Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Penetration Testing Principles

1. Penetration Testing Overview


What is penetration testing?

Penetration testing tests your existing cybersecurity measures to try to find vulnerabilities that attackers could exploit. Pen tests give you insight into how attackers might try to breach your networks, so you can close any gaps and stay one step ahead.

Pen tests can be done in house, but generally they are done by a third party who uses a variety of tools and methods to try to penetrate your network. These tests resemble real-world attack methods attackers may use. The goal is to discover vulnerabilities, misconfigurations and other security weaknesses before an attacker can exploit them and put your organization at risk.

If an attack (or penetration from a pen test) is successful, the attacker could:

  • Gain access to personal health information (PHI)
  • Get access to personally identifiable information (PII)
  • Steal credentials
  • Steal data and records
  • Launch malware
  • Make lateral movements across your network (potentially for weeks or months before you even know they’re there)
  • Access credit card and other financial information
  • Disrupt business operations
  • Hold your systems and operations hostage and demand a ransom
  • Destroy your data

Pen tests help you uncover weaknesses within your attack surface so you can make plans to remediate them before they can be exploited.

Pen tests are a complementary component of your vulnerability assessment program. As part of vulnerability assessment, your organization should do routine vulnerability scans that give you insight into all the assets and vulnerabilities across your enterprise. Pen tests help you verify if an attacker can exploit these weaknesses and evaluate the success of your remediation efforts.

To build a comprehensive vulnerability assessment program, you should conduct vulnerability assessment scans on a continuous basis and then do pen testing periodically. Some compliance guidelines call for annual pen testing, but you may build a stronger cybersecurity program if you conduct these tests more frequently—for example, at least quarterly.

The Importance of Pen Testing

Here are some reasons why your organization should adopt penetration testing as part of your comprehensive cybersecurity program:

  • Pen tests help you discover if you have vulnerabilities an attacker could exploit to get access to your network, data and assets.
  • These tests can give you insight into how well you’re meeting compliance standards and where you have security gaps.
  • Pen tests can also help you determine if your security controls are working as you expect them to.
  • You can test applications your organization uses to see if there are programming mistakes that can give attackers access to your network.

2.Penetration Testing Goals and Processes


Generally, there are five phases for penetration testing.

  1. Your pen testing process begins with determining who you want to conduct your test — whether an in-house resource or a third-party pen tester. This phase should include setting goals and objectives for the pen test outcome. These goals should be specific to your organization and should align with your existing cybersecurity and business goals.
  2. Next, determine the scope of your test. For example, do you want the tester to target your entire network to see what can be uncovered? Or do you want to set parameters for the test and have the tester target only a specific subset? The scope you set will help your tester develop a plan of attack against your target(s).
  3. After setting your scope and targets, it’s time to begin testing. The tester will begin by doing a number of scans on your target to gather as much information as possible about existing security protocols and to try to find gaps and vulnerabilities. Once the pen tester has an understanding of your security measures, the tester should use a variety of exploitation methods to see if he/she can gain access, just like an attacker in the real world would do. After gaining access, the tester will determine if extended access can be maintained and what additional systems can be accessed from the breach. When the test is complete, the pen tester should remove all evidence of the attack including scripts and logs used during the testing phases.
  4. After your pen tester completes the test, the tester will provide you with a report on findings. The report should highlight what the vulnerability is, how it was breached, where there are gaps in your existing security measures, and the impact that a breach could have on your organization. You should review these findings and make plans for mitigation, starting with the most critical vulnerabilities with the greatest potential impact on your organization.
  5. Once you’ve implemented your mitigation plans, it’s a good idea to follow up with additional pen testing to see if your fixes work as you intended and whether or not new vulnerabilities surfaced since your last test.

Penetration Test Approaches

There are different approaches to pen testing, the two most common are whitebox testing and blackbox testing.

In whitebox testing, your organization will provide your tester with information about your intended target. Whitebox testing also generally takes place within a credentialed environment.

In blackbox testing, you don't share additional information about the target with your tester and the pen tester generally conducts network sweeps without using credentials.

Grey box testing is another approach to penetration testing. As the name implies, it’s somewhere in the middle of blackbox and whitebox testing. Here, your organization provides the tester with partial details about targets.

Nessus Professional is a great complementary tool for these approaches to penetration testing.

Penetration Testing Methods

In addition to the approaches to pen testing, pen testers may utilize a variety of testing methods during an engagement with your organization. Here are some examples:

Targeted testing: During targeted pen tests, your internal IT teams work together with your third-party tester to try to breach your attack surface. During these types of tests, both parties share information about what the tester is doing to initiate the attack and how your team is responding to block it. Not only does this type of testing give you information about where you may have vulnerabilities, but it also gives your teams real-world experience in attempting to stop a hack while it’s happening.

Blind testing: Blind testing is a true-to-life hacking scenario where all the tester knows is your URL or your organization’s name and your teams are only aware that you’ve given the go-ahead for a test. Here, your tester attempts to gain access to your network and systems in real time with little-to-no additional information about your company or security posture.

