripting (XSS) attack2 . Absence or lack of Input filtration in the scripts allows an attacker to insert a single URL3 , or a malicious Java Script in the link, and send it to another user. As the malicious script is run in the context of <website_name> web site, the victim will consider the malicious URL as a valid URL. This happens when the parameter values are used from the URL to create the web page. ‱ In another instance, input is not properly sanitized allowing any malicious URL to be sent to the victim with a fake summary. The situation is then very similar to the Cross-site scripting attack. 1 SQL Injection: http://en.wikipedia.org/wiki/SQL_Injection 2 http://en.wikipedia.org/wiki/Cross-site_scripting 3 URL: Universal Resource Locator
Penetration Testing Report CONFIDENTIAL 7 © NETWORK INTELLIGENCE (I) PVT. LTD. Recommendation All data on all the pages should have input as well as output filtering. If possible, meta-characters like <>,.?^&/~`’”-() should be completely removed from a user’s input. SQL injection should be mitigated by using stored procedures, and reducing the privilege levels with which the database executes. 1.3.3 Administrator login and Username Enumeration The Administrator login validation script returns different errors when 1. An invalid username is supplied 2. A valid username and invalid password is supplied. This can assist an attacker to get hold of a valid username and then carry out a brute force attack4 . Similarly, username enumeration is also possible in case of the vendor login validation script. A Test account exists on the server. It is recommended to disable/delete such accounts. Recommendation Remove any unnecessary accounts and make the error messages across pages consistent so as not to disclose any unsolicited information. 4 Phrase reference: http://en.wikipedia.org/wiki/Brute_force_attack
Penetration Testing Report CONFIDENTIAL 8 © NETWORK INTELLIGENCE (I) PVT. LTD. 1.4 Recommendations NII recommends that attention is given to the issues discovered during this assessment and that an action plan is generated to remediate these items. The recommendations are classified as tactical or strategic. Tactical recommendations are short term fixes to help elevate the immediate security concerns. Strategic recommendations focus on the entire environment, future directions and introduction of security best practices. A highlight of the recommendations follows: 1.4.1 Tactical Recommendations Filter User Input – Users input can have malicious characters which may result in attacks like SQL injection, XSS etc. Use stored procedures- To mitigate the risk from SQL injection, in addition to user input validation, stored procedures should also be used. Avoid username enumeration – Display consistent error messages for any combination of username and password. Implement access control on SQL server – Give appropriate privileges to authorized users only. Change Firewall ACL configuration: If port 110 is not required to be open on the Internet, modify the ACL to block all incoming traffic. Upgrade phpBB: Upgrade phpBB to prevent critical attacks exploiting known vulnerabilities in phpBB. Block ICMP incoming traffic – ICMP can be used to launch denial of service attacks against targeted equipment. Disable ICMP at the router and firewall to ensure this type of action is protected against. Disable HTTP Trace method – The trace method can be used to leverage cross-site scripting attacks against <>. This method should be disabled from the web service. Disable unnecessary IIS extensions – Extraneous IIS extensions (.printer & .IDA) can be used to launch attacks against the web service. These extensions should be disabled if not required by <>. Information Disclosure – MS SQL stored procedure names and its parameters’ information is accessible via the error pages on the website. This information should be blocked from web surfers. Block extraneous services – Access to various services is available via the Internet. These services should be either turned off or blocked so an attacker cannot take advantage of these extra attack vectors. Disable FrontPages – Microsoft FrontPages was found on a few servers in the environment. This service should be disabled so it cannot be exploited via the Internet.
Penetration Testing Report CONFIDENTIAL 9 © NETWORK INTELLIGENCE (I) PVT. LTD. 1.4.2 Strategic Recommendations Conduct proactive security assessments – As part of security best practices; <client> should ensure that any major changes to their Internet facing infrastructure should require another external security assessment. This should be done to ensure that these changes do not increase the risk to environment. Intrusion Detection (IDS) – Networks exposed to potentially hostile traffic should implement some capability to detect intrusions. Investigate an IDS solution for the network.
