Penetration Testing ~ Tools, Notes, Cheatsheets, More..
- Before selecting a suitable provider, it’s important to be familiar with the types of pen test available, as engagements vary in focus, depth and duration.
-
Internal/External Infrastructure Penetration Testing
- An assessment of on-premise and cloud network infrastructure, including firewalls, system hosts and devices such as routers and switches.
- Can be framed as either an internal penetration test, focusing on assets inside the corporate network, or an external penetration test, targeting internet-facing infrastructure.
- To scope a test, you will need to know the number of internal and external IPs to be tested, network subnet size and number of sites.
-
- A test that specifically targets an organisation’s WLAN (wireless local area network), as well as wireless protocols including Bluetooth, ZigBee and Z-Wave.
- Helps to identify rogue access points, weaknesses in encryption and WPA vulnerabilities.
- To scope an engagement, testers will need to know the number of wireless and guest networks, locations and unique SSIDs to be assessed.
-
- An assessment of websites and custom applications delivered over the web, looking to uncover coding, design and development flaws that could be maliciously exploited.
- Before approaching a testing provider, it’s important to ascertain the number of apps that need testing, as well as the number of static pages, dynamic pages and input fields to be assessed.
-
- The testing of mobile applications on operating systems including Android and iOS to identify authentication, authorisation, data leakage and session handling issues.
- To scope a test, providers will need to know the operating system types and versions they’d like an app to be tested on, number of API calls and requirements for jailbreaking and root detection.
-
Build and Configuration Review
- Review of network builds and configurations to identify misconfigurations across web and app servers, routers and firewalls.
- The number of builds, operating systems and application servers to be reviewed during testing is crucial information to help scope this type of engagement.
- The list below outlines the most popular penetration testing types as well as the information commonly requested by pen test providers to help scope an assessment.
- Pen tests vary in focus, duration, depth and secrecy, so it’s important to ensure that any details supplied are correct in order to receive an accurate quotation.
- An assessment of internal and external network infrastructure designed to test on-premise and cloud networks, firewalls, system hosts, and devices such as routers and switches.
- Information required to scope a network pen test:
- • Number of external IPs to be tested and number of those that are live
- • Number of internal IPs and internal hosts to be tested
- • Subnet size of network(s)
- • Number of physical locations
- Information required to scope a network pen test:
- A test of an organisation’s wireless local area network (WLAN) and/or wireless protocols, including Bluetooth, ZigBee and Z-Wave. Helps to identify rogue access points, weaknesses in encryption and WPA vulnerabilities.
- Information required to scope a wireless pen test:
- • Number of wireless networks to be tested
- • Whether guest WiFi is included
- • Number and locations of sites
- • Number of unique SSIDs
- Information required to scope a wireless pen test:
- A test of websites and custom web applications delivered over the internet, seeking to identify issues resulting from weaknesses in design, coding and development practices.
- Information required to scope a web app test:
- • Number and type of web applications to be tested
- • Whether test will be authenticated
- • Preference for onsite or remote testing
- • Number of static and dynamic pages
- • Number of user input fields
- Information required to scope a web app test:
- Testing of mobile applications across mobile operating systems such including Android, iOS, Windows and Blackberry, to identify issues with authentication, authorisation, data leakage and session handling.
- Information required to scope a mobile app test:
- • Number and type of mobile apps to be tested
- • Operating system eg. iOS, Android, Windows, BlackBerry
- • Minimum version of operating system required to run application(s)
- • Whether app communicates with a server and number of API calls
- • Requirements for jailbreak/root detection bypass testing
- Information required to scope a mobile app test:
- Review of network builds and configurations to identify misconfigurations across web and app servers, routers and firewalls.
- Information required to scope a build and configuration review:
- • Number and location of build(s) in question
- • Operating system eg. Windows, Linux, Unix
- • Number of application servers/services to be reviewed alongside build
- • Possibilities for providing remote access
- Information required to scope a build and configuration review: