Vulnerability Assessment and Penetration testing
- 1. $7absec https://7absec.dorik.io Date: 28th September 2022 11am - 1pm (Wednesday) -- Aftab Harun ($7absec) -- Cybersecurity Researcher An ethical way of hacking
- 2. $7absec https://7absec.dorik.io What is Pentesting VA v/s PT Pentest Engagement Methodology Work of scope Conclusions 11:10 AM 11:20 AM 11:40 AM 12:25 PM 12:35 PM 12:50 PM Image source — https://www.subpng.com/png-4ek66c/
- 3. $7absec https://7absec.dorik.io A penetration testing is an authorized simulated attack performed on a computer system to evaluate its security Image source — https://rhinosecuritylabs.com/assessment-services/red-team-engagement/ Penetration testers use the same tools, techniques, and processes as attackers to find and demonstrate the business impacts of weaknesses in a system. Penetration tests usually simulate a variety of attacks that could threaten a business. With the right scope, a pen test can dive into any aspect of a system.
- 4. $7absec https://7absec.dorik.io Vulnerability Assessments tend to be wide in coverage but narrow in scope. Penetration Testing take vulnerability assessments to the next level by exploiting and proving out attack paths. Credit —Image credit goes to respective creator
- 5. $7absec https://7absec.dorik.io Every pentesting engagement will start by defining clear goals Pentest engagements also improve on regular vulnerability assessments by exploiting vulnerabilities Depending on the resources available, the pentest exercise can be run in tow ways - Network based Host based Credit —Image credit goes to respective creator
- 6. $7absec https://7absec.dorik.io We follow the following pen testing methodology Reconnaissance Automated Testing Exploration and Verification Assessment Reporting Optional Remediation
- 7. $7absec https://7absec.dorik.io Reconnaissance This process begins with detailed scanning and research into the architecture and environment, with the performance of automated testing for known vulnerabilities. Different methods are used to evade the firewall and IDS during the intelligence gathering. During reconnaissance the Live Hosts discovery and Network/Port scanning activities are carried out. Credit —Image credit goes to respective creator
- 8. $7absec https://7absec.dorik.io Automated Testing Once the target has been fully enumerated, MapleCloud Technologies uses both vulnerability scanning tools and manual analysis to identify security flaws. With decades of experience and custom-built tools, our security engineers find weaknesses most automated scanners miss. The results of automated tools are analyzed to filter out the false positives. The vulnerabilities identified by automated tools are manually verified by our security engineers. Credit —Image credit goes to respective creator
- 9. $7absec https://7absec.dorik.io Exploration and Verification At this stage of the assessment, our consultants review all previous data to identify and safely exploit identified application vulnerabilities Once sensitive access has been obtained, the focus turns to escalation and movement to identify technical risk and total business impact. During each phase of the compromise, we keep client stakeholders informed of testing progress, ensuring asset safety and stability. Credit —Image credit goes to respective creator
- 10. $7absec https://7absec.dorik.io Assessment Reporting Once the engagement is complete, MapleCloud Technologies delivers a detailed analysis and threat report, including remediation steps. Our consultants set an industry standard for clear and concise reports, prioritizing the highest risk vulnerabilities first. The assessment includes the following: • Executive Summary • Strategic Strengths and Weaknesses • Identified Vulnerabilities and Risk Ratings • Detailed Risk Remediation Steps • Assets and Data Compromised During Assessment Credit —Image credit goes to respective creator
- 11. $7absec https://7absec.dorik.io Optional Remediation As an optional addition to the standard assessment, MapleCloud Technologies provides remediation retesting (Revalidation) for all vulnerabilities listed in the report. At the conclusion of the remediation testing and request of the client, MapleCloud Technologies will update the report with a new risk level determination and mark which vulnerabilities in the report were in fact remediated to warrant a new risk level. Credit —Image credit goes to respective creator
- 12. $7absec https://7absec.dorik.io We followed the Network based Vulnerability Assessment approach. The Methodology will differ for the different IT assets. Elements Approach Network Devices (switch, router, firewall) Configuration Review Servers (Virtual, Physical (DC, DR)) Network Based VAPT Web Application WebApp VAPT SDWAN Configuration Review Mobile Applications Static and Dynamic Testing (source code review)
- 13. $7absec https://7absec.dorik.io A penetration testing is one of the best ways to expose potential vulnerabilities in your system. This can be in relation to a cloud database, an in-house service or any form of tech system you're operating on. This ability to expose vulnerabilities is vital to ensuring that your system is as secure as it possibly can be. Image source — https://www.nicepng.com/ourpic/u2q8r5r5a9w7e6e6_graphic-freeuse-stock-conclusion-clipart-planning-planning-transparent/
- 14. $7absec https://7absec.dorik.io For online consulting visit https://7absec.dorik.io Or mail us on 7absec@gmail.com