Professional Documents
Culture Documents
Chapter 1 Introduction To Vulnerability Assessment and Testing
Chapter 1 Introduction To Vulnerability Assessment and Testing
Source: https://www.aerocominc.com/info/penetration-testing-services-comparison-what-is-physical-security-pen-testing-methodology/
Penetration Testing Methodologies
Types of Penetration Tests
• Specialized Systems Penetration Testing
• Conduct penetration testing on specialized systems like
SCADA (Supervisory control and data acquisition), IoT
(Internet of Things), Industrial Control Systems (ICS)
Penetration Testing Methodologies [1]
Penetration Testing Methods
• Unknown-environment test (formerly known as black-box)
• Penetration testers are given with limited information for
eg domain names and IP addresses that are in a scope
of a particular target, which simulates the behaviour of
external attackers.
• Need to gather information about the target using public
information first before planning an attack
• Staff will not be made known when the attack will
happen to test the effectiveness of the defense
mechanism
• Scope may be only to identify a path into the
organization and do not further pen test.
Penetration Testing Methodologies [1]
Penetration Testing Methods
• Known-environment test (formerly known as white-box)
• Testers are given information about the organization and
its infrastructure
• Eg network diagrams, IP addresses, configurations,
user credentials, source code (application
assessment), system version, personnel information
• Main purpose: to identify as many security holes as
possible
• Scope covers in depth into internal network
configuration auditing, scanning of desktop computers,
servers, source code review, analysis of applications for
defects. Deciding factor of the scope is usually time and
money and to identify the utmost priority to do the
testing to uncover the desired results.
Penetration Testing Methodologies [1]
Penetration Testing Methods
• Partially known-environment test (formerly known as gray-
box)
• Hybrid approach between unknown- and known
environment tests.
• Testers are provided with credentials but not full
documentation of the network infrastructure
• Can provide results of the testing from the perspective
of external attacker’s point of view
• To simulate an insider as an attacker which starts from
a client and work their way throughout the network
Penetration Testing Methodologies [1]
Penetration Testing Methodologies/Standards
MITRE Standards /
ATT&CK Methodologies
Penetration Testing Methodologies [1]
Penetration Testing Methodologies/Standards
• MITRE ATT&CK framework (https://attack.mitre.org/)
• A collection of different matrices of adversary’s tactics, techniques
and procedures (TTPs)
• Enterprise ATT&CK Matrix
• Mobile
• ICS (Industrial Control Systems)
• OWASP Web Security Testing Guide (WSTG)
(https://owasp.org/www-project-web-security-testing-guide/ )
• focus on web application testing
Penetration Testing Methodologies [1]
Penetration Testing Methodologies/Standards
• National Institute of Standards and Technology (NIST)
Special Publication (SP) 800-115
(https://csrc.nist.gov/publications/detail/sp/800-115/final)
• Provide guidelines to organizations about on planning and
conducting information security testing.
• Industry standard for penetration testing guidance
Penetration Testing Methodologies [1]
Penetration Testing Methodologies/Standards
• Open Source Security Testing Methodology Manual (OSSTMM)
(https://www.isecom.org/OSSTMM.3.pdf)
• A document that lays out repeatable and consistent security testing.
• Trust Analysis
• Work Flow
• Compliance Regulations
Source: https://www.wizlynxgroup.com/ch/en/cyber-security-switzerland
/penetration-testing-services
Penetration Testing Methodologies
Penetration Testing Phases
Phases Description Coverage
Preparation Discussion and sign agreement with clients before pen test. Chap 2
Technical teams to plan and prepare the pen test.
Recon Information gathering about the target organization, as well as Chap 3
identify underlying components such as operating systems, running
services, software versions, etc.
Mapping and Assets and vulnerabilities to be identified with the actual exploitation Chap 3
Vulnerability
Discovery
Vulnerability Using a hybrid approach (automated and manual testing), privileged Chap 4 –
Exploitation access to the target systems in a controlled manner by exploiting the Chap 9
identified vulnerabilities in previous phase “Vulnerability Discovery”.
Analysis and All findings will be documented in a final report, and then compared Chap 10
Reporting with a strengths/weaknesses profile against international standards
for IT & Cyber Security. The identified weaknesses will be assessed
and supplemented with recommendations and remediation actions,
as well as prioritized according to the risk associated.
Source: https://www.wizlynxgroup.com/ch/en/cyber-security-switzerland/penetration-testing-services
Reference
[1] Omar Santos. 2022. CompTIA PenTest+ PT0-002. Pearson IT
Certification
[2] Matt Walker. 2022. CEH Certified Ethical Hacker Exam Guide
5th Edition. McGraw-Hill Education.