SlideShare a Scribd company logo
1 of 18
Download to read offline
Security Services
  Description
Table of Contents
NETWORK PENETRATION TEST ...................................................................................................... 3
  WHY? ................................................................................................................................................................. 3
  METHODOLOGY ................................................................................................................................................ 3
    Footprinting / Network Mapping ............................................................................................................3
    Scanning and enumeration.........................................................................................................................4
    Vulnerability Analysis....................................................................................................................................7
    Exploitation ........................................................................................................................................................8
    Reporting.............................................................................................................................................................9
WEB APPLICATION PENETRATION TEST..................................................................................... 9
 WHY? ................................................................................................................................................................ 9
 METHODOLOGY ...........................................................................................................................................10
    Configuration Management Analysis .................................................................................................. 10
    Analysis of Authentication ....................................................................................................................... 11
    Session Management Analysis ................................................................................................................ 11
    Analysis of Authorization ......................................................................................................................... 12
    Data Validation Analysis........................................................................................................................... 12
    Analysis of Web Services ........................................................................................................................... 13
    Reporting.......................................................................................................................................................... 13

APPENDIX A: TYPES OF PENETRATION TESTS……………………………………………………...……….15




                      Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved.
                       http://www.cyber51.co.uk | Email: info@cyber51.co.uk
Network Penetration Test

Why?

Individuals and businesses enjoy and rely on modern communication
methods, collaboration services and benefit from new opportunities
the Internet age has created. However, Cyber Crime is on the rise too
and has led governments to form complete new authorities to tackle
Cyber Warfare and malicious activity. We at Cyber 51 play our part in
making the Internet and modern communications a more secure
space.

Hackers attack both private and corporate systems on a daily basis.
The attacker can be stationed anywhere in the world and needs just
internet access and the appropriate tools. The threat is real and it
happens thousands of times a day. Many attacks take place
undetected and result in the theft and destruction of valuable data.

The solution: Penetration Tests and Network Security Audits. Cyber 51
will, with the legal permission of the network owner, attack customer
systems in the same way as a Hacker. In doing so, Cyber 51 is able to
expose security holes in the system.

The benefit: The customer is made aware of the Security holes that exist
and could be exploited by a hacker with malicious intent to gain
unauthorized access to the customer network. In addition, Cyber 51 will
prepare a plan of action and, if the customer wishes, implement the
closure of these holes.

Methodology

Footprinting / Network Mapping

The process of footprinting is a completely non‐intrusive activity
performed in order to get the maximum possible information available
about the target organization and its systems using various means, both
technical as well as non‐technical. This involves searching the internet,
querying various public repositories (whois databases, domain
registrars, Usenet groups, mailing lists, etc.).

Also, our Security Testing Consultants will look to obtain as much detail
as possible of the current topology and network profile. This can consist
of information around IP addressing, gathering public domain
information about the business, Ping sweeps, port scanning etc.

         Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved.
          http://www.cyber51.co.uk | Email: info@cyber51.co.uk
This information is then compiled and subsequently analyzed for further
areas of investigation.

      Information Gathering

         o Expected results

                •   Domain names

                •   Servers names

                •   IP addresses

                •   Network Topology

                •   Information about ISP

                •   Internet presence

                •   Company Profile



         o Tasks:

                •   Examine and gather information about domain
                    registries.

                •   Find IP addresses Blocks

                •   Names and locations of DNS servers

                •   Use of multiple traces in order to identify systems and
                    devices between.

                •   Identify email addresses related to the company.

                •   Identify newsgroups, Forums and boards where
                    information related to the company is located.

                •   Examine web pages and scripts source codes

                •   Examine email headers



Scanning and enumeration

The scanning and enumeration phase will comprise of identifying live
systems, open / filtered ports found, services running on these ports,

          Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved.
           http://www.cyber51.co.uk | Email: info@cyber51.co.uk
mapping router / firewall rules, identifying the operating system details,
network path discovery, etc.

This phase involves a lot of active probing of the target systems.

After successfully identifying the open ports, services behind them will
be fingerprinted, either manually or by using readily available tools.
Then, the penetration tester will confirm the exact name and version of
the services running on the target system and the underlying Operating
System before including the same in the final report.

      Services identification on systems

          o Expected Results

                    • Ports open, closed and filtered

                    • IP addresses of live systems

                    • IP addresses of internal networks

                    • Asset Services

                    • Map the Network

                    • List tunneled and encapsulated protocols
                    discovered

                    • List supported routing protocols

                    • Application type and patch level

                    • Type of operating systems

          o Tasks

                    • Collection of responses from network

                    • Test TTL / firewalking firewall

                    • Use ICMP and reverse lookup to determine the
                    existence of machines on network

                    • Use TCP fragments with FIN, NULL and XMAS on
                    ports 21, 22,25,80 and 443 of the hosts found on the
                    network

                    • Use TCP SYN on ports 21, 22, 25.80 and 443 of the
                    hosts found on the network.


          Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved.
           http://www.cyber51.co.uk | Email: info@cyber51.co.uk
• Attempt connections on DNS servers

                 • Use TCP SYN (half open) to list ports that are closed
                 or open filtered all hosts on the network found

                 • Use TCP fragments to ports and services available
                 in the host

                 • Use UDP packets to list all open ports found on the
                 network host

                 • Try to identify the Standard protocols

                 • Try to identify non-standard protocols

                 • Try to identify encrypted protocols

                 • Identify date, time and System Up-Time

                 • Identify the predictability of TCP sequence
                 numbers

                 • Identify the predictability of TCP sequence number
                 ISN

   Service identification:

       o Expected Results

                 • Type of services

                 • Application version and type that offers the service

       o Tasks

                 • Match each open port with its corresponding
                 service

                 • Identify the Server Up-Time and patches applied

                 • Identify the application that provides the service
                 through the use of fingerprinting and banners

                 • Identify the version of the application

                 • Use UDP based services and Trojans attempt to
                 make connections to the services found

   System Identification:


       Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved.
        http://www.cyber51.co.uk | Email: info@cyber51.co.uk
o Expected Results

                    • Type of operating system

                    • Patch Level

                    • Type of system

                    • Enumeration System

          o Tasks

                    • Examine system responses to determine your
                    operating system

                    • Check the prediction of TCP sequence numbers

Vulnerability Analysis

After successfully identifying the target systems and gathering the
required details from the above phases, a penetration tester will try to
find any possible vulnerabilities existing in each target system.

