Vulnerabilities vs Penetration Testing

advertisement
Vulnerability Assessment
& Penetration Testing
By: Michael Lassiter Jr. (@EthicalMJPen)
Vulnerability Assessment
Vulnerability Assessment:
• Is the assessment of a system to determine if it has vulnerabilities or
weaknesses that need to be resolved or patched.
• Is also known as a security audit.
• Can be performed by one person or a team of vulnerability researchers or
security engineers.
• Is often known as a flaw or weakness that could be exploited by an outside
attacker or compromised by internal personnel.
• Is necessary because many organizations, companies, and health facilities are
required to meet certain compliance.
• HIPPA regulations are important so that health facilities hire the services
of pen testers in order to meet compliance with vulnerability assessment
being a great portion of the service.
VULNERABILITY ASSESSMENT & PEN TESTING
Vulnerability Assessment Tools
• Nessus is on of the most popular vulnerability scanning tools. It is a commercial
product and many companies often desire an individual that is skilled with it.
• OpenVas, which is the older open-source version of Nessus, is still available. It
comes pre-packaged with Linux distributions such as Kali Linux.
• Nexpose – The vulnerability scanner, which is by Rapid 7, is available and
highly capable of scanning a system for vulnerabilities with accuracy.
• There are plenty of open-source tools available, so I suggest that you take
time to try them in your virtual lab.
• Do not choose an active target under any circumstances without
authorization. Always obey the law!
VULNERABILITY ASSESSMENT & PEN TESTING
Vulnerability Assessment Key Points
• Vulnerability Assessments do not involve any steps to fix or apply patches to a
system.
• The objective of a vulnerability assessment is to determine the vulnerabilities
and report them to the client.
• The assessment must be requested and authorized by the client prior to the
performance of the assessment.
• The laws and permission of the client are in place to protect the client and
security engineer form liabilities and legal backlash.
VULNERABILITY ASSESSMENT & PEN TESTING
Penetration Testing
• Penetration Testing includes the actual exploitation of the vulnerabilities that
are discovered during the phases of the vulnerability assessment.
• It includes vulnerability assessment; however, vulnerability assessment does
not include penetration testing.
• Rules of engagement (ROE) are signed and understood by both parties before
the beginning of a penetration test. The ROE limits the penetration testers from
touching targets that are not permitted by the client.
VULNERABILITY ASSESSMENT & PEN TESTING
Penetration Testing – Black Box, Gray Box, and White Box Testing
• Penetration testing usually falls under three categories: Black Box, Gray Box,
and White Box.
• Black Box does not include any knowledge of the structure of the system,
so this type of testing simulates the approach of an outside attacker.
• Gray Box includes only a limited knowledge of the layout of the target.
• White Box testing occurs when a penetration tester has complete
knowledge of the layout of the target(s).
VULNERABILITY ASSESSMENT & PEN TESTING
Penetration Testing – Personal Experiences
• My personal experience in pen testing is primarily from a black box testing
perspective. Black box testing will surely test your knowledge and training in
penetration testing.
• If the penetration test requires a team, the success of the it is heavily dependent
on the cohesion of the team. A strength in one can balance the weakness in
another.
• Penetration testing is not about ramming a tool into the most fortified part of a
system, but using it to exploit the overlooked weaknesses.
• During a pen test, my team had to request permission to touch additional
system that were found. We then received permission. The rules of
engagement are in place for a reason.
VULNERABILITY ASSESSMENT & PEN TESTING
Conclusion
• The key difference between vulnerability assessment and penetration testing is
the lack of exploitation in vulnerability assessment and the actual exploitation
in penetration testing.
• Permission must be granted to carry out either or both of these operations.
• Obey the cybercrime laws and regulations at all times.
• There are many available tools, yet one should not simply rely on only one tool
to fit every situation.
• To gain further experience and training; research OWASP, create virtual labs,
and complete the training on Cybrary.
VULNERABILITY ASSESSMENT & PEN TESTING
A special thank you to Michael Lassiter for his submissions to Cybrary. We
appreciate every member and hope that you enjoy expanding your knowledge
through the training and resources provided.
Thank you for your continued support!
- Cybrary Staff
VULNERABILITY ASSESSMENT & PEN TESTING
Download