Double-blind testing: Double-blind testing is similar to blind testing, where the tester has limited information about your organization; however, unlike blind testing, your teams do not know that you’ve authorized a test and that an engagement is imminent.

External testing: In external testing, the tester attacks your external-facing assets and systems, for example web servers, firewalls, and email servers.

Internal testing: Internal testing gives testers access to your systems behind your firewall and simulates what would happen if an employee or a person with stolen credentials got unauthorized access to your enterprise systems.

Penetration Test Frequency

Your organization should plan for regular pen testing. While some compliance regulations call for annual tests, you may find it more beneficial for your overall cybersecurity posture if you do them more frequently, for example, at least once each quarter.

Pen tests give you a point-in-time snapshot of your security posture. Since your attack surface constantly changes and expands, routine pen tests may help you find holes and gaps in your existing program and enable you to remedy them before an attacker can exploit them.

3. Pen Tests and Vulnerability Management


  • There are differences between vulnerability assessment and penetration testing, but the processes complement one another.
  • Pen testing is a stand-alone activity that gives you a picture of your cyber exposures at a single point in time.
  • Vulnerability assessment is an ongoing practice that gives you visibility into all of your vulnerabilities. Each time you run a new vulnerability scan or conduct a new penetration test, you have the opportunity to uncover new information about your cybersecurity posture.
  • Pen tests help you define areas of improvements to strengthen your vulnerability assessment processes.

4. Pen Tests and Vulnerability Assessment


  • There are differences between vulnerability assessment and penetration testing, but the processes complement one another.
  • Pen testing is a stand-alone activity that gives you a picture of your cyber exposures at a single point in time.
  • Vulnerability assessment is an ongoing practice that gives you visibility into all of your vulnerabilities. Each time you run a new vulnerability scan or conduct a new penetration test, you have the opportunity to uncover new information about your cybersecurity posture.
  • Pen tests help you define areas of improvements to strengthen your vulnerability assessment processes.

Vulnerability Scanning and Pen Testing

Vulnerability scanning is a component of penetration testing. It’s a way to discover vulnerabilities and weaknesses within your attack surface and can help testers uncover which ones to target during a test.

Vulnerability scans can span across your entire attack surface or the tester may be limited to a specific subset. Here are some subset examples, some of which may be included in specialized tests:

  • Internal networks
  • External networks
  • Cloud environments
  • Internet of Things (IoT) devices
  • Industrial Internet of Things (IIoT) devices (Industry 4.0)
  • Operational technology (OT) devices
  • 컨테이너
  • Web apps

5. Penetration Test Tools


Penetration testing has long been a manual process that relies on the training, skills, and innovative thinking of testers to try to breach your attack surface. Today, however, testers are supported by an arsenal of automated tools to help them initiate tests on intended targets. One of them is Kali Linux.

Kali Linux has more than 600 penetration tools and is a free resource. It can be used for penetration testing, reverse engineering, tech forensics, and research.

Tenable Nessus is not installed on Kali Linux by default, but it can be easily installed and then used to support pen testing engagements. Nessus can help your pen tester find local and remote vulnerabilities, check for default credentials, assist with configuration and compliance audits, and do web application scanning. You can read more about how Nessus supports Kali Linux pen testing here: https://www.tenable.com/blog/getting-started-with-nessus-on-kali-linux.

6. Nessus Vulnerability Scanning


Nessus Professional is an effective tool to help you discover vulnerabilities across your attack surface. It supports scanning across a variety of asset types such as operating systems (MacOS, Windows, Linux), applications, network devices and more.

Nessus comes with pre-built templates for credentialed and non-credentialed vulnerability scans. These templates, together with pre-built policies, help pen testers get the most out of their testing engagements. Nessus gives testers visibility into your organization's network and testers get an upper hand by being able to quickly uncover weaknesses and vulnerabilities.

Nessus templates support compliance frameworks such as Center for Internet Security (CIS), Health Insurance Portability and Accountability Act (HIPAA), Defense Information Systems Agency (DISA), Security Technical Implementation Guides (STIG) and others. You can also customize templates, including creating preferences to avoid false negatives or false positives.

Nessus has more than 142,000 plugins, which are automatically updated. It has coverage of more than 56,000 CVEs and more than 100 new plugins are released every week. That means with Nessus, pen testers get accurate, timely information about the latest vulnerabilities and malware so they can hunt them down on your network.

관련 제품

최고의 취약성 평가 솔루션입니다.

최고의 취약성 평가 솔루션입니다.

자세히 보기

Pen Testing Resources

 

What’s the Answer to the Vulnerability Overload Problem?

 

Five Steps to Building a Successful Vulnerability Management Program

 

What to Look for in a Cloud Vulnerability Management Solution

 

Vulnerability Management: Asset Discovery

 

4 Failings of Vulnerability Management You Need to Fix for a More Secure 2020

tenable.io

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오.