During this phase a penetration tester will use automated tools to scan
the target systems for known vulnerabilities. These tools have their own
databases consisting of latest vulnerabilities and their details.

During this phase a penetration tester will also test the systems by
supplying invalid inputs, random strings, etc., and check for any errors
or unintended behaviours in the system output.

By doing so there are many possibilities that the penetration tester may
come across unidentified vulnerabilities.

Penetration tester will not to rely only on automated tools for this
activity

      Vulnerability testing

          o Expected Results

                    • Type of applications and services listed by
                    vulnerability

                    • Patch Level of systems and applications

                    • List of vulnerabilities that can cause denial of
                    service

                    • List of areas secured by obscurity

          Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved.
           http://www.cyber51.co.uk | Email: info@cyber51.co.uk
o Tasks

                     • Integrate the most popular scanners, hacking tools
                     and exploits in this test

                     • Measure the goal with these tools

                     • Try to identify vulnerabilities in a system and
                     application type d

                     • Perform redundant testing with at least two of the
                     most popular scanners

                     • Identify the vulnerabilities of the operating system

                     • Identify application vulnerabilities

                     • Check the vulnerabilities found by using exploits

Exploitation

During this phase a penetration tester will try to find exploits for the
various vulnerabilities found in the previous phase.

Quite often, successful exploitation of vulnerability might not lead to
root (administrative) access. In such a scenario additional steps need
to be taken, further analysis is required to access the risk, that particular
vulnerability may cause to the target system.

Example attack scenarios in this phase include, but aren’t limited to;



      buffer overflows

      application or system configuration problems

      modems

      routing issues

      DNS attacks

      address spoofing

      share access and exploitation of inherent system trust
       relationships.




          Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved.
           http://www.cyber51.co.uk | Email: info@cyber51.co.uk
Potential vulnerabilities will be systematically tested for weakness and
overall risk. The strength of captured password files will be tested using
password-cracking tools. Individual user account passwords may also
be tested using dictionary-based, automated login scripts. In the event
that an account is compromised, we will attempt to elevate privileges
to that of super user, root, or administrator level.

Our Security Consultants will maintain detailed records of all attempts
to exploit vulnerabilities and activities conducted during the attack
phase.

Reporting

The last phase in the entire activity is the reporting phase. This phase
can occur in parallel to the other three stages or at the end of the
Attack stage.

The final report will be prepared keeping in mind both Management as
well as Technical aspects, detailing all the findings with proper graphs,
figures, etc. so as to convey a proper presentation of the vulnerabilities
and it’s impact to the business of the target organization.

An executive summary, describing in brief, the activities performed,
findings, and high-level recommendations will be provided.

Also detailed technical descriptions of the vulnerabilities and the
recommendations to mitigate them will be documented in this report.
All the security holes found and exploited will be accompanied with
proper Proof‐of‐Concept by means of screenshots of the successful
exploits, or any other such methods.

This report will consist in an Executive report containing, without to be
limited to: conclusions, recommendations, statistics, and hacking
methodology brief, and a Technical Report containing without to be
limited to: Information Gathering, Network Information, Analysis and
Attack results of accomplished tasks.



Web Application Penetration Test

Why?

Web applications have become increasingly vulnerable to different
forms of hacker attacks. According to a Gartner Report, 75% of attacks
today occur at the application level. A Forrester survey states that
“people are now attacking through applications, because it’s easier

          Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved.
           http://www.cyber51.co.uk | Email: info@cyber51.co.uk
than through the network layer.”

Despite common use of defenses such as firewalls and intrusion
detection or prevention systems, hackers can access valuable
proprietary and customer data, shutdown websites and servers and
defraud businesses, as well as introduce serious legal liability without
being stopped or, in many cases, even detected.

To counter this problem, Cyber 51 Ltd. offers a comprehensive security
risk assessment solution - Web Application Penetration Testing - to
identify, analyze and report vulnerabilities in a given application. As
part of this service, Cyber 51 Ltd. attempts to identify both inherent and
potential security risks that might work as entry points for the hacker.
We believe vulnerabilities could be present in a web application due
to inadvertent flaws left behind during development, security issues in
the underlying environment and misconfigurations in one or more
components like database, web server etc.

When conducting a Web Application Penetration Testing assignment,
Cyber 51 Ltd. adopts a strong technology and process-based
approach supported by a well-documented methodology to identify
potential security flaws in the application and underlying environment.
Adherence to industry standards such as OWASP, customized tests
based on technology and business logic, skilled and certified security
engineers, risk assessment on the vulnerabilities found, scoring system
based on CVSS (Common Vulnerability Scoring System) make us
different from the other vendors in this space.

Customers would benefit from web application penetration testing on
the application as it gives an in-depth analysis of your current security
posture, recommendations for reducing exposure to currently identified
vulnerabilities are highlighted and it allows the customer to make more
informed decisions, enabling management of the company’s exposure
to threats. The security assessment report submitted on completion of
the engagement provides a detailed and prioritized mitigation plan to
help customers in addressing security issues in a phased manner.

Methodology

Configuration Management Analysis

The infrastructure used by the Web application will be evaluated from
a security perspective.

The tests to be performed are as follows:

• TLS and SSL tests.


          Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved.
           http://www.cyber51.co.uk | Email: info@cyber51.co.uk
• Security Testing over the listener of management system databases.

• Testing the configuration of the infrastructure and its relationship with
the Web application, vulnerability analysis, analysis of authentication
mechanisms and identification of all the ports used by the Web
application.

• Testing the application settings, search through directories and
regular files, comments from developers and the eventual acquisition
and operational analysis of logs generated by the application.

• Searching for old files, backups, logs of operations and other files
used by the Web application.

• Search and test management interfaces or web application related
infrastructure.

• Test various HTTP methods supported and the possibilities of XST
(Cross-Site Tracing).



Analysis of Authentication

We will evaluate the various mechanisms and aspects of the web
application authentication.

The tests to be performed are as follows:

• Credentials management

• Enumeration of users and user accounts easily identifiable.

• Proof of identification credentials brute force, based on information
found or inferred.

• Testing the authentication mechanisms looking for evasion

• Logouts mechanisms and weaknesses associated with the Internet
browser cache.

• Strength tests over captchas and test multi-factor authentication.

Session Management Analysis

We will evaluate the different mechanisms and management aspects
of web application sessions.