Penetration Testing Report CONFIDENTIAL 10 © NETWORK INTELLIGENCE (I) PVT. LTD. 1.5 Tabular Summary The following table summarizes the System’s Vulnerability Assessment: Category Description Systems Vulnerability Assessment Summary Number of Live Hosts 50 Number of Vulnerabilities 29 High, Medium and info Severity Vulnerabilities 14 6 9 Vulnerability Summary
Penetration Testing Report CONFIDENTIAL 11 © NETWORK INTELLIGENCE (I) PVT. LTD. 1.6 Graphical Summary 1.6.1 Overall Risk Chart 0 0.2 0.4 0.6 0.8 1 High Medium Low PS BA SQL Inj phpBB UE XSS PS: Port Scan BA: Broken Authentication SQL Inj: SQL Injection phpBB: phpBB Known Vulnerabilities UE: User Enumeration XSS: Cross-site Scripting
Penetration Testing Report CONFIDENTIAL 12 © NETWORK INTELLIGENCE (I) PVT. LTD. 22 TTeecchhnniiccaall RReeppoorrtt 2.1 Network Security 2.1.1 Port Scan Status For the domain, ‘xyz.com’ the below listed IPs were scanned. The listed ports appear to be open on the server. Alongside the port number, we also show the service that usually runs on those ports as well as the banner displayed by the service. Domain: <hyperlinked domain name> IP Address: 10.0.180.218 Port No Service Running Service Version Details 25 SMTP 80 HTTP Apache 110 POP3 443 HTTPS OpenSSL Domain: <hyperlinked domain name> IP Address: 10.0.137.219 Port No. Service Running Service Version Details 25 SMTP Sendmail 80 HTTP Apache 110 POP3 UW Imap pop3 server 2003.83rh 443 SSL Open SSL
Penetration Testing Report CONFIDENTIAL 13 © NETWORK INTELLIGENCE (I) PVT. LTD. Domain: <hyperlinked domain name> IP Address: 10.0.167.150 Port No Service Running Service Version Details 22 SSH Remote Login Protocol -- 25 Simple Mail Transfer Sendmail 80 World Wide Web HTTP Apache 3306 MySQL MySQL server Analysis We have observed that only the required and genuine ports are open on the server. However, it is recommended that the firewall should block the ping request. As a result of this the number of port scans coming on the network via the internet will decrease (thereby decreasing the reconnaissance attempts). The SSL certificate of IP 10.0.167.152 has expired.
Penetration Testing Report CONFIDENTIAL 14 © NETWORK INTELLIGENCE (I) PVT. LTD. 2.1.2 Service Banner Disclosure Severity Level Medium Summary Banner grabbing is a technique of connecting to remote applications and observing the output. It can be very useful to remote attackers. With this an attacker can get the software name and version running on the server, which then allows him/her to concentrate on platform cum version-specific techniques to compromise the server. Analysis 1. Banner grabbed for the service running on the port 110 2. Banner grabbed for the service running on port 3306
Penetration Testing Report CONFIDENTIAL 15 © NETWORK INTELLIGENCE (I) PVT. LTD. 3. Banner grabbed for the service on port number 10000 running at IP Address 10.0.167.152 Recommendation It is advisable to change the banners of the services running on the server to something generic that does not identify the exact service (and version) running on the server. Also, restrict access to ports that need not to be used by normal users, especially the ‘webmin’ port 10000, which is used only for server administration. References http://www.educause.edu/content.asp?page_id=1298&bhcp=1
Penetration Testing Report CONFIDENTIAL 16 © NETWORK INTELLIGENCE (I) PVT. LTD. 2.2 Web Application Vulnerabilities Risk Description Threat Level Potential Corporate Loss Likelihood of Exploitation Affected IP’s/URI Recommenda tion Broken Authentication The user can login and get the access with any username and password. Severe A significant amount of privileged informatio n was found. Because there was no authenticatio n it is trivial to break in to the system and get sensitive information Proper authenticatio n mechanism should be implemented along with a good password policy. SQL Injection SQL injection exists in the username and password fields. This may also allow an attacker to run arbitrary SQL Query on the server. Severe An attacker can gain access to personal employee informatio n. The version of SQL server, database, and server name was also revealed. It was possible to enumerat e the entire database table and also quite likely to run malicious commands like “drop table”, SQL injection is an old technique and it does not require much technical skills to exploit the database and run malicious queries. It is advisable to filter all the input data before running the SQL query and allow only valid characters. For e.g.:- disallow single quotes(‘), comments(--) etc. Use least privilege principle and allow only the necessary privileges.
Penetration Testing Report CONFIDENTIAL 17 © NETWORK INTELLIGENCE (I) PVT. LTD. etc. Vulnerable PHPbb version Severe Possible system compromi se as most of the exploits are available. It is simple to exploit as all exploits are published on vulnerability reporting sites. Upgrade the version of PHPbb and visit the website for regular updates. Username Enumeration Error pages returned by the Authentication script disclose valid username details to the attacker. Moderate On obtaining valid usernames an attacker could brute force to look for a weak password Such exploitation is less likely to occur if the password is strong. The validation script should not reveal the presence of valid username by displaying different error pages as shown in the screen shots. This information is critical in carrying out social engineering attacks. Cross site scripting It allows an attacker to run arbitrary script in the victim’s browser. Moderate An attacker may use this flaw to trick your web users to give him/her their credential s (cookie) This attack is dependant on the victim to execute a crafted link. All data on all the pages should have input as well as output filtering. If possible, meta- characters like <>,.?^&/~`’ ”-()
Penetration Testing Report CONFIDENTIAL 18 © NETWORK INTELLIGENCE (I) PVT. LTD. which can be used for session hijacking. from a user’s input should be completely removed. Input: ‘<’ character Modified during output: ‘&lt’ FrontPage extensions enabled FrontPage has a long history of remote vulnerabilities as well as mis- configurations which make unauthorized remote publishing possible. Moderate An attacker equipped with a FrontPage exploit could remotely compromi se the web server. Hackers actively target and compromise servers with FrontPage extensions enabled. To prevent having these extensions from being Internet facing, set up a staging server for publishing. Web server supports TRACE methods TRACE HTTP method is used to debug web server connections. It has been shown that servers supporting this method are subject to cross- site-scripting attacks. Moderate An attacker may use this flaw to trick your web users to give him/her their credential s. This attack is dependant on the victim to execute a provided link. Since user interaction is required, this attack is less likely than automated attacks. Deny HTTP TRACE requests or permit only the methods needed to meet site requirements and policy. More information can be found at: www.kb.cert .org/vuls/id/ 867593 URL Redirection A known vulnerability exists in Outlook Web Access which allows the attacker to redirect the victim to some malicious web site, this will lead to phishing attack. Low No direct loss is attributab le. The victim will associate same trust to the crafted URL as he will associate with <client_ur Such redirection is less likely to occur URL should be parsed appropriately .
Penetration Testing Report CONFIDENTIAL 19 © NETWORK INTELLIGENCE (I) PVT. LTD. l> Resource exhaustion It is possible to retrieve the entire record by using a wild card (“%%”). This results in a resource consuming SQL query. Low The attacker can waste the system resources and cause possible denial of service to legitimate user(s). Implement input filtering Information Disclosure Error pages disclose stored procedure and the parameters expected in the database. It also reveals the ASP.net version. Low An attacker would search for known vulnerabili ties for the version disclosed. Such exploitation is less likely to occur. Customize the error pages to provide only required information. Outdated Web Servers Older version of IIS [5.0] is used. This version is highly vulnerable. Low An attacker would search for known vulnerabili ties for the version disclosed. Such exploitation is less likely to occur. Upgrade to IIS 6.0 Outdated SSL Certificate Low An attacker can sniff sensitive data Such exploitation is less likely to occur. Renew SSL certificate.
Penetration Testing Report CONFIDENTIAL 20 © NETWORK INTELLIGENCE (I) PVT. LTD. Improper ACL Configuration Low Firewall allows incoming and outgoing traffic at Port 110 Such exploitation is less likely to occur Refer to port scanning result for all IP’s showing port 110 closed. Modify ACL Configuration
Penetration Testing Report CONFIDENTIAL 21 © NETWORK INTELLIGENCE (I) PVT. LTD. 33 CCoonncclluussiioonn Experience has shown that a focused effort to address the problems outlined in this report can result in dramatic security improvements. Most of the identified problems do not require high-tech solutions, just knowledge of and commitment to good practices. For systems to remain secure, however, security posture must be evaluated and improved continuously. Establishing the organizational structure that will support these ongoing improvements is essential in order to maintain control of corporate information systems. We conclude that the overall security needs to improve. We hope that the issues cited in this report will be addressed.
Penetration Testing Report CONFIDENTIAL 22 © NETWORK INTELLIGENCE (I) PVT. LTD. 44 AAppppeennddiixx This section provides the screen shots of the known vulnerabilities presented in the observations and findings table. 4.1 SQL Injection IP: X.X.X.X
Penetration Testing Report CONFIDENTIAL 23 © NETWORK INTELLIGENCE (I) PVT. LTD. First record retrieved:

Empfohlen

Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample ReportOctogence
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Web Application Penetration Testing Introduction
Web Application Penetration Testing IntroductionWeb Application Penetration Testing Introduction
Web Application Penetration Testing Introductiongbud7
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 

Empfohlen

Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample ReportOctogence
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Web Application Penetration Testing Introduction
Web Application Penetration Testing IntroductionWeb Application Penetration Testing Introduction
Web Application Penetration Testing Introductiongbud7
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingNetsparker
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelinesZakaria SMAHI
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testingMohit Belwal
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
Application Security
Application SecurityApplication Security
Application SecurityReggie Niccolo Santos
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing RomSoft SRL
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modellingn|u - The Open Security Community
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Penetration Security Testing
Penetration Security TestingPenetration Security Testing
Penetration Security TestingSanjulika Rastogi
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Reportbtpsec
 
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...Kyle Lai
 

Weitere Àhnliche Inhalte

Was ist angesagt?

Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingNetsparker
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelinesZakaria SMAHI
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testingMohit Belwal
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing RomSoft SRL
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Penetration Security Testing
Penetration Security TestingPenetration Security Testing
Penetration Security TestingSanjulika Rastogi
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 

Was ist angesagt? (20)

Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
 
Application Security
Application SecurityApplication Security
Application Security
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
 
Penetration Security Testing
Penetration Security TestingPenetration Security Testing
Penetration Security Testing
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
 

Andere mochten auch

Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Reportbtpsec
 
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...Kyle Lai
 
Sample penetration testing agreement for core infrastructure
Sample penetration testing agreement for core infrastructureSample penetration testing agreement for core infrastructure
Sample penetration testing agreement for core infrastructureDavid Sweigert
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
PCI Guidance On Penetration Testing
PCI Guidance On Penetration TestingPCI Guidance On Penetration Testing
PCI Guidance On Penetration TestingThe Hacker News
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodFalgun Rathod
 
Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0marcioalma
 
Android ppt
Android pptAndroid ppt
Android pptAnsh Singh
 

Andere mochten auch (9)

Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Report
 
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
 
Sample penetration testing agreement for core infrastructure
Sample penetration testing agreement for core infrastructureSample penetration testing agreement for core infrastructure
Sample penetration testing agreement for core infrastructure
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
 
Mobile_app_security
Mobile_app_securityMobile_app_security
Mobile_app_security
 
PCI Guidance On Penetration Testing
PCI Guidance On Penetration TestingPCI Guidance On Penetration Testing
PCI Guidance On Penetration Testing
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
 
Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0
 
Android ppt
Android pptAndroid ppt
Android ppt
 

Ähnlich wie Nii sample pt_report

Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With ExamplesAlwin Thayyil
 
Owasp Top 10 2017
Owasp Top 10 2017Owasp Top 10 2017
Owasp Top 10 2017SamsonMuoki
 
2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptx2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptxMiteshVyas16
 
Engineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacyEngineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacysoftware-engineering-book
 
Secure code practices
Secure code practicesSecure code practices
Secure code practicesHina Rawal
 
OWASP TOP 10 by Team xbios
OWASP TOP 10 by Team xbiosOWASP TOP 10 by Team xbios
OWASP TOP 10 by Team xbiosVi Vek
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application SecurityPrateek Jain
 
Owasp top 10 2017
Owasp top 10 2017Owasp top 10 2017
Owasp top 10 2017ibrahimumer2
 
Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01Richard Sullivan
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...IBM Security
 
Security Testing
Security TestingSecurity Testing
Security TestingISsoft
 
T04505103106
T04505103106T04505103106
T04505103106IJERA Editor
 
Best Security Practices for Web Application Development.pdf
Best Security Practices for Web Application Development.pdfBest Security Practices for Web Application Development.pdf
Best Security Practices for Web Application Development.pdfDigital Auxilio Technologies
 

Ähnlich wie Nii sample pt_report (20)

Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With Examples
 
Owasp Top 10 2017
Owasp Top 10 2017Owasp Top 10 2017
Owasp Top 10 2017
 
2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptx2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptx
 
Engineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacyEngineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacy
 
Secure code practices
Secure code practicesSecure code practices
Secure code practices
 
Owasp web security
Owasp web securityOwasp web security
Owasp web security
 
OWASP TOP 10 by Team xbios
OWASP TOP 10 by Team xbiosOWASP TOP 10 by Team xbios
OWASP TOP 10 by Team xbios
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application Security
 
Owasp Top 10-2013
Owasp Top 10-2013Owasp Top 10-2013
Owasp Top 10-2013
 
A talk on OWASP Top 10 by Mukunda Tamly
A talk on OWASP Top 10 by Mukunda TamlyA talk on OWASP Top 10 by Mukunda Tamly
A talk on OWASP Top 10 by Mukunda Tamly
 
Owasp top 10 2017
Owasp top 10 2017Owasp top 10 2017
Owasp top 10 2017
 
C01461422
C01461422C01461422
C01461422
 
Introduction to security testing raj
Introduction to security testing rajIntroduction to security testing raj
Introduction to security testing raj
 
Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
 
Security Testing
Security TestingSecurity Testing
Security Testing
 
Owasp Top 10
Owasp Top 10Owasp Top 10
Owasp Top 10
 
T04505103106
T04505103106T04505103106
T04505103106
 
Best Security Practices for Web Application Development.pdf
Best Security Practices for Web Application Development.pdfBest Security Practices for Web Application Development.pdf
Best Security Practices for Web Application Development.pdf
 

KĂŒrzlich hochgeladen

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

KĂŒrzlich hochgeladen (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

Nii sample pt_report

  • 1. For <> From ATTENTION: This document contains information from NII that is confidential and privileged. The information is intended for the private use of <>. By accepting this document you agree to keep the contents in confidence and not copy, disclose, or distribute this without written request to and written confirmation from NII. If you are not the intended recipient, be aware that any disclosure, copying, or distribution of the contents of this document is prohibited. Penetration Testing Report
  • 2. CONFIDENTIAL 2 © NETWORK INTELLIGENCE (I) PVT. LTD. Document Details Company <> Document Title Penetration Testing Report Date Ref <>/NII/06122005 Classification Public Internal Confidential Highly Confidential Document Type Report Recipient Name Title Company <> Document History Date Version Author Comments 1.0 Initial draft 1.1 Review and formatting
  • 3. CONFIDENTIAL 3 © NETWORK INTELLIGENCE (I) PVT. LTD. Contents 1 EXECUTIVE SUMMARY ............................................................... 4 1.1 SUMMARY ............................................................................... 4 1.1.1 Approach .................................................................... 4 1.2 SCOPE .................................................................................. 5 1.3 KEY FINDINGS........................................................................... 6 1.3.1 Insufficient Authentication .............................................. 6 1.3.2 Improper Input Filtration ................................................ 6 1.3.3 Administrator login and Username Enumeration .................... 7 1.4 RECOMMENDATIONS ..................................................................... 8 1.4.1 Tactical Recommendations .............................................. 8 1.4.2 Strategic Recommendations ............................................. 9 1.5 TABULAR SUMMARY ....................................................................10 1.6 GRAPHICAL SUMMARY ..................................................................11 1.6.1 Overall Risk Chart ........................................................11 2 TECHNICAL REPORT ............................................................... 12 2.1 NETWORK SECURITY ...................................................................12 2.1.1 Port Scan Status ..........................................................12 2.1.2 Service Banner Disclosure ...............................................14 2.2 WEB APPLICATION VULNERABILITIES ....................................................16 3 CONCLUSION ........................................................................ 21 4 APPENDIX ............................................................................ 22 4.1 SQL INJECTION ........................................................................22
  • 4. Penetration Testing Report CONFIDENTIAL 4 © NETWORK INTELLIGENCE (I) PVT. LTD. 11 EExxeeccuuttiivvee SSuummmmaarryy 1.1 Summary <> has assigned the task of carrying out Quarterly Penetration Testing of <domain>, to Network Intelligence (I) Pvt. Ltd. This is the second quarter Penetration Testing report. This Penetration Test was performed during <Date>. The detailed report about each task and our findings are described below. The purpose of the test is to determine security vulnerabilities in the server configurations and web applications running on the servers specified as part of the scope. The tests are carried out assuming the identity of an attacker or a user with malicious intent. At the same time due care is taken not to harm the server. 1.1.1 Approach Perform broad scans to identify potential areas of exposure and services that may act as entry points Perform targeted scans and manual investigation to validate vulnerabilities Test identified components to gain access to: o <10 IP addressed devices> Identify and validate vulnerabilities Rank vulnerabilities based on threat level, loss potential, and likelihood of exploitation Perform supplemental research and development activities to support analysis Identify issues of immediate consequence and recommend solutions Develop long-term recommendations to enhance security Transfer knowledge During the network level security checks we tried to probe the ports present on the various servers and detect the services running on them with the existing security holes, if any. At the web application level we checked the web servers’ configuration issues, and more importantly the logical errors in the web application itself.
  • 5. Penetration Testing Report CONFIDENTIAL 5 © NETWORK INTELLIGENCE (I) PVT. LTD. 1.2 Scope The scope of this penetration test was limited to the below mentioned IP addresses. <IP address list>
  • 6. Penetration Testing Report CONFIDENTIAL 6 © NETWORK INTELLIGENCE (I) PVT. LTD. 1.3 Key Findings In this section we would like to highlight summary of the critical issues that we discovered during our Penetration Testing exercise. 1.3.1 Insufficient Authentication On pages [..], the user can login and get the access with any username and password. Recommendation Proper authentication mechanism should be implemented along with a good password policy. 1.3.2 Improper Input Filtration The input values are not parsed properly. By exploiting this vulnerability, an attacker can insert a single URL, and send it to another user or steal session IDs. Improper filtration has revealed the following vulnerabilities. ‱ Database manipulation is possible through an attack technique - SQL injection1 . The vulnerability can be exploited through the username and password fields. Successful exploitation may also allow an attacker to run arbitrary SQL Query on the server. ‱ The xyz.com servers were found vulnerable to Cross-site scripting (XSS) attack2 . Absence or lack of Input filtration in the scripts allows an attacker to insert a single URL3 , or a malicious Java Script in the link, and send it to another user. As the malicious script is run in the context of <website_name> web site, the victim will consider the malicious URL as a valid URL. This happens when the parameter values are used from the URL to create the web page. ‱ In another instance, input is not properly sanitized allowing any malicious URL to be sent to the victim with a fake summary. The situation is then very similar to the Cross-site scripting attack. 1 SQL Injection: http://en.wikipedia.org/wiki/SQL_Injection 2 http://en.wikipedia.org/wiki/Cross-site_scripting 3 URL: Universal Resource Locator
  • 7. Penetration Testing Report CONFIDENTIAL 7 © NETWORK INTELLIGENCE (I) PVT. LTD. Recommendation All data on all the pages should have input as well as output filtering. If possible, meta-characters like <>,.?^&/~`’”-() should be completely removed from a user’s input. SQL injection should be mitigated by using stored procedures, and reducing the privilege levels with which the database executes. 1.3.3 Administrator login and Username Enumeration The Administrator login validation script returns different errors when 1. An invalid username is supplied 2. A valid username and invalid password is supplied. This can assist an attacker to get hold of a valid username and then carry out a brute force attack4 . Similarly, username enumeration is also possible in case of the vendor login validation script. A Test account exists on the server. It is recommended to disable/delete such accounts. Recommendation Remove any unnecessary accounts and make the error messages across pages consistent so as not to disclose any unsolicited information. 4 Phrase reference: http://en.wikipedia.org/wiki/Brute_force_attack
  • 8. Penetration Testing Report CONFIDENTIAL 8 © NETWORK INTELLIGENCE (I) PVT. LTD. 1.4 Recommendations NII recommends that attention is given to the issues discovered during this assessment and that an action plan is generated to remediate these items. The recommendations are classified as tactical or strategic. Tactical recommendations are short term fixes to help elevate the immediate security concerns. Strategic recommendations focus on the entire environment, future directions and introduction of security best practices. A highlight of the recommendations follows: 1.4.1 Tactical Recommendations Filter User Input – Users input can have malicious characters which may result in attacks like SQL injection, XSS etc. Use stored procedures- To mitigate the risk from SQL injection, in addition to user input validation, stored procedures should also be used. Avoid username enumeration – Display consistent error messages for any combination of username and password. Implement access control on SQL server – Give appropriate privileges to authorized users only. Change Firewall ACL configuration: If port 110 is not required to be open on the Internet, modify the ACL to block all incoming traffic. Upgrade phpBB: Upgrade phpBB to prevent critical attacks exploiting known vulnerabilities in phpBB. Block ICMP incoming traffic – ICMP can be used to launch denial of service attacks against targeted equipment. Disable ICMP at the router and firewall to ensure this type of action is protected against. Disable HTTP Trace method – The trace method can be used to leverage cross-site scripting attacks against <>. This method should be disabled from the web service. Disable unnecessary IIS extensions – Extraneous IIS extensions (.printer & .IDA) can be used to launch attacks against the web service. These extensions should be disabled if not required by <>. Information Disclosure – MS SQL stored procedure names and its parameters’ information is accessible via the error pages on the website. This information should be blocked from web surfers. Block extraneous services – Access to various services is available via the Internet. These services should be either turned off or blocked so an attacker cannot take advantage of these extra attack vectors. Disable FrontPages – Microsoft FrontPages was found on a few servers in the environment. This service should be disabled so it cannot be exploited via the Internet.
