Learn Penetration Testing From Scratch - Introduction

What is Penetration Testing ? 
A penetration test, also known as a pen test, is a simulated cyber attack against your computer system to check for exploitable vulnerabilities. In the context of web application security, penetration testing is commonly used to augment a web application firewall (WAF)

Pen testing can involve the attempted breaching of any number of application systems, (e.g., application protocol interfaces (APIs), frontend/backend servers) to uncover vulnerabilities, such as unsanitized inputs that are susceptible to code injection attacks.

Insights provided by the penetration test can be used to fine-tune your WAF security policies and patch detected vulnerabilities.

The goal of this testing is to find all the security vulnerabilities that are present in the system being tested. Vulnerability is the risk that an attacker can disrupt or gain unauthorized access to the system or any data.

Vulnerabilites are usually introduced by accident during software development and implementation phase. Common vulnerabilities include design errors, configuration errors, software bugs etc. Penetration Analysis depends upon two mechanisms namely  - Vulnerability Assessment and Penetration Testing ( VAPT).

Types of Penetration Testing :

There are three types of penetration testing and they are:

1. Black Box Testing 

In black-box penetration testing, a tester has no knowledge about the systems to be tested. He is responsible to collect information about the target network or system.

2. White Box Testing 

In white-box penetration testing, the tester is usually provided with complete information about the network or systems to be tested including the IP address schema, source code, OS details, etc. This can be considered as a simulation of an attack by any internal sources

(Employees of an Organization).

3. Grey Box Testing

In a grey box penetration testing, a tester is provided with partial knowledge of the system. It can be considered as an attack by an external hacker who had gained illegitimate access to an organization's network infrastructure documents.

How to do Penetration Testing ?

Penetration Testing Stages :

Penetration Testing can be broken down in to 5 phases .The five phases are:

1. Planning and Reconnaissance

Defining the scope and goals of a test, including the systems to be addressed and the testing methods to be used.

Gathering intelligence (e.g., network and domain names, mail server) to better understand how a target works and its potential vulnerabilities. Collect information as much as possible about the system including data in the system, username and even passwords. This is also called as Fingerprinting.

2. Scanning (Discovery Phase)

The next step is to understand how the target application will respond to various intrusion attempts. This is typically done using:

Static analysis – Inspecting an application’s code to estimate the way it behaves while running. These tools can scan the entirety of the code in a single pass.

Dynamic analysis – Inspecting an application’s code in a running state. This is a more practical way of scanning, as it provides a real-time view into an application’s performance.

3. Gaining Access (Attack Phase)

This stage uses web application attacks, such as cross-site-scripting (XSS), SQL Injection and Backdoors, to uncover a target’s vulnerabilities. Testers then try and exploit these vulnerabilities, typically by escalating privileges, stealing data, intercepting traffic, etc., to understand the damage they can cause.

4. Maintaining access

The goal of this stage is to see if the vulnerability can be used to achieve a persistent presence in the exploited system— long enough for a bad actor to gain in-depth access. The idea is to imitate advance persistent system which often remain in a system for months in order to steal an organization’s most sensitive data.

5. Analysis (Reporting Phase)

The results of the penetration test are then compiled into a report detailing:

Specific vulnerabilities that were exploited

Sensitive data that was accessed
The amount of time the pen tester was able to remain in the system undetected

Which Tools are used for Penetration Testing ?

There are many tools that are used in penetration testing , every tool has its own use cases. Some of the popular tools used are:

1. Nmap

2. Nessus
3. Burp Suite
4. Wireshark
5. Metasploit