The tests to be performed are as follows:


          Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved.
           http://www.cyber51.co.uk | Email: info@cyber51.co.uk
• Session management scheme will be tested.

• CSRF (Cross-Site Request Forgery).

• Test attributes Cookies.

• Setting sessions.

• Evidence of attributes exposed session and repetition.

Analysis of Authorization

We will evaluate the various mechanisms and aspects of web
application authorization.

The tests to be performed are as follows:

• Privilege escalation.

• "Path Traversal".

• Evidence of evasion of clearance mechanisms.

• Testing the "business logic" of the Web application, avoiding, altering,
or cheating their relationships within the application.

Data Validation Analysis

We will evaluate the various repositories, access and protection
mechanisms related to the validation of data used by the Web
application.

The tests to be performed are as follows:

• Test various XSS (Cross Site Scripting) and "Cross Site Flashing."

• SQL Injection tests.

• LDAP injection tests.

• Evidence of ORM injection.

• XML Injection tests.

• SSI injection testing.

• Testing XPath Injection.

• Injection Test IMAP / SMTP.


          Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved.
           http://www.cyber51.co.uk | Email: info@cyber51.co.uk
• Evidence Code Injection.

• Injection Test Operating System Commands.

• Evidence of buffer overflow.

• Evidence of Splitting / Smuggling of HTTP.

• Evidence of evasion of clearance mechanisms.

• Evidence of privilege escalation.

Analysis of Web Services

We will evaluate the web application services related to SOA (Service
Oriented Architecture):

The tests to be performed are as follows:

• Security testing of WSDL.

• Evidence of structural Security of XML.

• Testing of security at XML content.

• Test HTTP GET parameters / REST.

• Tests with contaminated SOAP attachments.

• Repeat testing of web services.

• Testing AJAX Web application vulnerabilities regarding this
technology.

Reporting

The last phase in the entire activity is the reporting phase. This phase
can occur in parallel to the other three stages or at the end of the
Attack stage.

The final report will be prepared keeping in mind both Management as
well as Technical aspects, detailing all the findings with proper graphs,
figures, etc. so as to convey a proper presentation of the vulnerabilities
and it’s impact to the business of the target organization.

An executive summary, describing in brief, the activities performed,
findings, and high level recommendations will be provided.

Also detailed technical descriptions of the vulnerabilities and the
recommendations to mitigate them will be documented in this report.

          Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved.
           http://www.cyber51.co.uk | Email: info@cyber51.co.uk
All the security holes found and exploited will be accompanied with
proper Proof‐of‐Concept by means of screenshots of the successful
exploits, or any other such methods.

This report will consist in an Executive report containing, without to be
limited to: conclusions, recommendations, statistics, and hacking
methodology brief, and a Technical Report containing without to be
limited to: Information Gathering, Network Information, Analysis and
Attack results of accomplished tasks.




          Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved.
           http://www.cyber51.co.uk | Email: info@cyber51.co.uk
Penetration Testing

Any of our Penetration Tests can contain one or more modules as listed
below. We will tailor any Penetration Test to your individual business
needs.


Internet Security Assessment

Any device with access to the Internet is a potential open door to
would-be hackers. We provide vulnerability assessments during which
we closely map the network architecture, examine all open ports, hosts
and services with access to the Web, and ensures that these network
devices are secure. Defensive thinking gathers information such as
domain names, IP network ranges, operating system and applications,
to identify systems on the network, how they are related, the services
that are exposed through open ports (such as http, SMTP, terminal
services, etc.). Once open ports and attached services are identified,
we determine whether each service has been updated with the most
recent patches and identifies other vulnerabilities located within the
exposed services. In addition to conducting vulnerability assessments,
we perform more rigorous penetration tests in which the information
gathered from the assessment is used to attempt to penetrate the
network. This more thorough procedure can confirm whether potential
vulnerabilities are, in fact, capable of being exploited to expose the
network. Following all vulnerability assessments and penetration tests,
we use the information we gather to prepare a thorough vulnerability
analysis and offers recommendations for strengthening network
security.


Intranet Security Assessment

While outside threats must be guarded against, business must also
protect against potential threats from within their own networks. Using
many of the same techniques and procedures for Internet Security
Testing, we provide Intranet risk assessment and analysis to protect
against the potential threat posed by insiders. Depending on the
client’s needs, intranet testing can be performed by us under varying
degrees of disclosure of network information from the client, for
example with or without network accounts.




         Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved.
          http://www.cyber51.co.uk | Email: info@cyber51.co.uk
Dial-in RAS Security Assessment

Dial-in links pose a potential threat to the integrity of the network
security system. We examine dial-up connections that allow employees
to access the network through public telephone lines or other dial-up
connections. Given a range of telephone exchanges that may include
modems, we can identify target numbers that allow for remote access.
Using these numbers, we attempt to exploit vulnerabilities in the system
and gain access to the network. We can also assess risks posed by the
exposure of dial-up connections to the public telephone network
which might undermine the client’s own internal security architecture.


Web Application Assessment

This assessment examines what services are being offered on Web-
based portals and e-commerce applications to examine potential
vulnerabilities with respect to authentication, authorization, data
integrity, data confidentiality, and consumer privacy concerns. We can
test these applications using either zero-knowledge testing or full-
access testing to examine the full range of potential vulnerabilities. We
also conduct source code audits to identify any potential vulnerability
among the applications and scripts that are accessible through the
Web.


Wireless Assessment

Wireless networks, while highly convenient, present additional security
threats since the wireless signals are not limited by the physical
boundaries of a traditional network. We evaluate how to prevent
wireless communications from being exposed to eavesdropping and
access by unauthorized intruders. Additionally, we examine the
enterprise infrastructure for unencrypted or standard WEP enabled
access points that may be vulnerable in order to ensure the security of
the network.




         Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved.
          http://www.cyber51.co.uk | Email: info@cyber51.co.uk
Social Engineering Assessment

Social engineering involves manipulating and/or deceiving company
employees and other human resources to gain unauthorized access to
a network or to confidential information. We are a premier consulting
firm in our ability to identify weak links in the security chain through
exploitation of human vulnerabilities. We leverage our unparalleled
expertise in this field to expose what is often the weakest link in the
information security apparatus: the human element. Once individual or
systemic weaknesses are identified, we recommend procedures
designed to ensure that employees do not divulge information that
could compromise company assets. The social engineering assessment
not only uses tactics intended to gain confidential information, but also
to induce unsuspecting employees to create vulnerabilities that can
subsequently be exploited to gain access to confidential information.


