Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Penetration Testing Principles

1.Penetration Testing Overview


O que é o teste de penetração?

Penetration testing tests your existing cybersecurity measures to try to find vulnerabilities that attackers could exploit. Pen tests give you insight into how attackers might try to breach your networks, so you can close any gaps and stay one step ahead.

Pen tests can be done in house, but generally they are done by a third party who uses a variety of tools and methods to try to penetrate your network. These tests resemble real-world attack methods attackers may use. The goal is to discover vulnerabilities, misconfigurations and other security weaknesses before an attacker can exploit them and put your organization at risk.

If an attack (or penetration from a pen test) is successful, the attacker could:

  • Gain access to personal health information (PHI)
  • Get access to personally identifiable information (PII)
  • Steal credentials
  • Steal data and records
  • Launch malware
  • Make lateral movements across your network (potentially for weeks or months before you even know they’re there)
  • Access credit card and other financial information
  • Disrupt business operations
  • Hold your systems and operations hostage and demand a ransom
  • Destroy your data

Pen tests help you uncover weaknesses within your attack surface so you can make plans to remediate them before they can be exploited.

Pen tests are a complementary component of your vulnerability assessment program. As part of vulnerability assessment, your organization should do routine vulnerability scans that give you insight into all the assets and vulnerabilities across your enterprise. Pen tests help you verify if an attacker can exploit these weaknesses and evaluate the success of your remediation efforts.

To build a comprehensive vulnerability assessment program, you should conduct vulnerability assessment scans on a continuous basis and then do pen testing periodically. Some compliance guidelines call for annual pen testing, but you may build a stronger cybersecurity program if you conduct these tests more frequently—for example, at least quarterly.

The Importance of Pen Testing

Here are some reasons why your organization should adopt penetration testing as part of your comprehensive cybersecurity program:

  • Pen tests help you discover if you have vulnerabilities an attacker could exploit to get access to your network, data and assets.
  • These tests can give you insight into how well you’re meeting compliance standards and where you have security gaps.
  • Pen tests can also help you determine if your security controls are working as you expect them to.
  • You can test applications your organization uses to see if there are programming mistakes that can give attackers access to your network.

2.Penetration Testing Goals and Processes


Generally, there are five phases for penetration testing.

  1. Your pen testing process begins with determining who you want to conduct your test — whether an in-house resource or a third-party pen tester. This phase should include setting goals and objectives for the pen test outcome. These goals should be specific to your organization and should align with your existing cybersecurity and business goals.
  2. Next, determine the scope of your test. For example, do you want the tester to target your entire network to see what can be uncovered? Or do you want to set parameters for the test and have the tester target only a specific subset? The scope you set will help your tester develop a plan of attack against your target(s).
  3. After setting your scope and targets, it’s time to begin testing. The tester will begin by doing a number of scans on your target to gather as much information as possible about existing security protocols and to try to find gaps and vulnerabilities. Once the pen tester has an understanding of your security measures, the tester should use a variety of exploitation methods to see if he/she can gain access, just like an attacker in the real world would do. After gaining access, the tester will determine if extended access can be maintained and what additional systems can be accessed from the breach. When the test is complete, the pen tester should remove all evidence of the attack including scripts and logs used during the testing phases.
  4. After your pen tester completes the test, the tester will provide you with a report on findings. The report should highlight what the vulnerability is, how it was breached, where there are gaps in your existing security measures, and the impact that a breach could have on your organization. You should review these findings and make plans for mitigation, starting with the most critical vulnerabilities with the greatest potential impact on your organization.
  5. Once you’ve implemented your mitigation plans, it’s a good idea to follow up with additional pen testing to see if your fixes work as you intended and whether or not new vulnerabilities surfaced since your last test.

Penetration Test Approaches

There are different approaches to pen testing, the two most common are whitebox testing and blackbox testing.

In whitebox testing, your organization will provide your tester with information about your intended target. Whitebox testing also generally takes place within a credentialed environment.

In blackbox testing, you don't share additional information about the target with your tester and the pen tester generally conducts network sweeps without using credentials.

Grey box testing is another approach to penetration testing. As the name implies, it’s somewhere in the middle of blackbox and whitebox testing. Here, your organization provides the tester with partial details about targets.

Nessus Professional is a great complementary tool for these approaches to penetration testing.

Penetration Testing Methods

In addition to the approaches to pen testing, pen testers may utilize a variety of testing methods during an engagement with your organization. Here are some examples:

Targeted testing: During targeted pen tests, your internal IT teams work together with your third-party tester to try to breach your attack surface. During these types of tests, both parties share information about what the tester is doing to initiate the attack and how your team is responding to block it. Not only does this type of testing give you information about where you may have vulnerabilities, but it also gives your teams real-world experience in attempting to stop a hack while it’s happening.

Blind testing: Blind testing is a true-to-life hacking scenario where all the tester knows is your URL or your organization’s name and your teams are only aware that you’ve given the go-ahead for a test. Here, your tester attempts to gain access to your network and systems in real time with little-to-no additional information about your company or security posture.

