Penetration Testing

Penetration Testing is a software testing type in which, the software is exploited against vulnerabilities to check which part of the software is weak and can be exploited by attacker easily.

Penetration Testing is carried out to cope up with different types of security breaches. This testing is done to assure that, there are no such bugs and errors which can result for compromising of secure data.

The main concern is to check whether any access can be made by the attacker through the penetration of codes, SQL statements, scriptings to the software.

Why Penetration Testing?

  • Penetration Testing is required to check how the software acts when a trail for exploitation is made by inducing any vulnerabilities.
  • Penetration Testing is conducted to check whether, during the developmental phase of the software, any bugs or error has been induced which may act as leakage of secure data and can be used by the hacker.
  • Penetration Testing is done to assure that how much the software is going to be compromised during the attack and what are the ways to recover from it, with how much time.
  • Penetration Testing is mainly carried out to check the strength of the Web Application Firewall.
  • Penetration Testing can be carried out in the front end as well the back end. Therefore, this testing ensures security in the client side as well as the server side.

Steps of Penetration Testing

Penetration Testing is carried out basically in five steps. They are explained below:

Planning:

This is the first step in the penetration testing also the most important one. In this step, it is understood that what are the resources, that is the host, client, domain, etc which are going to be involved during the testing.

planning

Also, the collection of different algorithms, different data reports, intelligence reports are done at this stage. Here, information is collected about the origin of the packet generation, travel path, routing loops, the algorithms, etc.

This stage also called the set-up state for the initiation of the Penetration Testing, because all the software and the hardware set-ups are developed during this kind of testing.

Example: For checking a simple website with penetration testing, The domain, name servers, host, and web site and the backend coding may be sufficient.

Also, it is in this phase that all the requirements and all the test scenarios which are going to be implemented are going to be estimated.

Scanning

This is the second step in Penetration Testing. In this stage it is seen, understood and analyzed how the internal code of the software or the application is going perform when the test case will run the codes or on the software, which is to be tested.

penetration-scanning

This is the process of scanning how the target application behaves on the number of attempts which are made to break the system's security.

The process of scanning can be divided into two parts. One is the Dynamic Analysis and the other one is the Static Analysis.

  • Static Analysis: In this process, the coding is analyzed in static form, that is when the codes are not running and it is estimated how the code will behave when the test case will be applied on them.
  • Dynamic Analysis: In this process, the codes are analyzed in dynamic form, that is when the codes are in the running state. This is a practical approach and can be used to track the performance and output in real-time and as more accurate compared to dynamic analysis.
Gaining Access:

In this step, several attempts are made to break the security of the system. Several access-gaining mechanisms such as SQL injection, Cross_site Scripting, Backdoors are used to check to test whether the application can be exploited by any means.

access-gained

This process is not concerned whether any sessions are created for the user which would sustain or maintain the access, but only gaining access is the main concern of this process.

A brief Idea about some access mechanism :

  • SQL Injection: In this technique, some SQL queries and statements are injected into the backend coding, which may help the attacker to establish a connection with the server or gaining access to any important data repository.
  • Cross Site Scripting: In this technique, some kind browser scripting is sent through any web application to any user which then can eventually crash the user's website or break the system's security to gain access through the user's session into the database.
  • Backdoor : This is a mechanism through which the security mechanism can be bypassed while staying undetected. This can be like stealing session, etc.
Maintaining access:

In this step, it is tested whether the access which is gained is maintained or not. This is important because the attacker will able to perform his/her operation for stealing information or shutting down the system only if the access gained is sustained. As performing any actions requires a time.

maintain-access

This process is carried out to check whether persistence presence in the exploited area of the software is achieved. The main idea behind this test is that, for gaining data which are used in day to day usage of the application or bigger form of data, needs in-depth and sustainable access.

Analysis:

When all the phases are complete and the test has started, now it is the time to collect the report. The report should be documented mentioning the time required for the simulation, time to find the successive flaws, time taken for the application to respond after a penetration is made, etc.

analysis

The result mainly will contain :

  • List of all the vulnerabilities that have been exploited and the responses made by the application.
  • Sensitive data accessed or any kind of data leakage that was explored.
  • Time taken by the simulator to gain access.
  • For how much time the access remain granted in the application.
  • The response taken by the software to overcome the attack.

Active Testing

Methods of Penetration Testing

External Testing:

In External Testing, the testing is carried out on the elements which are visible to the external world. Such elements include- the application interface, the webpage (in case of web applications), the domain, the hosting site, or like company website, the company email, etc.

Here, the goal is to use the interface of the software or external links provided by the company or the organizations itself, to gain access and steal information from the database or the website itself.

Internal Testing:

In Internal Testing, the testing is carried out on the elements which are not visible to the external world.

For example, in the banking sector, the employee is assigned with credentials such as user name and password, for logging into the banking application.

These application interfaces are not accessible by the general users or the account holders. Now attacker may send a link into the employee's email and thus the clicking on the link may automatically send the credentials to the attacker.

Now, when the attacker is equipped with the credentials, it becomes easier for the attacker to start hacking without breaking the bank's firewall.

Internal testing is all about attacking those security barriers of a company, organization or software which are not visible or accessible to users not belonging to the company and the organization.

Blind Test:

While performing this test, the attacker is given only the website name, and the attacker is not aware of the internal and external elements of the software. This is called a blind test because the attacker figures it out on which field the attack should be initiated.

And while the attack occurs, it happens without notifying the tester about the attack. This is done to build a real scenario. This is a presentation of a real attack.

This type of testing is important because this invokes a real-time attack and thus the tester or analyzer of the test can be aware of how a sudden attack will look like, this is also called double blind test.

Targetted Testing:

In this kind of testing, the person performing the penetration and the security personal works collaboratively. During this test, both share their real-time data with each other. This is like an exercise for both the tester and the security personnel.

Compliance Testing

Penetration Testing Tools

Metasploit:

Metasploit is a collection of various penetration testing tools. It is a very popular tool and can be used to exploit vulnerabilities, manage securities attack evaluations, and can be helpful for designing methodologies for a test case or virtual attacks.

This tool is very popular among different IT professionals, testers, and developers and is being used from time to time.

Nmap:

Nmap is a network Mapper. This is an open source tool and is mainly used in the scanning stage of penetration testing, for scanning vulnerabilities. This tool is integrated with other different functionality such as monitoring of host or network service uptime, etc.

The advantage of Nmap is that it runs on almost all popular operating system and can be used as a scanner in small as well as larger networks.

Due to the integration of utility inside it, it can be used to understand or track the characteristics of any target network, also the hosts available in the network, and the OS running in the network, type of packet filters and any other important attributes characteristics.

Wireshark:

This is a network analyzer tool and is/ can be used in the analysis stage of penetration testing. This is a handy tool designed to check at any part of the network, by capturing any individual packets then analyzing their behavior.

This tool is mostly applied when a packet behavior such as- what is the origin of a packet? What is the destination of a packet? what is the length of the packet? Moreover, the internal structure and data contents of a packet can also be checked and analyzed.

There are some other penetration testing tools like:

  • Aircrack-ng
  • John the Ripper
  • Nessus
  • Burpsuite, etc.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions