vapt (vulnerability assessment & penetration testing) //remedy · vapt (vulnerability...
TRANSCRIPT
www.ipnec.com | www.vxg.co | [email protected]
VAPT (Vulnerability Assessment & Penetration Testing) //Remedy
A Division
In Penetration Testing, part of a securityassessment practice attempts tosimulate the techniques adopted by anattacker in compromising the targetsystems. Our penetration testingmethodology is up to the mark withInternational Standards, combined withour extensive experience.
You may not always know you have aproblem – We tell you!
www.ipnec.com | www.vxg.co | [email protected]
• Assessment & Exploitation Process
• Project Process
• Generic Assessment
• Security Consulting
• VAPT Bird’s Eye Overview
• Vulnerability Assessment– SQLi (SQL Injection)
– XXS (Cross Site Scripting)
– XXE (XML External Entity)
www.ipnec.com | www.vxg.co | [email protected]
• Penetration Testing (PT)
• Benefits of PenTesting
• How many times to PenTest
• PenTesting Roadmap
• PenTesting Types– WebApp Penetration Testing
– Source-Code Penetration Testing (SAST/DAST)
– Wireless Penetration Testing
– Risk-Based Penetration Testing
www.ipnec.com | www.vxg.co | [email protected]
HUNT KILL REMIDIATE
Validate or
Analyze Client needs
Analyze ScopeSecure & optimize
Measure results Evalute
ResearchImplementation
Security Strategy
www.ipnec.com | www.vxg.co | [email protected]
⁞ “Whether we like it or not, hackers will get in – and they do get in, every day. The challenge is, yes, to minimize the Risk. But as we get more sophisticated, how do we
operate in an environment if we know they’re in our systems?”
Heather Crofford, CFO of Northrop Grumman
⁞ Approx Costs associated with the Targeted data breach that occurred in 2013 reached $148 million by the second quarter of 2014.
⁞ A 15-year-old once hacked NASA and caused a 21-day shutdown of their computers. (2013)
⁞ Sony got Hacked badly, assumably approx. around 100Terabytes of data was compromised & stolen.
(2014)
www.ipnec.com | www.vxg.co | [email protected]
www.ipnec.com | www.vxg.co | [email protected]
Perception Perfection
90% of the time the clues and hints are in front of us
What do you find on this slide that is not normal?
⁞ We audit, design and implement solutions in the areas of IP networking, firewalls, network
monitoring, high availability, vulnerability management, security policy development,
encryption, intrusion detection and prevention, content filtering, authentication, anti-virus,
anti-spam etc.
⁞ We reduce Security threats and implement strategies for
defending resources from external and internal threats.
⁞ Security is more than just implementing a solution, it’s a process.
⁞ You need to understand what you’re trying to protect, from whom
you are protecting it, how you will protect it and know when you have been successful.
⁞ Security is just a concept, until it is tested successfully.
www.ipnec.com | www.vxg.co | [email protected]
www.ipnec.com | www.vxg.co | [email protected]
⁞ We Probe the systems for Security holes
⁞ We DEFINE
⁞ We IDENTIFY
⁞ We CLASIFY
⁞ We don’t just create Panic
⁞ We assign relative levels of importance
⁞ We developing a strategy to deal
⁞ Defining and implement ways to minimize the consequences if an attack occurs
⁞ What is your ARL (Accepted Risk Level)?
www.ipnec.com | www.vxg.co | [email protected]
⁞ What you can’t crawl you can’t enumerate
⁞ Using Industry leading techniques in detecting the largest variety
⁞ Dynamic Application Security Testing (DAST), the number of tests is important, it is secondary to how well it can be crawled
⁞ In-depth SQLi (SQL Injection) and XSS (Cross-Site Scripting)
⁞ Advanced Detection of
⁞ DOM-based XSS
⁞ Blind XSS
⁞ XXE
⁞ Host Header Attacks
etc
www.ipnec.com | www.vxg.co | [email protected]
Continued..
