Penetration Testing - Introduction
Penetration testing is an often confused term. Through this guide Corsaire, a world leader in information security, provides a broad overview of what it means, why you would want it, and how to get the most out of the process.
- What is a penetration test?
- Why conduct penetration testing?
- What can be tested?
- What should be tested?
- What do you get for the money?
- What to do to ensure the project is a success
Standards compliance
There are a number of good standards and guidelines in relation to information security in general, for penetration tests in particular, and for the storage of certain types of data. Any provider chosen should at least have a working knowledge of these standards and would ideally be exceeding their recommendations.
Notable organisations and standards include:
PCI
The Payment Card Industry (PCI) Data Security Requirements were established in December 2004, and apply to all Members, merchants, and service providers that store, process or transmit cardholder data. As well as a requirement to comply with this standard, there is a requirement to independently prove verification.
ISACA
ISACA was established in 1967 and has become a pace-setting global organization for information governance, control, security and audit professionals. Its IS Auditing and IS Control standards are followed by practitioners worldwide and its research pinpoints professional issues challenging its constituents. CISA, the Certified Information Systems Auditor is ISACA's cornerstone certification. Since 1978, the CISA exam has measured excellence in the area of IS auditing, control and security and has grown to be globally recognized and adopted worldwide as a symbol of achievement.
CHECK
The CESG IT Health Check scheme was instigated to ensure that sensitive government networks and those constituting the GSI (Government Secure Intranet) and CNI (Critical National Infrastructure) were secured and tested to a consistent high level. The methodology aims to identify known vulnerabilities in IT systems and networks which may compromise the confidentiality, integrity or availability of information held on that IT system. In the absence of other standards, CHECK has become the de-facto standard for penetration testing in the UK. This is mainly on account of its rigorous certification process. Whilst good it only concentrates on infrastructure testing and not application. However, open source methodologies such as the following are providing viable and comprehensive alternatives, without UK Government association. It must also be noted that CHECK consultants are only required when the assessment is for HMG or related parties, and meets the requirements above. If you want a CHECK test you will need to surrender your penetration testing results to CESG.
OSSTMM
The aim of The Open Source Security Testing Methodology Manual (OSSTMM) is to set forth a standard for Internet security testing. It is intended to form a comprehensive baseline for testing that, if followed, ensures a thorough and comprehensive penetration test has been undertaken. This should enable a client to be certain of the level of technical assessment independently of other organisation concerns, such as the corporate profile of the penetration-testing provider.
OWASP
The Open Web Application Security Project (OWASP) is an Open Source community project developing software tools and knowledge based documentation that helps people secure web applications and web services. It is an open source reference point for system architects, developers, vendors, consumers and security professionals involved in designing, developing, deploying and testing the security of web applications and Web Services.
The key areas of relevance are the forthcoming Guide to Testing Security of Web Applications and Web Services and the testing tools under the development projects. The Guide to Building Secure Web Applications not only covers design principals, but also is a useful document for setting out criteria by which to assess vendors and test systems.
Glossary
Listed below is detailed glossary of penetration testing terminology. Inclusion here does not imply any form of endorsement on the behalf of Corsaire; the link is supplied for your convenience only.
www.ee.oulu.fi/research/ouspg/sage/glossary
Fuente: www.penetration-testing.com
Link Relacionados:
- Internal Pen-Test
- External Pen-Test
- Penetration Test
sábado 21 de junio de 2008
BackTrack 3 Final Released
El pasado 19 de junio se publico la ultima versión de la distro BackTrack.
Saint
SAINT has provided BackTrack users with a functional version of SAINT, pending a free request for an IP range license through the SAINT website, valid for 1 year.
Maltego
Nessus
Tenable would not allow for redistribution of Nessus.
Kernel
2.6.21.5. Yes, yes, stop whining....We had serious deliberations concerning the BT3 kernel. We decided not to upgrade to a newer kernel as wireless injection patches were not fully tested and verified. We did not want to jeopardize the awesome wireless capabilities of BT3 for the sake of sexiness or slightly increased hardware compatibilities. All relevant security patches have been applied.
