SlideShare a Scribd company logo

Application Lecurity Lectures by professor

O
OmarKhattab41

Application Lecurity Lectures by professor

Technology
1 of 20
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
AHMET KEMAL AYGIN ahmetkemal.aygin@uskudar.edu.tr CYS504- Application Security Lesson Four Security Tests
Scope of Lesson • Vulnerability Assessments And Penetration Testing • Degree Of Knowledge • Vulnerability Scannıng • Attack Methodology • Testing Guidelines • Penetration Testing Considerations • Rules Of Engagement • Types Of Penetration Tests • Approaches To Testing • OWASP • OWASP TOP 10
• Vulnerability Assessment • Physical / Administrative/ Logical • Identify weaknesses • Penetration Testing • Ethical hacking to validate discovered weaknesses • Red Teams (Attack)/Blue Teams (Defend) • NIST SP 800-115 Guideline on Security Testing Vulnerability Assessments And Penetration Testing
• Zero Knowledge (Black Box Testing): Team has no knowledge of the target and must start with only information that is publically available. This simulates an external attack • •Partial Knowledge(Gray box): The team has limited knowledge of the organization • •Full Knowledge(White box): This simulates an internal attack. The team has full knowledge of network operations Degree Of Knowledge
Vulnerability Scanning identifies: • Active hosts on network • Active and vulnerable services (ports) on hosts • Applications • Operating systems • Vulnerabilities associated with discovered OS & applications • Misconfigured settings • Testing compliance with host application usage/security policies • Establishing a foundation for penetration testing Vulnerability Scanning
Test Attacks 1.Reconnaissance • Who Is Database, Company Website, Job Search Engines, Social Networking 2. Footprinting • Mapping the network (Nmap) • ICMP ping sweeps • DNS zone transfers 3. Fingerprinting • Identifying host information • Port scanning 4. Vulnerability assessment • Identifying weaknesses in system configurations • Discovering unpatched software Attack Methodology
5. The “attack” • Penetration • Privilege escalation • Run As, SU • Root kits • Collection of tools to allow continued access. Includes • Back Door software • Can update the kernel of the operating system • Very difficult to detect • Cover tracks • Trojaned Programs: The Attacker replaces default utilities with ones that masquerade as system utilities that provide normal services, with the exception of helping identify the backdoor software • Log Scrubbers Attack Methodology
Why Test? • Risk analysis • Certification • Accreditation • Security architectures • Policy development Develop a cohesive, well-planned, and operational security testing program Testing Guidelines
Three basic requirements: • Meet with Senior management to determine the goal of the Assessment • Document Rules of Engagement • Get sign off from Senior Management Issue: it could disrupt productivity and systems • Overall purpose is to determine subject’s ability to withstand an attack and determine effectiveness of current security measures • Tester should determine effectiveness of safeguards and identify areas of improvement. Penetration Testing Considerations
• Specific IP addresses/ranges to be tested • Any restricted hosts • A list of acceptable testing techniques • Times when testing is to be conducted • Points of contact for the penetration testing team, the targeted systems, and the networks • Measures to prevent law enforcement being called with false alarms • Handling of information collected by penetration testing team Rules of Engagement
Physical Security • Access into building or department • Wiring closets, locked file cabinets, offices, server room, sensitive areas • Remove materials from building • Administrative Security • Help desk giving out sensitive information, data on disposed disks • Logical Security • Attacks on systems, networks, communication Types Of Penetration Tests
• Do not rely on single method of attack • Get creative • Path of least resistance • Start with users—social engineering is often the easiest way to gain access • Break the rules • Even if a company follows its own policy, standards and procedures, it does not mean that there are not vulnerabilities • Attempt things not expected Approaches To Testing
• Do not rely exclusively on high-tech tools • Dumpster diving • Stealth methods may be required • Do not damage systems or data • Do not overlook small weakness in search for the big ones • Have a toolkit of techniques Approaches To Testing
List of all active hosts • Network services: • ICMP • UDP & TCP • Port scanner: • Nmap • Finger Printing • Banner Grabbing Network Scanning
Goal is to identify weak passwords • Passwords are generally stored and transmitted in an encrypted form called a hash • Password cracking requires captured password hashes • Hashes can be intercepted • Can be retrieved from the targeted system Password Cracking
• Dictionary attack • Brute force • Hybrid attack • LanMan password hashes • Theoretically all passwords are “crackable” • Rainbow tables Password Cracking Techniques
• The Open Web Application Security Project® (OWASP) is a nonprofit foundation that works to improve the security of software. Through community-led open-source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web. OWASP
• A01:2021 – Broken Access Control • A02:2021 – Cryptographic Failures • A03:2021 – Injection • A04:2021 – Insecure Design • A05:2021 – Security Misconfiguration • A06:2021 – Vulnerable and Outdated Components • A07:2021 – Identification and Authentication Failures • A08:2021 – Software and Data Integrity Failures • A09:2021 – Security Logging and Monitoring Failures • A10:2021 – Server-Side Request Forgery (SSRF) OWASP Top 10 - 2021
• Vulnerability Assessments And Penetration Testing • Degree Of Knowledge • Vulnerability Scannıng • Attack Methodology • Testıng Guidelines • Penetratıon Testing Considerations • Rules Of Engagement • Types Of Penetration Tests • Approaches To Testing • OWASP • OWASP TOP 10 What we learned Today?
Thanx