www.ipnec.com | www.vxg.co | [email protected]
⁞ SQL Injection can be used in a range of ways to cause serious problems. There are 3 major categories
⁞ In-band SQLi (Classic SQLi)
⁞ Easy to exploit
⁞ Attacker is able to use the same communication channel to both launch the attack and gather results
⁞ 2 types
⁞ Error-Based in-band SQLi
⁞ Relies on error messages thrown by the database server
⁞ Union-based SQLi
⁞ The UNION SQL operator to combine the results of two or more SELECT statements
⁞ Single result which is then returned as part of the HTTP response
www.ipnec.com | www.vxg.co | [email protected]
In-Band
⁞ Out-of-band SQLi
⁞ Not very common
⁞ Depends on features being enabled
⁞ Attacker is unable to use the same channel to launch the attack & gather
⁞ Specially when server responses are unstable
⁞ Rely on the database server’s ability to make DNS or HTTP requests to deliver data to an attacker
⁞ Microsoft SQL Server’s xp_dirtree command, which can be used to make DNS requests to a server an attacker controls
⁞ Oracle Database’s UTL_HTTP package, which can be used to send HTTP requests from SQL and PL/SQL to a server an attacker controls
www.ipnec.com | www.vxg.co | [email protected]
Continued..
Out of Band
⁞ Blind SQLi (Inferential SQLi)
⁞ Attacker would not be able to see the result
⁞ Observing the response and the resulting behavior
⁞ No data is actually transferred; 2 types
⁞ Boolean-based Blind SQLi (content-based)
⁞ Immediately Returns a TRUE or FALSE result
⁞ Even though no data is returned
⁞ Very slow, attacked needs to enumerate character by character
⁞ Time-based Blind SQLi
⁞ Sending an SQL query, forces to wait for a specified amount of time
⁞ Response time indicates TRUE or FALSE
⁞ Example, If the first letter of the first database's name is an ‘1', wait for 10 seconds.
www.ipnec.com | www.vxg.co | [email protected]
Continued..
Blind
www.ipnec.com | www.vxg.co | [email protected]
X S SCross Site Scripting
⁞ DOM-based XSS
⁞ Client-side scripts write user provided data to the Document Object Model (DOM)
⁞ Data is read from DOM and output is sent to the browser
⁞ Attacker can inject a payload
⁞ This will be stored as part of the DOM and executed when the data is read back from the DOM
⁞ Attacker’s payload is never sent to the server
⁞ We can provide a trace of the injected payload as it moves inside of the browser’s DOM
www.ipnec.com | www.vxg.co | [email protected]
DOM-based
⁞ Blind XSS
⁞ Attacker payload is saved by the server and displayed in another part of the application or in another application
⁞ Payload can be saved by the server and only executed when the administrator visits/clicks the vulnerable Dashboard page
⁞ Time consuming
⁞ Contact/Feedback pages
⁞ Log viewers
⁞ Exception handlers
⁞ Chat applications / Forums
⁞ Customer ticket applications
⁞ Web Application Firewalls
⁞ Any application that requires user moderation
www.ipnec.com | www.vxg.co | [email protected]
Blind
Continued..
www.ipnec.com | www.vxg.co | [email protected]
X X EXML External Entity
⁞ XML input containing a reference to an external entity is processed by a weakly configured XML parser
⁞ Disclosing local files
⁞ Retrieving user access
www.ipnec.com | www.vxg.co | [email protected]
⁞ It is all about exploiting the vulnerabilities
⁞ You spend good budget on IT What if it all got compromised?
⁞ Are you sure your investmentis safe?
⁞ Firewalls & Antiviruses alone can’t stop hackers
www.ipnec.com | www.vxg.co | [email protected]
⁞ Intelligently manage vulnerabilities
⁞ Avoid the cost of downtimes
⁞ Avoid loss of data
⁞ Avoid leak of Confidential data
⁞ Meet regulatory requirements and avoid fines
⁞ Preserve corporate image and customer loyalty
www.ipnec.com | www.vxg.co | [email protected]
⁞ Avoid costs for remediation
⁞ Avoid Millions of dollars worth
loss of the hard-earned money
⁞ Why not identify and address
the risks now while you can?
continued..
www.ipnec.com | www.vxg.co | [email protected]
⁞ New vulnerabilities everyday, don’t stop just your business, they compromise your image too.