Telecommunications Assessment

We have unique experience testing vulnerabilities in private bank
exchanges that operate company voicemail and messaging systems.
Unauthorized access to these systems can allow an intruder to
eavesdrop on and manipulate employee voicemail messages, initiate
outgoing calls from internal company lines, and access corporate
telephone networks and directories.


Database Assessment

Client lists, credit card records, and other confidential information held
in databases must be given particular protection from unauthorized
disclosure. We test database integrity to determine whether any
vulnerability may compromise this sensitive information.


Physical Security Assessment

Access to confidential information can often be obtained by simply
gaining physical access to company premises. We conducts on-site
surveillance to assess physical security and uses social engineering,
pass key duplication, and other techniques designed to gain physical
entry into secure areas and the network system.




          Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved.
           http://www.cyber51.co.uk | Email: info@cyber51.co.uk
Forensic Analysis

In addition to preventing future attacks, we can conduct forensic
analysis to evaluate past security breaches. This analysis examines log
reports, compares backups to identify modifications to the network,
and investigates the introduction of foreign software tools to help
identify intruders, determine the extent to which the network has been
compromised, and mitigate potential damages from the intrusion.


Intrusion Investigation

We can investigate documented intrusion attempts in to your network
and situations where data was actually compromised. Through
investigation, you can find the source of the attack, the techniques
used, and how to correct these flaws. While it is always best to stop
attacks before they happen, it is important to investigate any possible
compromise of your intellectual property.




          Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved.
           http://www.cyber51.co.uk | Email: info@cyber51.co.uk

More Related Content

What's hot

Module 5 Sniffers
Module 5  SniffersModule 5  Sniffers
Module 5 Sniffersleminhvuong
 
Unit 3:Enterprise Security
Unit 3:Enterprise SecurityUnit 3:Enterprise Security
Unit 3:Enterprise Securityprachi67
 
Firewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth FirewallsFirewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth Firewallsphanleson
 
Vulnerabilities in IP Protocols
Vulnerabilities in IP ProtocolsVulnerabilities in IP Protocols
Vulnerabilities in IP Protocolsbabak danyal
 
Ceh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingCeh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingVi Tính Hoàng Nam
 
Barriers to TOR Research at UC Berkeley
Barriers to TOR Research at UC BerkeleyBarriers to TOR Research at UC Berkeley
Barriers to TOR Research at UC Berkeleyjoebeone
 
IPsec Basics: AH and ESP Explained
IPsec Basics: AH and ESP ExplainedIPsec Basics: AH and ESP Explained
IPsec Basics: AH and ESP ExplainedAndriy Berestovskyy
 
Ceh v5 module 20 buffer overflow
Ceh v5 module 20 buffer overflowCeh v5 module 20 buffer overflow
Ceh v5 module 20 buffer overflowVi Tính Hoàng Nam
 
Module 4 Enumeration
Module 4   EnumerationModule 4   Enumeration
Module 4 Enumerationleminhvuong
 
Entropy and denial of service attacks
Entropy and denial of service attacksEntropy and denial of service attacks
Entropy and denial of service attackschris zlatis
 
Module 2 Foot Printing
Module 2   Foot PrintingModule 2   Foot Printing
Module 2 Foot Printingleminhvuong
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Communityamiable_indian
 
Network sniffers & injection tools
Network sniffers  & injection toolsNetwork sniffers  & injection tools
Network sniffers & injection toolsvishalgohel12195
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsJoseph Bugeja
 
Password sniffing
Password sniffingPassword sniffing
Password sniffingSRIMCA
 
Ethical hacking Chapter 6 - Port Scanning - Eric Vanderburg
Ethical hacking   Chapter 6 - Port Scanning - Eric VanderburgEthical hacking   Chapter 6 - Port Scanning - Eric Vanderburg
Ethical hacking Chapter 6 - Port Scanning - Eric VanderburgEric Vanderburg
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selectionamiable_indian
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolIssar Kapadia
 

What's hot (20)

Module 5 Sniffers
Module 5  SniffersModule 5  Sniffers
Module 5 Sniffers
 
Unit 3:Enterprise Security
Unit 3:Enterprise SecurityUnit 3:Enterprise Security
Unit 3:Enterprise Security
 
Firewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth FirewallsFirewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth Firewalls
 
Vulnerabilities in IP Protocols
Vulnerabilities in IP ProtocolsVulnerabilities in IP Protocols
Vulnerabilities in IP Protocols
 
Ceh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingCeh v5 module 10 session hijacking
Ceh v5 module 10 session hijacking
 
Barriers to TOR Research at UC Berkeley
Barriers to TOR Research at UC BerkeleyBarriers to TOR Research at UC Berkeley
Barriers to TOR Research at UC Berkeley
 
IPsec Basics: AH and ESP Explained
IPsec Basics: AH and ESP ExplainedIPsec Basics: AH and ESP Explained
IPsec Basics: AH and ESP Explained
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
 
Ceh v5 module 20 buffer overflow
Ceh v5 module 20 buffer overflowCeh v5 module 20 buffer overflow
Ceh v5 module 20 buffer overflow
 
Module 4 Enumeration
Module 4   EnumerationModule 4   Enumeration
Module 4 Enumeration
 
Entropy and denial of service attacks
Entropy and denial of service attacksEntropy and denial of service attacks
Entropy and denial of service attacks
 
Sniffing via dsniff
Sniffing via dsniffSniffing via dsniff
Sniffing via dsniff
 
Module 2 Foot Printing
Module 2   Foot PrintingModule 2   Foot Printing
Module 2 Foot Printing
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Community
 
Network sniffers & injection tools
Network sniffers  & injection toolsNetwork sniffers  & injection tools
Network sniffers & injection tools
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting Tools
 
Password sniffing
Password sniffingPassword sniffing
Password sniffing
 
Ethical hacking Chapter 6 - Port Scanning - Eric Vanderburg
Ethical hacking   Chapter 6 - Port Scanning - Eric VanderburgEthical hacking   Chapter 6 - Port Scanning - Eric Vanderburg
Ethical hacking Chapter 6 - Port Scanning - Eric Vanderburg
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selection
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection tool
 