Tools
As usual, updated, sharpened, SVN'ed and armed to the teeth. This release we have some special features such as spoonwep, fastrack and other cool additions.
domingo 1 de junio de 2008
w3af - Web Application Attack and Audit Framework
Para tener acceso a la documentación y descarga de la ultima versión ir site principal: http://w3af.sourceforge.net/
SAPYTO - Framework para realizar Penetration Tests sobre sistemas SAP
SAPYTO es un Framework para realizar Penetration Tests sobre sistemas SAP. Permite que profesionales de seguridad lleven a cabo analisis de seguridad de diferentes componentes de implementaciones de SAP R/3.
Sapyto fue Presentado en Blackhat Europe 2007, fue liberado con varios modulos para analizar la seguridad de la implementacion de la interfaz RFC de los sistemas SAP. La arquitectura modular permite que los usuarios desarrollen sus propios modulos, extendiendo la funcionalidad y permitiendo que el Framework detected nuevas vulnerabilidades. Esta herramienta ha sido escrito en Python.
You’ll need these packages to make it work:
. Python development libraries (python-dev)
. GCC
. SAP’s RFC SDK
Link relacinado:
- Exploiting SAP Internals - A Security Analysis of the RFC Interface Implementation
- ERP Security and Segregation of Duties Audit:A Framework for Building an Automated Solution
miércoles 21 de mayo de 2008
Penetration Testing Framework 0.51 Released
El mes pasado vulnerabilityassessment.co.uk publico la versión 0.51 de una de las más difundidas metodologías de test de intrusión o de auditoría de vulnerabilidades, principalmente por su enfoque práctico. Fases:
- Pre-Inspection Visit
- Network Footprinting
- Discovery & Probing
- Enumeration
- Password Cracking
- Vulnerability Assesstment
- Network Backbone
- Server Specific Tests
- Penetration
- VoIP Security
- Physical Security
- Final Report
martes 27 de noviembre de 2007
FireCAT version 1.3 released (Firefox Catalog of Auditing exTensions)
Cambios de FireCAT version 1.3 released
- Category Information Gathering (Googling and Spidering).GSI Google Site indexer (GSI Creates Site Maps based on Google queries. Useful for both Penetration Testing and Search Engine Optimization. GSI sends zero packets to the host making it anonymous) (Thanks to Jeff Stewart)
- Category Information Gathering (Data mining)
Who is this person (Highlight any name on a web page and see matching information from Wink, LinkedIn, Wikipedia, Facebook, Google News, Technorati, Yahoo Person Search, Spock, WikiYou, ZoomInfo, IMDB, MySpace and more...)
FaceBook Toolbar (Search Facebook from anywhere The Search Box allows you to easily search Facebook no matter) - Category Information Gathering (Location info)
Router Status (Shows the current status of your router in the status bar and allows you to control it) - Category Security Auditing
XSS-Me (the Exploit-Me tool used to test for reflected Cross-Site Scripting (XSS) vulnerabilities)
SQL Inject-Me (the Exploit-Me tool used to test for SQL Injection vulnerabilities)
FireWatir (Watir is a simple open-source library for automating web browsers. It allows you to write tests that are easy to read and easy to maintain. It is optimized for simplicity and flexibility) - Category Network utilities (Database)
SQLite Manager (Manage any SQLite database on your computer.)
- Special greetings to Jonathan Danylko from dcs-media who suggested us to release a Hacker Guide for FireCAT. Well, it is a wonderful idea and guess what ! We are working on it. Anyway, If you got videos, articles about the extensions highlighted in FireCAT, let us know.
- Thanks for Claus Valca for writing an article about FireCAT.
Articulos relacionado y descarga de las herramientas
. FireCAT (Firefox Catalog of Auditing exTensions)
. FireCAT 1.3 Pdf (PDF - 176.4 kb)
. FireCAT 1.3 .mm source (Zip - 4.3 kb)
. Firecat 1.3 Browsable HTML (Zip - 37 kb)
Via security-database.com
Link relacionado:
Usando Firefox como framework para pen-testing
Vulnerability Assessment 2007 (Products Tested)
- Core Impact 6.0
- eEye REM Security Manager
- ISS Proventia Network
- NetClarity Branch Auditor 5.0
- Rapid7 NeXpose
- Saint Scanner + Exploit
- StillSecure VAM
- Tenable Nessus 3
- Tenable Network Security Passive Vulnerability Scanner
Summary
At between $2,000 and $4,000 for the appliance, plus $25,000 for a class C license, Rapid7 Nexpose is not cheap. But it delivers a lot of bang for the buck and we rate it our Best Buy in the hybrid class. In the scanner-only class, we rate NetClarity’s Branch Auditor 5.0 a Best Buy for its powerful performance, ease of use and excellent documentation. We rate Saint Scanner + Exploit Recommended for its useful combination of scanner and penetration tool. Support is first rate with Core Impact 6.0 from Core Security Technologies. Although the product seems pricey at $25,000, that license covers an unlimited range of IP addresses. We rate Core Impact as Lab Approved for its comprehensive capability in a production environment, performance and ease of use.
jueves 4 de octubre de 2007
Inguma (Penetration Testing Toolkit)
Características:
- Interface: Console/Terminal
- Ultima actualización: 0.0.6 Noviembre, 2007
- Sistema Operativo: OS Independent (Written in an interpreted language)
- El Framework incluye módulos para Discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler.
- Este kit de herramientas tiene los siguientes componentes:
- Nucleo y módulos - Los módulos que se encargan de recolectar la información del objetivo, exploits, etc. (Consola)
- PyQT, GUI - Una sencilla interface gráfica de la herramienta.
- Krash Fuzzer - Un fuzzer que cuenta con varios ejemplos de ataque.
- OpenDis - Una herramienta para tareas de desensamblado.
Version 0.0.6:
The new modules added to the discover, gather and brute sections are the following:
1. brutehttp: A brute forcer for HTTP servers.
2. extip : A tool to know your external IP address. Very usefull to check anonymous proxies, i.e.
3. nmbstat : A tool to gather NetBIOS information. (Enumeración)
4. ipscan : A tool to make IP protocol scans. The tool checks what IP protocols are enabled in the target. (Scan de Servicios)
5. arppoison: A tool to poison target's ARP cache. (Test: Envenamiento ARP)
Post Actualizado el 11/Ene/2008
miércoles 5 de septiembre de 2007
FireCAT 1.3 released (Firefox Catalog of Auditing exTensions)
- Category Information Gathering (Googling and Spidering)
GSI Google Site indexer (GSI Creates Site Maps based on Google queries. Useful for both Penetration Testing and Search Engine Optimization. GSI sends zero packets to the host making it anonymous) (Thanks to Jeff Stewart)
- Category Information Gathering (Data mining)
. Who is this person (Highlight any name on a web page and see matching information from Wink, LinkedIn, Wikipedia, Facebook, Google News, Technorati, Yahoo Person Search, Spock, WikiYou, ZoomInfo, IMDB, MySpace and more...)
. FaceBook Toolbar (Search Facebook from anywhere The Search Box allows you to easily search Facebook no matter)
- Category Information Gathering (Location info)
Router Status (Shows the current status of your router in the status bar and allows you to control it)
- Category Security Auditing
XSS-Me (the Exploit-Me tool used to test for reflected Cross-Site Scripting (XSS) vulnerabilities)
SQL Inject-Me (the Exploit-Me tool used to test for SQL Injection vulnerabilities)
FireWatir (Watir is a simple open-source library for automating web browsers. It allows you to write tests that are easy to read and easy to maintain. It is optimized for simplicity and flexibility)
- Category Network utilities (Database)
SQLite Manager (Manage any SQLite database on your computer.)
- FireCAT 1.3 .mm source (Zip - 4.3 kb)
- Firecat 1.3 Browsable HTML (Zip - 37 kb)
Actualizado
Entradas
No hay comentarios:
Publicar un comentario