⁞ PenTests should be performed on a regular basis
⁞ This reveals newly discovered threats or emerging vulnerabilities that may potentially be attacked
Weaknesses
⁞ Additionally to regular analysis and assessment, PenTest whenever:• New network infrastructure or applications are added
• Significant upgrades or modifications are applied to infrastructure or applications
• New office or branc locations are established
• Security patches are applied
• End user policies are modified
• … etc
www.ipnec.com | www.vxg.co | [email protected]
⁞ Quality Infrastructures across the Region.
⁞ We specialize in a wide spectrum ofpenetration testing capabilities.
• Info gathering
• Foot-printing
• Vulnerability assessment
• Exploitation
• Reporting
⁞ Our penetration testing comprehends• All OS (Win, Linux, OSX)
• Web applications
• Client-server applications
• Infrastructure
• ERP systems
• Mobile applications
• wireless, social engineering, etc
www.ipnec.com | www.vxg.co | [email protected]
⁞ Web Application Penetration Testing
⁞ Source-code Security Testing
⁞ Network Penetration Testing
⁞ Network Security Consulting
⁞ Wireless Penetration Testing
⁞ Risk-based Penetration Testing
www.ipnec.com | www.vxg.co | [email protected]
Assess the security of the application by focusing on
⁞ Remotely exploitable vulnerabilities
⁞ Application architecture
⁞ Design & Implementation
We assess the controls with
⁞ Privilege levels
⁞ Development and delivery
⁞ Overall design of the applications
⁞ This helps to give the total threat profile of your web application
environment
www.ipnec.com | www.vxg.co | [email protected]
www.ipnec.com | www.vxg.co | [email protected]
Our team gets to work with the Code Authors/Owners/Developers to
⁞ Eliminate any code vulnerabilities
⁞ Eliminate any possible threats
⁞ Improvise any process
Code inspection types
⁞ Static Code Analysis (without execution of code)
⁞ Dynamic Code Analysis (with execution of code)
⁞ This type of a penetration test involves identifying the targets through
• Google searches
• WHOIS
• DNS queries
• …etc
⁞ Fingerprinting and identifying vulnerabilities
⁞ Limited exploitation is always done in terms of password guessing,
directory traversals, file uploads, etc
⁞ Before going for stronger exploitation methods such as Denial of
Service attacks, Buffer Overflow exploits, an so on, we take prior written
consent so as to not to cause possible consequences from the such
exploitation methods
www.ipnec.com | www.vxg.co | [email protected]
⁞ We offer the Auditing and Consultancy services to assist in understanding the
security posture of your WLAN and to configure it to the maximum security level
possible
⁞ We enumerate the Wireless Network then
Crack its encryption
⁞ We will proceed to crack the algorithm used to
secure the network
⁞ We then fully penetrate the appliance and gain
access over the entire Wireless network
Benefits of Wireless Auditing
⁞ Help understand the security vulnerabilities in current WLAN setup
⁞ Help to fix those issues
⁞ Help to get more control over wireless network
⁞ Help in increasing productivity
www.ipnec.com | www.vxg.co | [email protected]
⁞ The days and age of tool-based
scanning are long gone
⁞ Our real expertise comes into play
leveraging the test cases
combined with our strong understanding
of business processe across various industries
⁞ The need of today is for the hard-core and
manual pentesting and to understand the
risks associated with the app
⁞ This approach, then might also include social engineering attacks,
threat modelling, and other elements that might not be typical of a
traditional penetration testing exercise.www.ipnec.com | www.vxg.co | [email protected]
www.ipnec.com | www.vxg.co | [email protected]
www.ipnec.com | www.vxg.co | [email protected]
OSCP - C)PTE – CISSP – CRISC – CISM – ISO27001 – Lean SixSigma BlackBelt – ITIL etc
www.ipnec.com | www.vxg.co | [email protected]
A Division of Private Ltd