Similar to Penetration Testing Services Technical Description Cyber51

An Toan Thong Tin.pptx
An Toan Thong Tin.pptxAn Toan Thong Tin.pptx
An Toan Thong Tin.pptxVuongPhm
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysJoff Thyer
 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesSam Bowne
 
chapter-4-networking hjgjjgj did hfhhfhj
chapter-4-networking hjgjjgj did hfhhfhjchapter-4-networking hjgjjgj did hfhhfhj
chapter-4-networking hjgjjgj did hfhhfhjAmitDeshai
 
Anonymous Security Scanning and Browsing
Anonymous Security Scanning and BrowsingAnonymous Security Scanning and Browsing
Anonymous Security Scanning and BrowsingAbhilash Venkata
 
Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP FRSecure
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber securityKAMALI PRIYA P
 
Network Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxNetwork Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxtalkaton
 
Network Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdfNetwork Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdftalkaton
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
Cyberscout Presentation
Cyberscout PresentationCyberscout Presentation
Cyberscout PresentationFiroze Hussain
 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence Sam Bowne
 
CNIT 121: 9 Network Evidence
CNIT 121: 9 Network EvidenceCNIT 121: 9 Network Evidence
CNIT 121: 9 Network EvidenceSam Bowne
 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence Sam Bowne
 
Normalizing Empire's Traffic to Evade Anomaly-Based IDS
Normalizing Empire's Traffic to Evade Anomaly-Based IDSNormalizing Empire's Traffic to Evade Anomaly-Based IDS
Normalizing Empire's Traffic to Evade Anomaly-Based IDSUtku Sen
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51martinvoelk
 

Similar to Penetration Testing Services Technical Description Cyber51 (20)

An Toan Thong Tin.pptx
An Toan Thong Tin.pptxAn Toan Thong Tin.pptx
An Toan Thong Tin.pptx
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
 
Network scan
Network scanNetwork scan
Network scan
 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
 
Security tools
Security toolsSecurity tools
Security tools
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
chapter-4-networking hjgjjgj did hfhhfhj
chapter-4-networking hjgjjgj did hfhhfhjchapter-4-networking hjgjjgj did hfhhfhj
chapter-4-networking hjgjjgj did hfhhfhj
 
Anonymous Security Scanning and Browsing
Anonymous Security Scanning and BrowsingAnonymous Security Scanning and Browsing
Anonymous Security Scanning and Browsing
 
Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber security
 
Network Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxNetwork Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptx
 
Network Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdfNetwork Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdf
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
 
Cyberscout Presentation
Cyberscout PresentationCyberscout Presentation
Cyberscout Presentation
 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence
 
CNIT 121: 9 Network Evidence
CNIT 121: 9 Network EvidenceCNIT 121: 9 Network Evidence
CNIT 121: 9 Network Evidence
 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence
 
Normalizing Empire's Traffic to Evade Anomaly-Based IDS
Normalizing Empire's Traffic to Evade Anomaly-Based IDSNormalizing Empire's Traffic to Evade Anomaly-Based IDS
Normalizing Empire's Traffic to Evade Anomaly-Based IDS
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51
 

More from martinvoelk

Cyber51 Company Presentation Public
Cyber51 Company Presentation PublicCyber51 Company Presentation Public
Cyber51 Company Presentation Publicmartinvoelk
 
Consulting Flyer
Consulting FlyerConsulting Flyer
Consulting Flyermartinvoelk
 
VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51martinvoelk
 
Vulnerability Assesment Subscriptions Cyber51
Vulnerability Assesment Subscriptions Cyber51Vulnerability Assesment Subscriptions Cyber51
Vulnerability Assesment Subscriptions Cyber51martinvoelk
 
Web Application Penetration Test
Web Application Penetration TestWeb Application Penetration Test
Web Application Penetration Testmartinvoelk
 
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51martinvoelk
 
Ppctrainer Offers
Ppctrainer OffersPpctrainer Offers
Ppctrainer Offersmartinvoelk
 
AdWords Training & AdWords Consulting
AdWords Training & AdWords ConsultingAdWords Training & AdWords Consulting
AdWords Training & AdWords Consultingmartinvoelk
 
AdWords Training & AdWords Consulting
AdWords Training & AdWords ConsultingAdWords Training & AdWords Consulting
AdWords Training & AdWords Consultingmartinvoelk
 
Basic Adwords Course Outline
Basic Adwords Course OutlineBasic Adwords Course Outline
Basic Adwords Course Outlinemartinvoelk
 
Pronetexpert Cisco Ccde Bootcamp Training Courses
Pronetexpert Cisco Ccde Bootcamp Training CoursesPronetexpert Cisco Ccde Bootcamp Training Courses
Pronetexpert Cisco Ccde Bootcamp Training Coursesmartinvoelk
 
CCIE Bootcamp Training Courses
CCIE Bootcamp Training CoursesCCIE Bootcamp Training Courses
CCIE Bootcamp Training Coursesmartinvoelk
 
Servicios de la Seguridad delos Redes
Servicios de la Seguridad delos RedesServicios de la Seguridad delos Redes
Servicios de la Seguridad delos Redesmartinvoelk
 
IT Network Security Services
IT Network Security ServicesIT Network Security Services
IT Network Security Servicesmartinvoelk
 
ProNetExpert Cisco Premier Partner & Cisco Learning Partner Associate
ProNetExpert Cisco Premier Partner & Cisco Learning Partner AssociateProNetExpert Cisco Premier Partner & Cisco Learning Partner Associate
ProNetExpert Cisco Premier Partner & Cisco Learning Partner Associatemartinvoelk
 

More from martinvoelk (15)

Cyber51 Company Presentation Public
Cyber51 Company Presentation PublicCyber51 Company Presentation Public
Cyber51 Company Presentation Public
 
Consulting Flyer
Consulting FlyerConsulting Flyer
Consulting Flyer
 
VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51
 
Vulnerability Assesment Subscriptions Cyber51
Vulnerability Assesment Subscriptions Cyber51Vulnerability Assesment Subscriptions Cyber51
Vulnerability Assesment Subscriptions Cyber51
 
Web Application Penetration Test
Web Application Penetration TestWeb Application Penetration Test
Web Application Penetration Test
 
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51
 
Ppctrainer Offers
Ppctrainer OffersPpctrainer Offers
Ppctrainer Offers
 
AdWords Training & AdWords Consulting
AdWords Training & AdWords ConsultingAdWords Training & AdWords Consulting
AdWords Training & AdWords Consulting
 
AdWords Training & AdWords Consulting
AdWords Training & AdWords ConsultingAdWords Training & AdWords Consulting
AdWords Training & AdWords Consulting
 
Basic Adwords Course Outline
Basic Adwords Course OutlineBasic Adwords Course Outline
Basic Adwords Course Outline
 
Pronetexpert Cisco Ccde Bootcamp Training Courses
Pronetexpert Cisco Ccde Bootcamp Training CoursesPronetexpert Cisco Ccde Bootcamp Training Courses
Pronetexpert Cisco Ccde Bootcamp Training Courses
 
CCIE Bootcamp Training Courses
CCIE Bootcamp Training CoursesCCIE Bootcamp Training Courses
CCIE Bootcamp Training Courses
 
Servicios de la Seguridad delos Redes
Servicios de la Seguridad delos RedesServicios de la Seguridad delos Redes
Servicios de la Seguridad delos Redes
 
IT Network Security Services
IT Network Security ServicesIT Network Security Services
IT Network Security Services
 
ProNetExpert Cisco Premier Partner & Cisco Learning Partner Associate
ProNetExpert Cisco Premier Partner & Cisco Learning Partner AssociateProNetExpert Cisco Premier Partner & Cisco Learning Partner Associate
ProNetExpert Cisco Premier Partner & Cisco Learning Partner Associate
 