  • 9. Penetration Testing Report CONFIDENTIAL 9 © NETWORK INTELLIGENCE (I) PVT. LTD. 1.4.2 Strategic Recommendations Conduct proactive security assessments – As part of security best practices; <client> should ensure that any major changes to their Internet facing infrastructure should require another external security assessment. This should be done to ensure that these changes do not increase the risk to environment. Intrusion Detection (IDS) – Networks exposed to potentially hostile traffic should implement some capability to detect intrusions. Investigate an IDS solution for the network.
  • 10. Penetration Testing Report CONFIDENTIAL 10 © NETWORK INTELLIGENCE (I) PVT. LTD. 1.5 Tabular Summary The following table summarizes the System’s Vulnerability Assessment: Category Description Systems Vulnerability Assessment Summary Number of Live Hosts 50 Number of Vulnerabilities 29 High, Medium and info Severity Vulnerabilities 14 6 9 Vulnerability Summary
  • 11. Penetration Testing Report CONFIDENTIAL 11 © NETWORK INTELLIGENCE (I) PVT. LTD. 1.6 Graphical Summary 1.6.1 Overall Risk Chart 0 0.2 0.4 0.6 0.8 1 High Medium Low PS BA SQL Inj phpBB UE XSS PS: Port Scan BA: Broken Authentication SQL Inj: SQL Injection phpBB: phpBB Known Vulnerabilities UE: User Enumeration XSS: Cross-site Scripting
  • 12. Penetration Testing Report CONFIDENTIAL 12 © NETWORK INTELLIGENCE (I) PVT. LTD. 22 TTeecchhnniiccaall RReeppoorrtt 2.1 Network Security 2.1.1 Port Scan Status For the domain, ‘xyz.com’ the below listed IPs were scanned. The listed ports appear to be open on the server. Alongside the port number, we also show the service that usually runs on those ports as well as the banner displayed by the service. Domain: <hyperlinked domain name> IP Address: 10.0.180.218 Port No Service Running Service Version Details 25 SMTP 80 HTTP Apache 110 POP3 443 HTTPS OpenSSL Domain: <hyperlinked domain name> IP Address: 10.0.137.219 Port No. Service Running Service Version Details 25 SMTP Sendmail 80 HTTP Apache 110 POP3 UW Imap pop3 server 2003.83rh 443 SSL Open SSL
  • 13. Penetration Testing Report CONFIDENTIAL 13 © NETWORK INTELLIGENCE (I) PVT. LTD. Domain: <hyperlinked domain name> IP Address: 10.0.167.150 Port No Service Running Service Version Details 22 SSH Remote Login Protocol -- 25 Simple Mail Transfer Sendmail 80 World Wide Web HTTP Apache 3306 MySQL MySQL server Analysis We have observed that only the required and genuine ports are open on the server. However, it is recommended that the firewall should block the ping request. As a result of this the number of port scans coming on the network via the internet will decrease (thereby decreasing the reconnaissance attempts). The SSL certificate of IP 10.0.167.152 has expired.
  • 14. Penetration Testing Report CONFIDENTIAL 14 © NETWORK INTELLIGENCE (I) PVT. LTD. 2.1.2 Service Banner Disclosure Severity Level Medium Summary Banner grabbing is a technique of connecting to remote applications and observing the output. It can be very useful to remote attackers. With this an attacker can get the software name and version running on the server, which then allows him/her to concentrate on platform cum version-specific techniques to compromise the server. Analysis 1. Banner grabbed for the service running on the port 110 2. Banner grabbed for the service running on port 3306
  • 15. Penetration Testing Report CONFIDENTIAL 15 © NETWORK INTELLIGENCE (I) PVT. LTD. 3. Banner grabbed for the service on port number 10000 running at IP Address 10.0.167.152 Recommendation It is advisable to change the banners of the services running on the server to something generic that does not identify the exact service (and version) running on the server. Also, restrict access to ports that need not to be used by normal users, especially the ‘webmin’ port 10000, which is used only for server administration. References http://www.educause.edu/content.asp?page_id=1298&bhcp=1
  • 16. Penetration Testing Report CONFIDENTIAL 16 © NETWORK INTELLIGENCE (I) PVT. LTD. 2.2 Web Application Vulnerabilities Risk Description Threat Level Potential Corporate Loss Likelihood of Exploitation Affected IP’s/URI Recommenda tion Broken Authentication The user can login and get the access with any username and password. Severe A significant amount of privileged informatio n was found. Because there was no authenticatio n it is trivial to break in to the system and get sensitive information Proper authenticatio n mechanism should be implemented along with a good password policy. SQL Injection SQL injection exists in the username and password fields. This may also allow an attacker to run arbitrary SQL Query on the server. Severe An attacker can gain access to personal employee informatio n. The version of SQL server, database, and server name was also revealed. It was possible to enumerat e the entire database table and also quite likely to run malicious commands like “drop table”, SQL injection is an old technique and it does not require much technical skills to exploit the database and run malicious queries. It is advisable to filter all the input data before running the SQL query and allow only valid characters. For e.g.:- disallow single quotes(‘), comments(--) etc. Use least privilege principle and allow only the necessary privileges.
  • 17. Penetration Testing Report CONFIDENTIAL 17 © NETWORK INTELLIGENCE (I) PVT. LTD. etc. Vulnerable PHPbb version Severe Possible system compromi se as most of the exploits are available. It is simple to exploit as all exploits are published on vulnerability reporting sites. Upgrade the version of PHPbb and visit the website for regular updates. Username Enumeration Error pages returned by the Authentication script disclose valid username details to the attacker. Moderate On obtaining valid usernames an attacker could brute force to look for a weak password Such exploitation is less likely to occur if the password is strong. The validation script should not reveal the presence of valid username by displaying different error pages as shown in the screen shots. This information is critical in carrying out social engineering attacks. Cross site scripting It allows an attacker to run arbitrary script in the victim’s browser. Moderate An attacker may use this flaw to trick your web users to give him/her their credential s (cookie) This attack is dependant on the victim to execute a crafted link. All data on all the pages should have input as well as output filtering. If possible, meta- characters like <>,.?^&/~`’ ”-()
  • 18. Penetration Testing Report CONFIDENTIAL 18 © NETWORK INTELLIGENCE (I) PVT. LTD. which can be used for session hijacking. from a user’s input should be completely removed. Input: ‘<’ character Modified during output: ‘&lt’ FrontPage extensions enabled FrontPage has a long history of remote vulnerabilities as well as mis- configurations which make unauthorized remote publishing possible. Moderate An attacker equipped with a FrontPage exploit could remotely compromi se the web server. Hackers actively target and compromise servers with FrontPage extensions enabled. To prevent having these extensions from being Internet facing, set up a staging server for publishing. Web server supports TRACE methods TRACE HTTP method is used to debug web server connections. It has been shown that servers supporting this method are subject to cross- site-scripting attacks. Moderate An attacker may use this flaw to trick your web users to give him/her their credential s. This attack is dependant on the victim to execute a provided link. Since user interaction is required, this attack is less likely than automated attacks. Deny HTTP TRACE requests or permit only the methods needed to meet site requirements and policy. More information can be found at: www.kb.cert .org/vuls/id/ 867593 URL Redirection A known vulnerability exists in Outlook Web Access which allows the attacker to redirect the victim to some malicious web site, this will lead to phishing attack. Low No direct loss is attributab le. The victim will associate same trust to the crafted URL as he will associate with <client_ur Such redirection is less likely to occur URL should be parsed appropriately .
  • 19. Penetration Testing Report CONFIDENTIAL 19 © NETWORK INTELLIGENCE (I) PVT. LTD. l> Resource exhaustion It is possible to retrieve the entire record by using a wild card (“%%”). This results in a resource consuming SQL query. Low The attacker can waste the system resources and cause possible denial of service to legitimate user(s). Implement input filtering Information Disclosure Error pages disclose stored procedure and the parameters expected in the database. It also reveals the ASP.net version. Low An attacker would search for known vulnerabili ties for the version disclosed. Such exploitation is less likely to occur. Customize the error pages to provide only required information. Outdated Web Servers Older version of IIS [5.0] is used. This version is highly vulnerable. Low An attacker would search for known vulnerabili ties for the version disclosed. Such exploitation is less likely to occur. Upgrade to IIS 6.0 Outdated SSL Certificate Low An attacker can sniff sensitive data Such exploitation is less likely to occur. Renew SSL certificate.
  • 20. Penetration Testing Report CONFIDENTIAL 20 © NETWORK INTELLIGENCE (I) PVT. LTD. Improper ACL Configuration Low Firewall allows incoming and outgoing traffic at Port 110 Such exploitation is less likely to occur Refer to port scanning result for all IP’s showing port 110 closed. Modify ACL Configuration
  • 21. Penetration Testing Report CONFIDENTIAL 21 © NETWORK INTELLIGENCE (I) PVT. LTD. 33 CCoonncclluussiioonn Experience has shown that a focused effort to address the problems outlined in this report can result in dramatic security improvements. Most of the identified problems do not require high-tech solutions, just knowledge of and commitment to good practices. For systems to remain secure, however, security posture must be evaluated and improved continuously. Establishing the organizational structure that will support these ongoing improvements is essential in order to maintain control of corporate information systems. We conclude that the overall security needs to improve. We hope that the issues cited in this report will be addressed.
  • 22. Penetration Testing Report CONFIDENTIAL 22 © NETWORK INTELLIGENCE (I) PVT. LTD. 44 AAppppeennddiixx This section provides the screen shots of the known vulnerabilities presented in the observations and findings table. 4.1 SQL Injection IP: X.X.X.X
  • 23. Penetration Testing Report CONFIDENTIAL 23 © NETWORK INTELLIGENCE (I) PVT. LTD. First record retrieved: