info@autobcm.com | +971 4 3695306

Penetration Testing

Identifying Risks through Pentration Testing

Penetration tests are a great way to identify vulnerabilities present in a system or network that has existing security measures in place. A penetration test usually involves the use of attacking methods conducted by trusted individuals that are similarly used by hostile intruders or hackers.

Depending on the type of test that is conducted, this may involve a simple scan of IP addresses to identify machines that are offering services with known vulnerabilities or even exploiting known vulnerabilities that exist in an un-patched operating system. The results of these tests or attacks are then documented and presented as a report to the owner of the system and the vulnerabilities identified can then be resolved.

Penetration tests are often done for two reasons. This is either to increase upper management awareness of security issues or to test intrusion detection and response capabilities. It also helps in assisting the higher management in decision-making processes.

The management of an organization might not want to address all the vulnerabilities that are found in a vulnerability assessment, but might want to address its system weaknesses that are found through a penetration test. This can happen as addressing all the weaknesses that are found in a vulnerability assessment can be costly and most organizations might not be able to allocate the budget to do this.

Ascent Resilience Penetration Testing Methodology

Ascent Technology has developed a custom process for conducting these tests.  This process includes:

  • Custom penetration testing tools developed by Ascent Technology
  • A detailed process document and checklist for conducting penetration tests
  • Publicly available tools, which have undergone an extensive review in Ascent Technology product testing labs. This includes an examination of source code, and monitoring of the tools with sniffers and network activity analyzers

The penetration testing team who are responsible for developing new penetration testing tools, feeding all of the latest vulnerabilities and exploits into our documented process and knowledge database, and supporting our staff for custom scripts and procedures required to explore a potential new exploit

The workflow followed to perform this test is similar to the one presented in the Penetration Tests sections, the main difference is the type of techniques used during the implementation (going deep and thoroughly at the application layer).

ascent-technology-penetration-testing-methodology

Ascent Penetration Testing Services:

  • External network penetration testing
  • Internal network penetration testing
  • Web application penetration testing
  • Mobile application penetration testing
  • Wireless penetration testing
  • Physical penetration testing
  • Social engineering (includes phishing simulation)
  • Standalone application testing

External Web Application Penetration Test

Web applications can constitute a vulnerable critical asset and also a potential access to other assets (e.g. back office applications on internal networks). Ascent recommends therefore carrying out some tests to check the security level of the web application server and also to check that it is not possible to use it to gain access to the internal network.

The scope of this test is a web application server accessible from a standard browser (for operational reasons, it is also possible to test a development or test instance of the web server to avoid any inconvenience on operations provided that Ascent can get a remote access to it).

To perform this task, Ascent Technology will:

  • Give a detailed planning of all tests (when the tests will be led, what kind of tests, how long they will last, etc.)
  • Carry out the tests in order to identify the systems in the internet-perimeter and their potential vulnerabilities, once the client validates the planning

Immediately warn you and give details about any critical vulnerability discovered along with the corrective action to be carried out by your company.

We understand, it is important to note that a penetration test is a combination of automated and manual testing, as shown in the table below:

  Automated tools Manual
System testing 50% 50%
Network testing 30% 70%
Web application testing 20% 80%

 

The deliverable of external web application penetration consists of a report indicating:

  • An executive summary of context and major issues identified
  • A general summary presenting the security level of the web applications tested
  • Proof of penetration
  • All discovered services and vulnerabilities of the selected perimeter
  • All major weaknesses and attention points discovered during the tests
  • Statistical information about the vulnerabilities according to the level of the vulnerability (e.g. information, minor, major, critical)
  • A set of recommendations aiming to mitigate the discovered risks, flaws and vulnerabilities

Internal Penetration Test

The objective of this assessment is to evaluate the level of security of the Information Systems of IS from an attack from an internal connection on IS’s network and to obtain evidence of the different weaknesses that a malicious user could exploit in order to compromise the availability, confidentiality, integrity or traceability of the Information Systems of IS.

This assessment will be conducted within the site of IS and will begin without prior information supplied by IS.

1.1     Step 1: Passive understanding

The objective of this phase is to identify, in a passive manner and using the internal network of IS:

  • The systems;
  • The position of different systems;
  • Information flows;
  • The authentication systems;
  • Trust relationships between systems

1.2     Step 2: Active understanding

The objective of this step is to complete the analysis of step 1 and to confirm the results.

Ascent Technology will determine the network topology of the communication channels between the systems identified that are within the scope of the project.  In order to do this, we will use techniques and tools, considered as being weakly intrusive, notably:

  • Techniques used to discover the location of systems within the environment;
  • Scanning techniques for UDP / TCP;
  • Fingerprinting techniques for Operating Systems;
  • Fingerprinting techniques for active services

1.3     Step 3: Search for Vulnerabilities

The objective of this step is to search for potential vulnerabilities on the network, servers, and services identified in step 2.

In effect, for each element present within the topology identified in step 2, we will research vulnerabilities based on the makes and models of the operating systems and the services offered by the components identified in the scope of the project.  During this research, we will use public databases available on the Internet as well as the vulnerability database of Ascent Technology.

1.4     Step 4: Exploitation of Vulnerabilities & Intrusion Tests

The objective of this step is to exploit the vulnerabilities identified during step 3, with the aim of penetrating the Information Systems of IS from the local network.

We will test and try to exploit vulnerabilities highlighted during the previous phase.  Following logical penetration of a server, we will obtain trophies defined during the kick-off meeting.  We will also attempt to follow this penetration through to elements on the local network of IS, upon formal approval from IS.  It should be noted that this technique permits us to bypass filtering controls.

We understand, it is important to note that a penetration test is a combination of automated and manual testing, as shown in the table below:

  Automated tools Manual
System testing 50% 50%
Network testing 30% 70%
Web application testing 20% 80%

The deliverable of internal penetration testing consists of a report indicating:

  • An executive summary of context and major issues identified
  • A general summary presenting the security level of the web applications tested
  • Proof of penetration
  • All discovered services and vulnerabilities of the selected perimeter
  • All major weaknesses and attention points discovered during the tests
  • Statistical information about the vulnerabilities according to the level of the vulnerability (e.g. information, minor, major, critical)
  • A set of recommendations aiming to mitigate the discovered risks, flaws and vulnerabilities