Skip to main content
main-content

Über dieses Buch

Penetration testing is the act of attempting to break into systems, networks, and software in order to determine where the bad guys might get in. By reading this book, you'll gain the foundations of a simple methodology used to perform penetration testing on systems and networks for which you are responsible.

Penetration Testing Basics explains:
How to identify security vulnerabilities
How to use some of the top security tools in order to identify holes
How to read reports from testing tools
Common vulnerability types and attacks
Common web-based attacks and exposures as well as recommendations for closing those holes



Inhaltsverzeichnis

Frontmatter

Chapter 1. What Is Penetration Testing?

Abstract
Penetration testing is an art. You can learn a lot of techniques and understand all of the tools, but the reality is that software is complex, especially when you start putting a lot of software systems together. It’s that complexity that means that there is no one-size-fits-all solution when it comes to finding ways to get into systems. An attack that may work against one Web server may not work for the same Web server running on a different system. Sometimes, you can try a particular attack a number of times without success before it suddenly starts working and you find a way to break into the system. A skilled and successful penetration tester has not only the technical skills necessary to run the tools and understand what is happening, but also the creativity necessary to try different approaches.
Ric Messier

Chapter 2. Digging for Information

Abstract
The first step along our path to system conquest is digging up information on the target. Fortunately, in the connected age that we live in, there is a lot of information that is available online somewhere if you know how and where to look for it. The easy availability of information means that there is a lot of it easily available. Of course, there are privacy issues related to all of the information that is so easily available, but for the moment we aren’t concerned about privacy. In fact, we will be grateful for the free-flowing information that you will find you have access to without having to resort to any trickery, deceit, or law breaking. Not even any potential law breaking. You may be aware of stories of dumpster diving and other means of obtaining information from the days long before information became so free and easy to come by. These sorts of tactics are almost entirely unnecessary.
Ric Messier

Chapter 3. What’s Open?

Abstract
Commonly at this point, whether you were provided some starting places or you figured some out as you were poking around in Google or the Internet registries, you have at least some IP addresses or maybe hostnames to work with. In either case, the domain name system (DNS) is one of the next steps. At a minimum, having a better understanding of the structure and use of DNS is important. The DNS is where Internet Protocol (IP) addresses are mapped to hostnames and vice versa. There are some really useful tools that are commonly used when prowling around DNS, and we’re going to take a look at those tools, since you likely want to figure out in more detail just what you are looking at and where it might be.
Ric Messier

Chapter 4. Vulnerabilities

Abstract
If you have been following along from chapter to chapter, you now have some IP addresses for systems that are responding to connection attempts. You also have a list of ports that are open on those systems. The next thing you want to do is figure out exactly how you might be able to get into those systems. You need to know what vulnerabilities might be associated with the applications behind those ports.
Ric Messier

Chapter 5. Exploitation

Abstract
In penetration testing, exploitation is where the rubber meets the road, so to speak. It’s what most penetration testers see as the ultimate prize. Exploitation is where you do the “penetration” part of penetration testing. This assumes that you are able to find a vulnerability to exploit, of course. And just because you found a vulnerability is no guarantee that you will be able to make use of it to exploit the system. And, what does exploiting a vulnerability look like, anyway? You may imagine what the result of an exploit looks like. It is commonly portrayed in fiction as giving you some form of interface to the computer, most commonly a remote desktop just like the normal user of the computer would see. In a modern world of graphical user interfaces, though, desktop access does not necessarily mean that you will get to see an entire graphical desktop. If you do happen to get interactive access, it’s more likely that you will be getting some form of command line access that lets you move around the computer file system and run program utilities. This means that you will need to know how to interact with the system once you get in. If you are used to primarily using a mouse and Windows to control whatever system you are working on, it’s time to bone up on some command line skills.
Ric Messier

Chapter 6. Breaking Web Sites

Abstract
When doing a penetration testing assignment, Web applications will often be the site of the bulk of your findings. Web applications are especially vulnerable because they are often not protected in the same way that other services may be. When an organization places a system into its infrastructure, that system will generally be behind a firewall. This may be a network firewall, or it may be a host firewall that resides on the system itself. The thing about Web applications is that they are programs that sit on open ports. They are specifically exposed through the firewall because the very point of their existence is to be there to service users on the other side of the firewall. This is not at all the same as having a fileshare port open to users inside the company since, while there may be malicious users on the inside, the population is much smaller and easier to keep an eye on.
Ric Messier

Chapter 7. Reporting

Abstract
Pick a cliché that makes sense here. Where the rubber meets the road, for instance. Reporting is where it really all happens. You can spend days or weeks doing the actual testing, but if you don’t report it, what was the point? When you are trying to get the attention of someone who may actually be able to fix the issues that you found, you need to deliver a professional presentation and be able to explain the issues in a very clear manner. It’s important to convey your findings in an objective fashion so someone who doesn’t understand information security will be able to comprehend what you are saying. They also need to be clear about what you believe should be done as a result of what you found. Indicating how to fix the problem is where you can really add value. If you just toss a report on someone’s desk explaining where they have a lot of problems and then leave, you aren’t being very helpful to them, though they will have a report that they can use against an audit. In the end, though, just being able to say that they did a penetration test to get an audit checkmark isn’t going to be helpful. In six months or a year when they run the test again for their audit requirements, the findings will still be there, and a decent auditor will make note of that.
Ric Messier

Backmatter

Weitere Informationen

Premium Partner

    Bildnachweise