www.ipnec.com | www.vxg.co | sales@ipnec.com

VAPT (Vulnerability Assessment & Penetration Testing) //Remedy

A Division

In Penetration Testing, part of a securityassessment practice attempts tosimulate the techniques adopted by anattacker in compromising the targetsystems. Our penetration testingmethodology is up to the mark withInternational Standards, combined withour extensive experience.

You may not always know you have aproblem – We tell you!

www.ipnec.com | www.vxg.co | sales@ipnec.com

• Assessment & Exploitation Process

• Project Process

• Generic Assessment

• Security Consulting

• VAPT Bird’s Eye Overview

• Vulnerability Assessment– SQLi (SQL Injection)

– XXS (Cross Site Scripting)

– XXE (XML External Entity)

www.ipnec.com | www.vxg.co | sales@ipnec.com

• Penetration Testing (PT)

• Benefits of PenTesting

• How many times to PenTest

• PenTesting Roadmap

• PenTesting Types– WebApp Penetration Testing

– Source-Code Penetration Testing (SAST/DAST)

– Wireless Penetration Testing

– Risk-Based Penetration Testing

www.ipnec.com | www.vxg.co | sales@ipnec.com

HUNT KILL REMIDIATE

Validate or

Analyze Client needs

Analyze ScopeSecure & optimize

Measure results Evalute

ResearchImplementation

Security Strategy

www.ipnec.com | www.vxg.co | sales@ipnec.com

⁞ “Whether we like it or not, hackers will get in – and they do get in, every day. The challenge is, yes, to minimize the Risk. But as we get more sophisticated, how do we

operate in an environment if we know they’re in our systems?”

Heather Crofford, CFO of Northrop Grumman

⁞ Approx Costs associated with the Targeted data breach that occurred in 2013 reached $148 million by the second quarter of 2014.

⁞ A 15-year-old once hacked NASA and caused a 21-day shutdown of their computers. (2013)

⁞ Sony got Hacked badly, assumably approx. around 100Terabytes of data was compromised & stolen.

(2014)

www.ipnec.com | www.vxg.co | sales@ipnec.com

www.ipnec.com | www.vxg.co | sales@ipnec.com

Perception Perfection

90% of the time the clues and hints are in front of us

What do you find on this slide that is not normal?

⁞ We audit, design and implement solutions in the areas of IP networking, firewalls, network

monitoring, high availability, vulnerability management, security policy development,

encryption, intrusion detection and prevention, content filtering, authentication, anti-virus,

anti-spam etc.

⁞ We reduce Security threats and implement strategies for

defending resources from external and internal threats.

⁞ Security is more than just implementing a solution, it’s a process.

⁞ You need to understand what you’re trying to protect, from whom

you are protecting it, how you will protect it and know when you have been successful.

⁞ Security is just a concept, until it is tested successfully.

www.ipnec.com | www.vxg.co | sales@ipnec.com

www.ipnec.com | www.vxg.co | sales@ipnec.com

⁞ We Probe the systems for Security holes

⁞ We DEFINE

⁞ We IDENTIFY

⁞ We CLASIFY

⁞ We don’t just create Panic

⁞ We assign relative levels of importance

⁞ We developing a strategy to deal

⁞ Defining and implement ways to minimize the consequences if an attack occurs

⁞ What is your ARL (Accepted Risk Level)?

www.ipnec.com | www.vxg.co | sales@ipnec.com

⁞ What you can’t crawl you can’t enumerate

⁞ Using Industry leading techniques in detecting the largest variety

⁞ Dynamic Application Security Testing (DAST), the number of tests is important, it is secondary to how well it can be crawled

⁞ In-depth SQLi (SQL Injection) and XSS (Cross-Site Scripting)

⁞ Advanced Detection of

⁞ DOM-based XSS

⁞ Blind XSS

⁞ XXE

⁞ Host Header Attacks

etc

www.ipnec.com | www.vxg.co | sales@ipnec.com

Continued..

www.ipnec.com | www.vxg.co | sales@ipnec.com

⁞ SQL Injection can be used in a range of ways to cause serious problems. There are 3 major categories

⁞ In-band SQLi (Classic SQLi)

⁞ Easy to exploit

⁞ Attacker is able to use the same communication channel to both launch the attack and gather results

⁞ 2 types

⁞ Error-Based in-band SQLi

⁞ Relies on error messages thrown by the database server

⁞ Union-based SQLi

⁞ The UNION SQL operator to combine the results of two or more SELECT statements

⁞ Single result which is then returned as part of the HTTP response

www.ipnec.com | www.vxg.co | sales@ipnec.com

In-Band

⁞ Out-of-band SQLi

⁞ Not very common

⁞ Depends on features being enabled

⁞ Attacker is unable to use the same channel to launch the attack & gather

⁞ Specially when server responses are unstable

⁞ Rely on the database server’s ability to make DNS or HTTP requests to deliver data to an attacker

⁞ Microsoft SQL Server’s xp_dirtree command, which can be used to make DNS requests to a server an attacker controls

⁞ Oracle Database’s UTL_HTTP package, which can be used to send HTTP requests from SQL and PL/SQL to a server an attacker controls

www.ipnec.com | www.vxg.co | sales@ipnec.com

Continued..

Out of Band

⁞ Blind SQLi (Inferential SQLi)

⁞ Attacker would not be able to see the result

⁞ Observing the response and the resulting behavior

⁞ No data is actually transferred; 2 types

⁞ Boolean-based Blind SQLi (content-based)

⁞ Immediately Returns a TRUE or FALSE result

⁞ Even though no data is returned

⁞ Very slow, attacked needs to enumerate character by character

⁞ Time-based Blind SQLi

⁞ Sending an SQL query, forces to wait for a specified amount of time

⁞ Response time indicates TRUE or FALSE

⁞ Example, If the first letter of the first database's name is an ‘1', wait for 10 seconds.

www.ipnec.com | www.vxg.co | sales@ipnec.com

Continued..

Blind

www.ipnec.com | www.vxg.co | sales@ipnec.com

X S SCross Site Scripting

⁞ DOM-based XSS

⁞ Client-side scripts write user provided data to the Document Object Model (DOM)

⁞ Data is read from DOM and output is sent to the browser

⁞ Attacker can inject a payload

⁞ This will be stored as part of the DOM and executed when the data is read back from the DOM

⁞ Attacker’s payload is never sent to the server

⁞ We can provide a trace of the injected payload as it moves inside of the browser’s DOM

www.ipnec.com | www.vxg.co | sales@ipnec.com

DOM-based

⁞ Blind XSS

⁞ Attacker payload is saved by the server and displayed in another part of the application or in another application

⁞ Payload can be saved by the server and only executed when the administrator visits/clicks the vulnerable Dashboard page

⁞ Time consuming

⁞ Contact/Feedback pages

⁞ Log viewers

⁞ Exception handlers

⁞ Chat applications / Forums

⁞ Customer ticket applications

⁞ Web Application Firewalls

⁞ Any application that requires user moderation

www.ipnec.com | www.vxg.co | sales@ipnec.com

Blind

Continued..

www.ipnec.com | www.vxg.co | sales@ipnec.com

X X EXML External Entity

⁞ XML input containing a reference to an external entity is processed by a weakly configured XML parser

⁞ Disclosing local files

⁞ Retrieving user access

www.ipnec.com | www.vxg.co | sales@ipnec.com

⁞ It is all about exploiting the vulnerabilities

⁞ You spend good budget on IT What if it all got compromised?

⁞ Are you sure your investmentis safe?

⁞ Firewalls & Antiviruses alone can’t stop hackers

www.ipnec.com | www.vxg.co | sales@ipnec.com

⁞ Intelligently manage vulnerabilities

⁞ Avoid the cost of downtimes

⁞ Avoid loss of data

⁞ Avoid leak of Confidential data

⁞ Meet regulatory requirements and avoid fines

⁞ Preserve corporate image and customer loyalty

www.ipnec.com | www.vxg.co | sales@ipnec.com

⁞ Avoid costs for remediation

⁞ Avoid Millions of dollars worth

loss of the hard-earned money

⁞ Why not identify and address

the risks now while you can?

continued..

www.ipnec.com | www.vxg.co | sales@ipnec.com

⁞ New vulnerabilities everyday, don’t stop just your business, they compromise your image too.

⁞ PenTests should be performed on a regular basis

⁞ This reveals newly discovered threats or emerging vulnerabilities that may potentially be attacked

Weaknesses

⁞ Additionally to regular analysis and assessment, PenTest whenever:• New network infrastructure or applications are added

• Significant upgrades or modifications are applied to infrastructure or applications

• New office or branc locations are established

• Security patches are applied

• End user policies are modified

• … etc

www.ipnec.com | www.vxg.co | sales@ipnec.com

⁞ Quality Infrastructures across the Region.

⁞ We specialize in a wide spectrum ofpenetration testing capabilities.

• Info gathering

• Foot-printing

• Vulnerability assessment

• Exploitation

• Reporting

⁞ Our penetration testing comprehends• All OS (Win, Linux, OSX)

• Web applications

• Client-server applications

• Infrastructure

• ERP systems

• Mobile applications

• wireless, social engineering, etc

www.ipnec.com | www.vxg.co | sales@ipnec.com

⁞ Web Application Penetration Testing

⁞ Source-code Security Testing

⁞ Network Penetration Testing

⁞ Network Security Consulting

⁞ Wireless Penetration Testing

⁞ Risk-based Penetration Testing

www.ipnec.com | www.vxg.co | sales@ipnec.com

Assess the security of the application by focusing on

⁞ Remotely exploitable vulnerabilities

⁞ Application architecture

⁞ Design & Implementation

We assess the controls with

⁞ Privilege levels

⁞ Development and delivery

⁞ Overall design of the applications

⁞ This helps to give the total threat profile of your web application

environment

www.ipnec.com | www.vxg.co | sales@ipnec.com

www.ipnec.com | www.vxg.co | sales@ipnec.com

Our team gets to work with the Code Authors/Owners/Developers to

⁞ Eliminate any code vulnerabilities

⁞ Eliminate any possible threats

⁞ Improvise any process

Code inspection types

⁞ Static Code Analysis (without execution of code)

⁞ Dynamic Code Analysis (with execution of code)

⁞ This type of a penetration test involves identifying the targets through

• Google searches

• WHOIS

• DNS queries

• …etc

⁞ Fingerprinting and identifying vulnerabilities

⁞ Limited exploitation is always done in terms of password guessing,

directory traversals, file uploads, etc

⁞ Before going for stronger exploitation methods such as Denial of

Service attacks, Buffer Overflow exploits, an so on, we take prior written

consent so as to not to cause possible consequences from the such

exploitation methods

www.ipnec.com | www.vxg.co | sales@ipnec.com

⁞ We offer the Auditing and Consultancy services to assist in understanding the

security posture of your WLAN and to configure it to the maximum security level

possible

⁞ We enumerate the Wireless Network then

Crack its encryption

⁞ We will proceed to crack the algorithm used to

secure the network

⁞ We then fully penetrate the appliance and gain

access over the entire Wireless network

Benefits of Wireless Auditing

⁞ Help understand the security vulnerabilities in current WLAN setup

⁞ Help to fix those issues

⁞ Help to get more control over wireless network

⁞ Help in increasing productivity

www.ipnec.com | www.vxg.co | sales@ipnec.com

⁞ The days and age of tool-based

scanning are long gone

⁞ Our real expertise comes into play

leveraging the test cases

combined with our strong understanding

of business processe across various industries

⁞ The need of today is for the hard-core and

manual pentesting and to understand the

risks associated with the app

⁞ This approach, then might also include social engineering attacks,

threat modelling, and other elements that might not be typical of a

traditional penetration testing exercise.www.ipnec.com | www.vxg.co | sales@ipnec.com

www.ipnec.com | www.vxg.co | sales@ipnec.com

www.ipnec.com | www.vxg.co | sales@ipnec.com

OSCP - C)PTE – CISSP – CRISC – CISM – ISO27001 – Lean SixSigma BlackBelt – ITIL etc

www.ipnec.com | www.vxg.co | sales@ipnec.com

A Division of Private Ltd