More Related Content

PDF
WTF is Penetration Testing
NetSPI
 
PPTX
Penentration testing
tahreemsaleem
 
PDF
AppSec in an Agile World
David Lindner
 
PDF
WTF is Penetration Testing
Scott Sutherland
 
PDF
Decrease Cyber Risk at your Community Bank
Great Bay Software
 
PPTX
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
PDF
CNIT 121: 2 IR Management Handbook
Sam Bowne
 
PPTX
Cyber Security Hacking and Attack Tree Analysis
AvinashAvuthu2
 
WTF is Penetration Testing
NetSPI
 
Penentration testing
tahreemsaleem
 
AppSec in an Agile World
David Lindner
 
WTF is Penetration Testing
Scott Sutherland
 
Decrease Cyber Risk at your Community Bank
Great Bay Software
 
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
CNIT 121: 2 IR Management Handbook
Sam Bowne
 
Cyber Security Hacking and Attack Tree Analysis
AvinashAvuthu2
 

Similar to Application Lecurity Lectures by professor (20)

PPTX
Cyber Security Penetration Testing Tools
AvinashAvuthu2
 
PDF
CNIT 160 4e Security Program Management (Part 5)
Sam Bowne
 
PDF
Top Security Challenges Facing Credit Unions Today
Chris Gates
 
PPTX
NETWORK PENETRATION TESTING
Er Vivek Rana
 
PPTX
Module 6.pptx
ssuser66c4d5
 
PDF
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
PPTX
What is penetration testing
sakshisoni076
 
PPTX
Vapt life cycle
penetration Tester
 
PPTX
RMS Security Breakfast
Rackspace
 
PPTX
Penetration testing in wireless network
Hadi Fadlallah
 
PDF
BAIT1103 Chapter 7
limsh
 
PPTX
CISSP - Security Assessment
Karthikeyan Dhayalan
 
PDF
CNIT 125 7. Security Assessment and Testing
Sam Bowne
 
PDF
CISSP Prep: Ch 7. Security Assessment and Testing
Sam Bowne
 
PDF
6. Security Assessment and Testing
Sam Bowne
 
PDF
The_Pentester_Blueprint.pdf
gcara4
 
PPTX
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Knoldus Inc.
 
PPTX
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
EC-Council
 
PPTX
Protecting Your IP with Perforce Helix and Interset
Perforce
 
PDF
Threat Hunting Professional Online Training Course
ShivamSharma909
 
Cyber Security Penetration Testing Tools
AvinashAvuthu2
 
CNIT 160 4e Security Program Management (Part 5)
Sam Bowne
 
Top Security Challenges Facing Credit Unions Today
Chris Gates
 
NETWORK PENETRATION TESTING
Er Vivek Rana
 
Module 6.pptx
ssuser66c4d5
 
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
What is penetration testing
sakshisoni076
 
Vapt life cycle
penetration Tester
 
RMS Security Breakfast
Rackspace
 
Penetration testing in wireless network
Hadi Fadlallah
 
BAIT1103 Chapter 7
limsh
 
CISSP - Security Assessment
Karthikeyan Dhayalan
 
CNIT 125 7. Security Assessment and Testing
Sam Bowne
 
CISSP Prep: Ch 7. Security Assessment and Testing
Sam Bowne
 
6. Security Assessment and Testing
Sam Bowne
 
The_Pentester_Blueprint.pdf
gcara4
 
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Knoldus Inc.
 
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
EC-Council
 
Protecting Your IP with Perforce Helix and Interset
Perforce
 
Threat Hunting Professional Online Training Course
ShivamSharma909
 
Ad

Recently uploaded (20)

PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Approach and Philosophy of On baking technology
30anthuong17
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Ad

Application Lecurity Lectures by professor

  • 1. AHMET KEMAL AYGIN ahmetkemal.aygin@uskudar.edu.tr CYS504- Application Security Lesson Four Security Tests
  • 2. Scope of Lesson • Vulnerability Assessments And Penetration Testing • Degree Of Knowledge • Vulnerability Scannıng • Attack Methodology • Testing Guidelines • Penetration Testing Considerations • Rules Of Engagement • Types Of Penetration Tests • Approaches To Testing • OWASP • OWASP TOP 10
  • 3. • Vulnerability Assessment • Physical / Administrative/ Logical • Identify weaknesses • Penetration Testing • Ethical hacking to validate discovered weaknesses • Red Teams (Attack)/Blue Teams (Defend) • NIST SP 800-115 Guideline on Security Testing Vulnerability Assessments And Penetration Testing
  • 4. • Zero Knowledge (Black Box Testing): Team has no knowledge of the target and must start with only information that is publically available. This simulates an external attack • •Partial Knowledge(Gray box): The team has limited knowledge of the organization • •Full Knowledge(White box): This simulates an internal attack. The team has full knowledge of network operations Degree Of Knowledge
  • 5. Vulnerability Scanning identifies: • Active hosts on network • Active and vulnerable services (ports) on hosts • Applications • Operating systems • Vulnerabilities associated with discovered OS & applications • Misconfigured settings • Testing compliance with host application usage/security policies • Establishing a foundation for penetration testing Vulnerability Scanning
  • 6. Test Attacks 1.Reconnaissance • Who Is Database, Company Website, Job Search Engines, Social Networking 2. Footprinting • Mapping the network (Nmap) • ICMP ping sweeps • DNS zone transfers 3. Fingerprinting • Identifying host information • Port scanning 4. Vulnerability assessment • Identifying weaknesses in system configurations • Discovering unpatched software Attack Methodology
  • 7. 5. The “attack” • Penetration • Privilege escalation • Run As, SU • Root kits • Collection of tools to allow continued access. Includes • Back Door software • Can update the kernel of the operating system • Very difficult to detect • Cover tracks • Trojaned Programs: The Attacker replaces default utilities with ones that masquerade as system utilities that provide normal services, with the exception of helping identify the backdoor software • Log Scrubbers Attack Methodology
  • 8. Why Test? • Risk analysis • Certification • Accreditation • Security architectures • Policy development Develop a cohesive, well-planned, and operational security testing program Testing Guidelines
  • 9. Three basic requirements: • Meet with Senior management to determine the goal of the Assessment • Document Rules of Engagement • Get sign off from Senior Management Issue: it could disrupt productivity and systems • Overall purpose is to determine subject’s ability to withstand an attack and determine effectiveness of current security measures • Tester should determine effectiveness of safeguards and identify areas of improvement. Penetration Testing Considerations
  • 10. • Specific IP addresses/ranges to be tested • Any restricted hosts • A list of acceptable testing techniques • Times when testing is to be conducted • Points of contact for the penetration testing team, the targeted systems, and the networks • Measures to prevent law enforcement being called with false alarms • Handling of information collected by penetration testing team Rules of Engagement
  • 11. Physical Security • Access into building or department • Wiring closets, locked file cabinets, offices, server room, sensitive areas • Remove materials from building • Administrative Security • Help desk giving out sensitive information, data on disposed disks • Logical Security • Attacks on systems, networks, communication Types Of Penetration Tests
  • 12. • Do not rely on single method of attack • Get creative • Path of least resistance • Start with users—social engineering is often the easiest way to gain access • Break the rules • Even if a company follows its own policy, standards and procedures, it does not mean that there are not vulnerabilities • Attempt things not expected Approaches To Testing
  • 13. • Do not rely exclusively on high-tech tools • Dumpster diving • Stealth methods may be required • Do not damage systems or data • Do not overlook small weakness in search for the big ones • Have a toolkit of techniques Approaches To Testing
  • 14. List of all active hosts • Network services: • ICMP • UDP & TCP • Port scanner: • Nmap • Finger Printing • Banner Grabbing Network Scanning
  • 15. Goal is to identify weak passwords • Passwords are generally stored and transmitted in an encrypted form called a hash • Password cracking requires captured password hashes • Hashes can be intercepted • Can be retrieved from the targeted system Password Cracking
  • 16. • Dictionary attack • Brute force • Hybrid attack • LanMan password hashes • Theoretically all passwords are “crackable” • Rainbow tables Password Cracking Techniques
  • 17. • The Open Web Application Security Project® (OWASP) is a nonprofit foundation that works to improve the security of software. Through community-led open-source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web. OWASP
  • 18. • A01:2021 – Broken Access Control • A02:2021 – Cryptographic Failures • A03:2021 – Injection • A04:2021 – Insecure Design • A05:2021 – Security Misconfiguration • A06:2021 – Vulnerable and Outdated Components • A07:2021 – Identification and Authentication Failures • A08:2021 – Software and Data Integrity Failures • A09:2021 – Security Logging and Monitoring Failures • A10:2021 – Server-Side Request Forgery (SSRF) OWASP Top 10 - 2021
  • 19. • Vulnerability Assessments And Penetration Testing • Degree Of Knowledge • Vulnerability Scannıng • Attack Methodology • Testıng Guidelines • Penetratıon Testing Considerations • Rules Of Engagement • Types Of Penetration Tests • Approaches To Testing • OWASP • OWASP TOP 10 What we learned Today?
  • 20. Thanx