Double-blind testing: Double-blind testing is similar to blind testing, where the tester has limited information about your organization; however, unlike blind testing, your teams do not know that you’ve authorized a test and that an engagement is imminent.

External testing: In external testing, the tester attacks your external-facing assets and systems, for example web servers, firewalls, and email servers.

Internal testing: Internal testing gives testers access to your systems behind your firewall and simulates what would happen if an employee or a person with stolen credentials got unauthorized access to your enterprise systems.

Penetration Test Frequency

Your organization should plan for regular pen testing. While some compliance regulations call for annual tests, you may find it more beneficial for your overall cybersecurity posture if you do them more frequently, for example, at least once each quarter.

Pen tests give you a point-in-time snapshot of your security posture. Since your attack surface constantly changes and expands, routine pen tests may help you find holes and gaps in your existing program and enable you to remedy them before an attacker can exploit them.

3.Pen Tests and Vulnerability Management


  • There are differences between vulnerability assessment and penetration testing, but the processes complement one another.
  • Pen testing is a stand-alone activity that gives you a picture of your cyber exposures at a single point in time.
  • Vulnerability assessment is an ongoing practice that gives you visibility into all of your vulnerabilities. Each time you run a new vulnerability scan or conduct a new penetration test, you have the opportunity to uncover new information about your cybersecurity posture.
  • Pen tests help you define areas of improvements to strengthen your vulnerability assessment processes.

4. Pen Tests and Vulnerability Assessment


  • There are differences between vulnerability assessment and penetration testing, but the processes complement one another.
  • Pen testing is a stand-alone activity that gives you a picture of your cyber exposures at a single point in time.
  • Vulnerability assessment is an ongoing practice that gives you visibility into all of your vulnerabilities. Each time you run a new vulnerability scan or conduct a new penetration test, you have the opportunity to uncover new information about your cybersecurity posture.
  • Pen tests help you define areas of improvements to strengthen your vulnerability assessment processes.

Vulnerability Scanning and Pen Testing

Vulnerability scanning is a component of penetration testing. It’s a way to discover vulnerabilities and weaknesses within your attack surface and can help testers uncover which ones to target during a test.

Vulnerability scans can span across your entire attack surface or the tester may be limited to a specific subset. Here are some subset examples, some of which may be included in specialized tests:

  • Internal networks
  • External networks
  • Cloud environments
  • Internet of Things (IoT) devices
  • Industrial Internet of Things (IIoT) devices (Industry 4.0)
  • Operational technology (OT) devices
  • Contêineres
  • Apps da Web

5. Penetration Test Tools


Penetration testing has long been a manual process that relies on the training, skills, and innovative thinking of testers to try to breach your attack surface. Today, however, testers are supported by an arsenal of automated tools to help them initiate tests on intended targets. One of them is Kali Linux.

Kali Linux has more than 600 penetration tools and is a free resource. It can be used for penetration testing, reverse engineering, tech forensics, and research.

Tenable Nessus is not installed on Kali Linux by default, but it can be easily installed and then used to support pen testing engagements. Nessus can help your pen tester find local and remote vulnerabilities, check for default credentials, assist with configuration and compliance audits, and do web application scanning. You can read more about how Nessus supports Kali Linux pen testing here: https://www.tenable.com/blog/getting-started-with-nessus-on-kali-linux.

6. Nessus Vulnerability Scanning


Nessus Professional is an effective tool to help you discover vulnerabilities across your attack surface. It supports scanning across a variety of asset types such as operating systems (MacOS, Windows, Linux), applications, network devices and more.

Nessus comes with pre-built templates for credentialed and non-credentialed vulnerability scans. These templates, together with pre-built policies, help pen testers get the most out of their testing engagements. Nessus gives testers visibility into your organization's network and testers get an upper hand by being able to quickly uncover weaknesses and vulnerabilities.

Nessus templates support compliance frameworks such as Center for Internet Security (CIS), Health Insurance Portability and Accountability Act (HIPAA), Defense Information Systems Agency (DISA), Security Technical Implementation Guides (STIG) and others. You can also customize templates, including creating preferences to avoid false negatives or false positives.

Nessus has more than 142,000 plugins, which are automatically updated. It has coverage of more than 56,000 CVEs and more than 100 new plugins are released every week. That means with Nessus, pen testers get accurate, timely information about the latest vulnerabilities and malware so they can hunt them down on your network.

Produtos relacionados

A melhor solução para avaliação de vulnerabilidades.

A melhor solução para avaliação de vulnerabilidades.

Ver mais

Pen Testing Resources

 

Qual é a resposta para o problema de sobrecarga de vulnerabilidades?