Penetration Testing Services Technical Description Cyber51

  • 1. Security Services Description
  • 2. Table of Contents NETWORK PENETRATION TEST ...................................................................................................... 3 WHY? ................................................................................................................................................................. 3 METHODOLOGY ................................................................................................................................................ 3 Footprinting / Network Mapping ............................................................................................................3 Scanning and enumeration.........................................................................................................................4 Vulnerability Analysis....................................................................................................................................7 Exploitation ........................................................................................................................................................8 Reporting.............................................................................................................................................................9 WEB APPLICATION PENETRATION TEST..................................................................................... 9 WHY? ................................................................................................................................................................ 9 METHODOLOGY ...........................................................................................................................................10 Configuration Management Analysis .................................................................................................. 10 Analysis of Authentication ....................................................................................................................... 11 Session Management Analysis ................................................................................................................ 11 Analysis of Authorization ......................................................................................................................... 12 Data Validation Analysis........................................................................................................................... 12 Analysis of Web Services ........................................................................................................................... 13 Reporting.......................................................................................................................................................... 13 APPENDIX A: TYPES OF PENETRATION TESTS……………………………………………………...……….15 Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
  • 3. Network Penetration Test Why? Individuals and businesses enjoy and rely on modern communication methods, collaboration services and benefit from new opportunities the Internet age has created. However, Cyber Crime is on the rise too and has led governments to form complete new authorities to tackle Cyber Warfare and malicious activity. We at Cyber 51 play our part in making the Internet and modern communications a more secure space. Hackers attack both private and corporate systems on a daily basis. The attacker can be stationed anywhere in the world and needs just internet access and the appropriate tools. The threat is real and it happens thousands of times a day. Many attacks take place undetected and result in the theft and destruction of valuable data. The solution: Penetration Tests and Network Security Audits. Cyber 51 will, with the legal permission of the network owner, attack customer systems in the same way as a Hacker. In doing so, Cyber 51 is able to expose security holes in the system. The benefit: The customer is made aware of the Security holes that exist and could be exploited by a hacker with malicious intent to gain unauthorized access to the customer network. In addition, Cyber 51 will prepare a plan of action and, if the customer wishes, implement the closure of these holes. Methodology Footprinting / Network Mapping The process of footprinting is a completely non‐intrusive activity performed in order to get the maximum possible information available about the target organization and its systems using various means, both technical as well as non‐technical. This involves searching the internet, querying various public repositories (whois databases, domain registrars, Usenet groups, mailing lists, etc.). Also, our Security Testing Consultants will look to obtain as much detail as possible of the current topology and network profile. This can consist of information around IP addressing, gathering public domain information about the business, Ping sweeps, port scanning etc. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
  • 4. This information is then compiled and subsequently analyzed for further areas of investigation.  Information Gathering o Expected results • Domain names • Servers names • IP addresses • Network Topology • Information about ISP • Internet presence • Company Profile o Tasks: • Examine and gather information about domain registries. • Find IP addresses Blocks • Names and locations of DNS servers • Use of multiple traces in order to identify systems and devices between. • Identify email addresses related to the company. • Identify newsgroups, Forums and boards where information related to the company is located. • Examine web pages and scripts source codes • Examine email headers Scanning and enumeration The scanning and enumeration phase will comprise of identifying live systems, open / filtered ports found, services running on these ports, Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
  • 5. mapping router / firewall rules, identifying the operating system details, network path discovery, etc. This phase involves a lot of active probing of the target systems. After successfully identifying the open ports, services behind them will be fingerprinted, either manually or by using readily available tools. Then, the penetration tester will confirm the exact name and version of the services running on the target system and the underlying Operating System before including the same in the final report.  Services identification on systems o Expected Results • Ports open, closed and filtered • IP addresses of live systems • IP addresses of internal networks • Asset Services • Map the Network • List tunneled and encapsulated protocols discovered • List supported routing protocols • Application type and patch level • Type of operating systems o Tasks • Collection of responses from network • Test TTL / firewalking firewall • Use ICMP and reverse lookup to determine the existence of machines on network • Use TCP fragments with FIN, NULL and XMAS on ports 21, 22,25,80 and 443 of the hosts found on the network • Use TCP SYN on ports 21, 22, 25.80 and 443 of the hosts found on the network. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
  • 6. • Attempt connections on DNS servers • Use TCP SYN (half open) to list ports that are closed or open filtered all hosts on the network found • Use TCP fragments to ports and services available in the host • Use UDP packets to list all open ports found on the network host • Try to identify the Standard protocols • Try to identify non-standard protocols • Try to identify encrypted protocols • Identify date, time and System Up-Time • Identify the predictability of TCP sequence numbers • Identify the predictability of TCP sequence number ISN  Service identification: o Expected Results • Type of services • Application version and type that offers the service o Tasks • Match each open port with its corresponding service • Identify the Server Up-Time and patches applied • Identify the application that provides the service through the use of fingerprinting and banners • Identify the version of the application • Use UDP based services and Trojans attempt to make connections to the services found  System Identification: Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
  • 7. o Expected Results • Type of operating system • Patch Level • Type of system • Enumeration System o Tasks • Examine system responses to determine your operating system • Check the prediction of TCP sequence numbers Vulnerability Analysis After successfully identifying the target systems and gathering the required details from the above phases, a penetration tester will try to find any possible vulnerabilities existing in each target system. During this phase a penetration tester will use automated tools to scan the target systems for known vulnerabilities. These tools have their own databases consisting of latest vulnerabilities and their details. During this phase a penetration tester will also test the systems by supplying invalid inputs, random strings, etc., and check for any errors or unintended behaviours in the system output. By doing so there are many possibilities that the penetration tester may come across unidentified vulnerabilities. Penetration tester will not to rely only on automated tools for this activity  Vulnerability testing o Expected Results • Type of applications and services listed by vulnerability • Patch Level of systems and applications • List of vulnerabilities that can cause denial of service • List of areas secured by obscurity Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
  • 8. o Tasks • Integrate the most popular scanners, hacking tools and exploits in this test • Measure the goal with these tools • Try to identify vulnerabilities in a system and application type d • Perform redundant testing with at least two of the most popular scanners • Identify the vulnerabilities of the operating system • Identify application vulnerabilities • Check the vulnerabilities found by using exploits Exploitation During this phase a penetration tester will try to find exploits for the various vulnerabilities found in the previous phase. Quite often, successful exploitation of vulnerability might not lead to root (administrative) access. In such a scenario additional steps need to be taken, further analysis is required to access the risk, that particular vulnerability may cause to the target system. Example attack scenarios in this phase include, but aren’t limited to;  buffer overflows  application or system configuration problems  modems  routing issues  DNS attacks  address spoofing  share access and exploitation of inherent system trust relationships. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
  • 9. Potential vulnerabilities will be systematically tested for weakness and overall risk. The strength of captured password files will be tested using password-cracking tools. Individual user account passwords may also be tested using dictionary-based, automated login scripts. In the event that an account is compromised, we will attempt to elevate privileges to that of super user, root, or administrator level. Our Security Consultants will maintain detailed records of all attempts to exploit vulnerabilities and activities conducted during the attack phase. Reporting The last phase in the entire activity is the reporting phase. This phase can occur in parallel to the other three stages or at the end of the Attack stage. The final report will be prepared keeping in mind both Management as well as Technical aspects, detailing all the findings with proper graphs, figures, etc. so as to convey a proper presentation of the vulnerabilities and it’s impact to the business of the target organization. An executive summary, describing in brief, the activities performed, findings, and high-level recommendations will be provided. Also detailed technical descriptions of the vulnerabilities and the recommendations to mitigate them will be documented in this report. All the security holes found and exploited will be accompanied with proper Proof‐of‐Concept by means of screenshots of the successful exploits, or any other such methods. This report will consist in an Executive report containing, without to be limited to: conclusions, recommendations, statistics, and hacking methodology brief, and a Technical Report containing without to be limited to: Information Gathering, Network Information, Analysis and Attack results of accomplished tasks. Web Application Penetration Test Why? Web applications have become increasingly vulnerable to different forms of hacker attacks. According to a Gartner Report, 75% of attacks today occur at the application level. A Forrester survey states that “people are now attacking through applications, because it’s easier Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
  • 10. than through the network layer.” Despite common use of defenses such as firewalls and intrusion detection or prevention systems, hackers can access valuable proprietary and customer data, shutdown websites and servers and defraud businesses, as well as introduce serious legal liability without being stopped or, in many cases, even detected. To counter this problem, Cyber 51 Ltd. offers a comprehensive security risk assessment solution - Web Application Penetration Testing - to identify, analyze and report vulnerabilities in a given application. As part of this service, Cyber 51 Ltd. attempts to identify both inherent and potential security risks that might work as entry points for the hacker. We believe vulnerabilities could be present in a web application due to inadvertent flaws left behind during development, security issues in the underlying environment and misconfigurations in one or more components like database, web server etc. When conducting a Web Application Penetration Testing assignment, Cyber 51 Ltd. adopts a strong technology and process-based approach supported by a well-documented methodology to identify potential security flaws in the application and underlying environment. Adherence to industry standards such as OWASP, customized tests based on technology and business logic, skilled and certified security engineers, risk assessment on the vulnerabilities found, scoring system based on CVSS (Common Vulnerability Scoring System) make us different from the other vendors in this space. Customers would benefit from web application penetration testing on the application as it gives an in-depth analysis of your current security posture, recommendations for reducing exposure to currently identified vulnerabilities are highlighted and it allows the customer to make more informed decisions, enabling management of the company’s exposure to threats. The security assessment report submitted on completion of the engagement provides a detailed and prioritized mitigation plan to help customers in addressing security issues in a phased manner. Methodology Configuration Management Analysis The infrastructure used by the Web application will be evaluated from a security perspective. The tests to be performed are as follows: • TLS and SSL tests. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
  • 11. • Security Testing over the listener of management system databases. • Testing the configuration of the infrastructure and its relationship with the Web application, vulnerability analysis, analysis of authentication mechanisms and identification of all the ports used by the Web application. • Testing the application settings, search through directories and regular files, comments from developers and the eventual acquisition and operational analysis of logs generated by the application. • Searching for old files, backups, logs of operations and other files used by the Web application. • Search and test management interfaces or web application related infrastructure. • Test various HTTP methods supported and the possibilities of XST (Cross-Site Tracing). Analysis of Authentication We will evaluate the various mechanisms and aspects of the web application authentication. The tests to be performed are as follows: • Credentials management • Enumeration of users and user accounts easily identifiable. • Proof of identification credentials brute force, based on information found or inferred. • Testing the authentication mechanisms looking for evasion • Logouts mechanisms and weaknesses associated with the Internet browser cache. • Strength tests over captchas and test multi-factor authentication. Session Management Analysis We will evaluate the different mechanisms and management aspects of web application sessions. The tests to be performed are as follows: Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
  • 12. • Session management scheme will be tested. • CSRF (Cross-Site Request Forgery). • Test attributes Cookies. • Setting sessions. • Evidence of attributes exposed session and repetition. Analysis of Authorization We will evaluate the various mechanisms and aspects of web application authorization. The tests to be performed are as follows: • Privilege escalation. • "Path Traversal". • Evidence of evasion of clearance mechanisms. • Testing the "business logic" of the Web application, avoiding, altering, or cheating their relationships within the application. Data Validation Analysis We will evaluate the various repositories, access and protection mechanisms related to the validation of data used by the Web application. The tests to be performed are as follows: • Test various XSS (Cross Site Scripting) and "Cross Site Flashing." • SQL Injection tests. • LDAP injection tests. • Evidence of ORM injection. • XML Injection tests. • SSI injection testing. • Testing XPath Injection. • Injection Test IMAP / SMTP. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
  • 13. • Evidence Code Injection. • Injection Test Operating System Commands. • Evidence of buffer overflow. • Evidence of Splitting / Smuggling of HTTP. • Evidence of evasion of clearance mechanisms. • Evidence of privilege escalation. Analysis of Web Services We will evaluate the web application services related to SOA (Service Oriented Architecture): The tests to be performed are as follows: • Security testing of WSDL. • Evidence of structural Security of XML. • Testing of security at XML content. • Test HTTP GET parameters / REST. • Tests with contaminated SOAP attachments. • Repeat testing of web services. • Testing AJAX Web application vulnerabilities regarding this technology. Reporting The last phase in the entire activity is the reporting phase. This phase can occur in parallel to the other three stages or at the end of the Attack stage. The final report will be prepared keeping in mind both Management as well as Technical aspects, detailing all the findings with proper graphs, figures, etc. so as to convey a proper presentation of the vulnerabilities and it’s impact to the business of the target organization. An executive summary, describing in brief, the activities performed, findings, and high level recommendations will be provided. Also detailed technical descriptions of the vulnerabilities and the recommendations to mitigate them will be documented in this report. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
  • 14. All the security holes found and exploited will be accompanied with proper Proof‐of‐Concept by means of screenshots of the successful exploits, or any other such methods. This report will consist in an Executive report containing, without to be limited to: conclusions, recommendations, statistics, and hacking methodology brief, and a Technical Report containing without to be limited to: Information Gathering, Network Information, Analysis and Attack results of accomplished tasks. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
  • 15. Penetration Testing Any of our Penetration Tests can contain one or more modules as listed below. We will tailor any Penetration Test to your individual business needs. Internet Security Assessment Any device with access to the Internet is a potential open door to would-be hackers. We provide vulnerability assessments during which we closely map the network architecture, examine all open ports, hosts and services with access to the Web, and ensures that these network devices are secure. Defensive thinking gathers information such as domain names, IP network ranges, operating system and applications, to identify systems on the network, how they are related, the services that are exposed through open ports (such as http, SMTP, terminal services, etc.). Once open ports and attached services are identified, we determine whether each service has been updated with the most recent patches and identifies other vulnerabilities located within the exposed services. In addition to conducting vulnerability assessments, we perform more rigorous penetration tests in which the information gathered from the assessment is used to attempt to penetrate the network. This more thorough procedure can confirm whether potential vulnerabilities are, in fact, capable of being exploited to expose the network. Following all vulnerability assessments and penetration tests, we use the information we gather to prepare a thorough vulnerability analysis and offers recommendations for strengthening network security. Intranet Security Assessment While outside threats must be guarded against, business must also protect against potential threats from within their own networks. Using many of the same techniques and procedures for Internet Security Testing, we provide Intranet risk assessment and analysis to protect against the potential threat posed by insiders. Depending on the client’s needs, intranet testing can be performed by us under varying degrees of disclosure of network information from the client, for example with or without network accounts. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
  • 16. Dial-in RAS Security Assessment Dial-in links pose a potential threat to the integrity of the network security system. We examine dial-up connections that allow employees to access the network through public telephone lines or other dial-up connections. Given a range of telephone exchanges that may include modems, we can identify target numbers that allow for remote access. Using these numbers, we attempt to exploit vulnerabilities in the system and gain access to the network. We can also assess risks posed by the exposure of dial-up connections to the public telephone network which might undermine the client’s own internal security architecture. Web Application Assessment This assessment examines what services are being offered on Web- based portals and e-commerce applications to examine potential vulnerabilities with respect to authentication, authorization, data integrity, data confidentiality, and consumer privacy concerns. We can test these applications using either zero-knowledge testing or full- access testing to examine the full range of potential vulnerabilities. We also conduct source code audits to identify any potential vulnerability among the applications and scripts that are accessible through the Web. Wireless Assessment Wireless networks, while highly convenient, present additional security threats since the wireless signals are not limited by the physical boundaries of a traditional network. We evaluate how to prevent wireless communications from being exposed to eavesdropping and access by unauthorized intruders. Additionally, we examine the enterprise infrastructure for unencrypted or standard WEP enabled access points that may be vulnerable in order to ensure the security of the network. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
  • 17. Social Engineering Assessment Social engineering involves manipulating and/or deceiving company employees and other human resources to gain unauthorized access to a network or to confidential information. We are a premier consulting firm in our ability to identify weak links in the security chain through exploitation of human vulnerabilities. We leverage our unparalleled expertise in this field to expose what is often the weakest link in the information security apparatus: the human element. Once individual or systemic weaknesses are identified, we recommend procedures designed to ensure that employees do not divulge information that could compromise company assets. The social engineering assessment not only uses tactics intended to gain confidential information, but also to induce unsuspecting employees to create vulnerabilities that can subsequently be exploited to gain access to confidential information. Telecommunications Assessment We have unique experience testing vulnerabilities in private bank exchanges that operate company voicemail and messaging systems. Unauthorized access to these systems can allow an intruder to eavesdrop on and manipulate employee voicemail messages, initiate outgoing calls from internal company lines, and access corporate telephone networks and directories. Database Assessment Client lists, credit card records, and other confidential information held in databases must be given particular protection from unauthorized disclosure. We test database integrity to determine whether any vulnerability may compromise this sensitive information. Physical Security Assessment Access to confidential information can often be obtained by simply gaining physical access to company premises. We conducts on-site surveillance to assess physical security and uses social engineering, pass key duplication, and other techniques designed to gain physical entry into secure areas and the network system. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
  • 18. Forensic Analysis In addition to preventing future attacks, we can conduct forensic analysis to evaluate past security breaches. This analysis examines log reports, compares backups to identify modifications to the network, and investigates the introduction of foreign software tools to help identify intruders, determine the extent to which the network has been compromised, and mitigate potential damages from the intrusion. Intrusion Investigation We can investigate documented intrusion attempts in to your network and situations where data was actually compromised. Through investigation, you can find the source of the attack, the techniques used, and how to correct these flaws. While it is always best to stop attacks before they happen, it is important to investigate any possible compromise of your intellectual property. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk