Penetration testing, also known as ethical hacking or white hat hacking can be carried out in teams or by individuals looking to test a target system for vulnerabilities in the target network, server or device (s), prior to deciding for certain if they will attack or not. Those who carry out penetration tests include in-house employees at the targeted organisation or security firms which provide specific penetration testing services.
Types of Penetration Testing
The type of penetration testing implemented typically depends on the needs of the requesting organisation or client. Also known as Pen Testing, the following are three important types of penetration testing:
- Black Box Penetration Testing – Where the tester is unaware of the system that they are required to test and are required to research the target network or system. A certain outcome can be expected however, how the outcome comes to be is not known. Programming codes are not examined if this method is used.
- White Box Penetration Testing – Also known as open box testing, this type of testing involves informing the tester of information regarding the system, the network, the IP address, source code and more. This type of testing is used to simulate an attack by an internal source. Code coverage data flow, path testing and loop testing is inspected.
- Grey Box Penetration Testing – This is where the tester is provided with limited information concerning the details of a given program of a system. This type of pen testing is used to simulate an external hacker who has forced an entry into the targeted network.
Areas of Penetration Testing
There are 6 main types of penetration testing available to be practiced. These include the following:
External Network Testing
This type of penetration testing reviews the amount of information publicly available regarding your externally facing assets for example, company emails and websites. Your organisation’s information available to the public and data access attempts are screened. An example of an external penetration test can be an attempt to breach the given firewall, an attempt to use leaked public and private data and the use of internally developed tools to brute force a network. These forms of exploits are commonly carried out by a hacker.
Internal Network Testing
In some cases, those tasked to perform penetration tests will do so under the role of a malicious insider or from the perspective of a disgruntled employee who retains certain legitimate access to the internal network.
For this method of penetration testing, the impact of altered, leaked or destroyed confidential information is analysed. The results gathered from this is then used to convey required improvements for system privilege access security, patch management, segmentation, vulnerable applications and protocol abuse.
Social Engineering Testing
Social engineering testing is a measure of how prone your staff or any user is to releasing confidential, sensitive information. Social engineering typically involves emotional blackmail as a means to manipulating targets into providing their personal data to cyber criminals.
A common cyber crime which falls into the social engineering category is phishing. This consists of someone pretending to be a legitimate figure for example, a member of a well-known organisation and asking for money transfer under a sense of fake urgency. White hat penetration testers may conduct tests designed to manipulate employees into providing shared protected information in order to reveal which areas these employees need further security training.
This involves imitating a physical breach upon security. In some cases, criminals may pose as someone who does not seem suspicious in order to gain access to your building, an office or to gather their target’s personal detail.
Additionally, these intruders may also plug a malware injecting device such as an infected USB to gain access to the target network or device.
Those within the range of your wireless connection may be secretly viewing all of the wireless activity you and your organisation engages in as a result of an underlying vulnerability in the network.
In order to prevent this, wireless penetration testing is key to discovering and fixing any vulnerabilities found in the WiFi and wireless devices used.
This type of penetration testing assesses the design, the progress, it’s application and the actual use. Flaws in the program’s security protocol are scanned for including unpatched surfaces, vulnerability openings, applications that operate on internal networks and applications which are applied on end-user devices and remote systems.
Common Steps Part of Most Pen Testing Scenarios
While each penetration tests may be conducted differently depending on the needs of the client, the following seven steps laid out by the Penetration Testing Executing Standard (PTES) will be commonly implemented in many pen tests:
- Pre-engagement – To establish the scope and goals of the test.
- Information gathering – This can include gathering details of the target company from publicly available sources or through open-source intelligence.
- Threat modelling – Which involves the pen tester replicating the capabilities and motivations behind a hacker and determine which areas of the target organisation is more likely to attract an attacker’s attention.
- Vulnerability analysis – Which involves inspecting for security flaws.
- Exploitation – Where the pen tester uses the discovered vulnerabilities to gain entry into the targeted organisation’s systems.
- Post Exploitation – Where the pen tester attempts to retain their control of the breached system. It is important to have a pre-set list of conditions between the client and the pen tester prior to this stage.
- Reporting – Where a comprehensive report of the pen test needs to be provided to the client highlighting all of the risk and vulnerabilities detected.
The Top Penetration Testing Tools Available for Use
- Kali Linux
- John the Ripper
- Zed Attack
Training and Certification
Penetration testing is a common area of study in subjects including computer science and IT. Many clients will of course want to see certificate of attendance from reputable institutes and the following is a list of some of these:
- Certified Ethical Hacker and Licensed Penetration Tester (Master) from EC-Council.
- Certified Penetration Tester and Certified Expert Penetration Tester from IACRB.
- Certified Mobile and Web Application Penetration from CMWAPT.
- Exploit Researcher and Advanced Penetration Tester from GXPN.
- Penetration Tester from GIAC.
To summarise, penetration testing is a highly specialised practice which is critical to maintaining the security of a given organisation. Data is becoming more frequently stored online and therefore, routinely performing penetration tests will help secure the necessary sensitive information and prevent it from becoming extracted and sold among cyber criminals. Therefore, the need for penetration tests will continue to grow.