 

Five Steps to Building a Successful Vulnerability Management Program

 

O que buscar em uma solução de gerenciamento de vulnerabilidades na nuvem

 

Gerenciamento de Vulnerabilidades: Descoberta de ativos

 

4 Failings of Vulnerability Management You Need to Fix for a More Secure 2020

COPYRIGHT 2020 TENABLE, INC.TODOS OS DIREITOS RESERVADOS.TENABLE, TENABLE.IO, TENABLE NETWORK SECURITY, NESSUS, SECURITYCENTER, SECURITYCENTER CONTINUOUS VIEW E LOG CORRELATION ENGINE SÃO MARCAS COMERCIAIS REGISTRADAS DA TENABLE, INC.TENABLE.SC, LUMIN, ASSURE E THE CYBER EXPOSURE COMPANY SÃO MARCAS COMERCIAIS DA TENABLE, INC.TODOS OS OUTROS PRODUTOS OU SERVIÇOS SÃO MARCAS COMERCIAIS DE SEUS RESPECTIVOS PROPRIETÁRIOS.

tenable.io

GRÁTIS POR 30 DIAS


Tenha acesso completo a uma plataforma moderna de gerenciamento de vulnerabilidades baseada na nuvem, que permite que você veja e rastreie todos os seus ativos com uma precisão sem precedentes.

tenable.io COMPRAR

Tenha acesso completo a uma plataforma moderna de gerenciamento de vulnerabilidades baseada na nuvem, que permite que você veja e rastreie todos os seus ativos com uma precisão sem precedentes. Compre hoje a sua assinatura anual.

65 ativos

Escolha sua opção de assinatura:

Compre já

Teste gratuitamente o Nessus Professional

GRÁTIS POR 7 DIAS

O Nessus® é o verificador de vulnerabilidades mais abrangente do mercado atualmente. O Nessus Professional ajudará a automatizar o processo de verificação de vulnerabilidades, economizar tempo nos seus ciclos de conformidade e permitirá que você envolva a sua equipe de TI.

Comprar o Nessus Professional

O Nessus® é o verificador de vulnerabilidades mais abrangente do mercado atualmente. O Nessus Professional ajudará a automatizar o processo de verificação de vulnerabilidades, economizar tempo nos seus ciclos de conformidade e permitirá que você envolva a sua equipe de TI.

Compre uma licença para vários anos e economize. Inclua o Suporte avançado para ter acesso ao suporte por telefone, pela comunidade e por bate-papo 24 horas por dia, 365 dias por ano.

Selecione sua licença

Compre uma licença para vários anos e economize.

Adicionar suporte e treinamento

Tenable.io AVALIAÇÃO GRATUITA POR 30 DIAS

Tenha acesso completo a uma plataforma moderna de gerenciamento de vulnerabilidades baseada na nuvem, que permite que você veja e rastreie todos os seus ativos com uma precisão sem precedentes.

Tenable.io COMPRAR

Tenha acesso completo a uma plataforma moderna de gerenciamento de vulnerabilidades baseada na nuvem, que permite que você veja e rastreie todos os seus ativos com uma precisão sem precedentes. Compre hoje a sua assinatura anual.

65 ativos

Escolha sua opção de assinatura:

Compre já

Teste o Tenable.io Web Application Scanning

GRÁTIS POR 30 DIAS

Tenha acesso completo à nossa oferta mais recente de verificação de aplicações Web desenvolvida para aplicações modernas como parte da plataforma do Tenable.io. Verifique com segurança por vulnerabilidades em todo o seu portfólio online com um alto grau de precisão sem grandes esforços manuais ou interrupção de aplicações Web críticas. Inscreva-se agora mesmo.

Comprar o Tenable.io Web Application Scanning

Tenha acesso completo a uma plataforma moderna de gerenciamento de vulnerabilidades baseada na nuvem, que permite que você veja e rastreie todos os seus ativos com uma precisão sem precedentes. Compre hoje a sua assinatura anual.

5 FQDNs

US$ 3.578,00

Compre já

Teste o Tenable.io Container Security

GRÁTIS POR 30 DIAS

Tenha acesso completo à única oferta de segurança de contêiner integrada a uma plataforma de gerenciamento de vulnerabilidades. Monitore imagens de contêiner por vulnerabilidades, malware e violações de segurança. Unifique sistemas de integração contínua e implantação contínua (CI/CD) para dar suporte às práticas de DevOps, reforçar a segurança e ajudar na conformidade com as políticas da empresa.

Comprar o Tenable.io Container Security

O Tenable.io Container Security habilita com perfeição e segurança os processos de DevOps ao fornecer visibilidade da segurança das imagens de contêiner, incluindo vulnerabilidades, malware e violações de segurança através da integração com o processo de compilação.

Avalie o Tenable Lumin

GRÁTIS POR 30 DIAS

Visualize e explore sua Cyber Exposure, monitore a redução do risco ao longo do tempo e faça uma análise comparativa com outras empresas do mesmo setor com o Tenable Lumin.

Compre o Tenable Lumin

Entre em contato com um representante de vendas para ver como o Lumin pode ajudar você a obter informações sobre toda a organização e gerenciar o risco cibernético.

Experimente o Tenable.cs

GRATUITO POR 30 DIAS Aproveite o acesso total para detectar e corrigir configurações incorretas da infraestrutura de nuvem nas fases de projeto, criação e tempo de execução do ciclo de vida de desenvolvimento de software.

Compre o Tenable.cs

Entre em contato com um representante de vendas para saber mais sobre a segurança na nuvem e como você pode proteger cada etapa do código na nuvem.