Penetration testing: A penetration test, or pen test, is an attempt to exploit weaknesses or vulnerabilities in systems, networks, human resources, or physical assets in order to stress test the effectiveness of security controls. Such assessments are also useful in validating the efficacy of defensive mechanisms, as well as end-user adherence to security policies.
Concepts of penetration testing.
Active reconnaissance: is a computer attack where hackers communicate with a target system to collect information. The process involves probing a network for weaknesses, such as open ports or other possible entry points that include vulnerable routers.
Passive reconnaissance: is an attempt to gather information about targeted computers and networks without actually communicating with them. Think of passive reconnaissance as stalking someone on social media. While you’re not necessarily talking directly to your subject, you are actively seeking information on him/her.
The main difference between active and passive reconnaissance lies in the method. In active reconnaissance, the attackers actually interact with a target network and so leave trails. In passive reconnaissance, they do not actively engage with systems, leaving fewer or no clues of their presence.
Pivot: This is when an attacker or penetration tester uses a computer it has already penetrated to then attack a different computer. This avoids the need for direct access to that computer. Pivoting is a powerful technique in the arsenal of a web application penetration tester (pen test).
Initial exploitation: If defenders are unable to stop hackers after they’ve conducted reconnaissance, those hackers then look for an initial exploitation vector by which they can gain access to their target’s network. This phase usually takes the form of spear-phishing, water-holing attacks, exploiting a known CVE vulnerability or conducting SQL injection
Persistence: Persistent threat is an attack in which an unauthorized user gains access to a system or network and remains there for an extended period of time without being detected. Advanced persistent threats generally do not cause damage to company networks or local machines. Instead, the goal of advanced persistent threats is most often data theft. They commonly do so by escalating privileges, finding the Run Keys or getting into scripts.
Escalation of privilege: This is the exploitation of a programming error, vulnerability, design flaw, configuration oversight or access control in an operating system or application to gain more permissions and a higher level of access to systems or applications than their administrators intended.
Types of penetration testing
It is easier to divide the categories of penetration testing into the three main types: black-box, grey-box, and white-box penetration testing. These three types differ on the level of knowledge and access that is granted to the security consultant (i.e. penetration tester) when the engagement begins.
Black box: Black box testing refers to a method of software security testing in which the security controls, defenses and design of an application are tested from the outside-in, with little or no prior knowledge of the application’s internal workings. Essentially, black-box testing takes an approach similar to that of a real attacker.
White box: (also known as Clear Box Testing, Open Box Testing, Glass Box Testing, Transparent Box Testing, Code-Based Testing or Structural Testing), is an approach that allows testers to inspect and verify the inner workings of a software system—its code, infrastructure, and integrations with external systems.
Grey box: Grey box testing is for a presenter with only partial knowledge of the internal structure of a network. Grey box testing is the perfect hybrid of the straightforwardness of black box testing and the code targeting of white box testing.
Penetration testing VS vulnerability scanning:
We know what penetration testing is, now what is vulnerability scanning?
Vulnerability scanning: Also known as vulnerability assessments, vulnerability scans assess computers, systems, and networks for security weaknesses, also known as vulnerabilities. These scans are typically automated and give a beginning look at what could possibly be exploited.
Penetration testing and Vulnerability scanning are both critical to a comprehensive security strategy. They are powerful tools to monitor and improve an organization’s network environment.