Tenable.io Vulnerability Management 평가판에는 Tenable Lumin, Tenable.io Web Application Scanning 및 Tenable.cs Cloud Security도 포함되어 있습니다.

tenable.io 구매

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오. 지금 연간 구독을 구매하십시오.

65 자산

구독 옵션 선택:

지금 구매

Nessus Professional 무료로 사용해 보기

7일간 무료

Nessus®는 오늘날 시장에서 가장 포괄적인 취약성 스캐너입니다. Nessus Professional은 취약성 스캔 프로세스를 자동화하고 컴플라이언스 주기에서 시간을 절약하고 IT 팀이 참여할 수 있도록 합니다.

Nessus Professional 구매

Nessus®는 오늘날 시장에서 가장 포괄적인 취약성 스캐너입니다. Nessus Professional은 취약성 스캔 프로세스를 자동화하고 컴플라이언스 주기에서 시간을 절약하고 IT 팀이 참여할 수 있도록 합니다.

여러 해 라이선스를 구매하여 절감하십시오. 연중무휴 전화, 커뮤니티 및 채팅 지원에 액세스하려면 Advanced 지원을 추가하십시오.

라이선스 선택

여러 해 라이선스를 구매하여 절감하십시오.

지원 및 교육 추가

Tenable.io

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오.

Tenable.io Vulnerability Management 평가판에는 Tenable Lumin, Tenable.io Web Application Scanning 및 Tenable.cs Cloud Security도 포함되어 있습니다.

Tenable.io 구매

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오. 지금 연간 구독을 구매하십시오.

65 자산

구독 옵션 선택:

지금 구매

Tenable.io Web Application Scanning 사용해 보기

Tenable.io 플랫폼의 일부로 최신 애플리케이션을 위해 설계된 최신 웹 애플리케이션 스캐닝 서비스에 대한 전체 액세스 권한을 누리십시오. 많은 수작업이나 중요한 웹 애플리케이션 중단 없이, 높은 정확도로 전체 온라인 포트폴리오의 취약성을 안전하게 스캔합니다. 지금 등록하십시오.

Tenable Web Application Scanning 평가판에는 Tenable.io Vulnerability Management, Tenable Lumin 및 Tenable.cs Cloud Security도 포함되어 있습니다.

Tenable.io Web Application Scanning 구매

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오. 지금 연간 구독을 구매하십시오.

5 FQDN

$3,578

지금 구매

Tenable.io Container Security 사용해 보기

취약성 관리 플랫폼에 통합된 유일한 컨테이너 보안 서비스에 대한 전체 액세스 권한을 누리십시오. 컨테이너 이미지에서 취약성, 맬웨어 및 정책 위반을 모니터링합니다. 지속적 통합 및 지속적 배포(CI/CD) 시스템과 통합하여 DevOps 실무를 지원하고 보안을 강화하고 기업 정책 컴플라이언스를 지원합니다.

Tenable.io Container Security 구매

Tenable.io Container Security는 빌드 프로세스와의 통합을 통해 취약성, 맬웨어, 정책 위반 등 컨테이너 이미지의 보안에 대한 가시성을 제공하여 DevOps 프로세스를 원활하고 안전하게 지원합니다.

Tenable Lumin 사용해 보기

Tenable Lumin을 사용하여 Cyber Exposure를 시각화 및 탐색하고 시간 경과에 따른 위험 감소를 추적하고 유사한 조직을 벤치마크하십시오.

Tenable Lumin 평가판에는 Tenable.io Vulnerability Management, Tenable.io Web Application Scanning 및 Tenable.cs Cloud Security도 포함되어 있습니다.

Tenable Lumin 구매

조직 전체에서 인사이트를 얻고 사이버 위험을 관리하는 데 Lumin이 어떻게 도움이 되는지 알아보려면 영업 담당자에게 문의하십시오.

Tenable.cs 사용해 보기

클라우드 인프라 구성 오류를 감지 및 수정하고 런타임 취약성을 볼 수 있는 전체 액세스 권한을 누리십시오. 지금 무료 평가판에 등록하십시오.

Tenable.cs Cloud Security 평가판에는 Tenable.io Vulnerability Management, Tenable Lumin 및 Tenable.io Web Application Scanning도 포함되어 있습니다.

영업 담당자에게 연락하여 Tenable.cs 구매

영업 담당자에게 연락하여 Tenable.cs 클라우드 보안에 대해 자세히 알아보고, 클라우드 계정을 온보딩하는 것이 얼마나 쉬운지 확인하고, 몇 분 내에 클라우드 구성 오류와 취약성에 대한 가시성을 얻으십시오.

Nessus Expert 무료로 사용해 보기

7일간 무료

최신 공격 표면을 방어하기 위해 구축된 Nessus Expert를 사용하면 IT부터 클라우드까지, 더 많은 것을 모니터링하고 조직을 취약성으로부터 보호할 수 있습니다.

Nessus Professional이 이미 있습니까?
7일간 Nessus Expert로 무료 업그레이드하십시오.

Nessus Expert 구매

최신 공격 표면을 방어하기 위해 구축된 Nessus Expert를 사용하면 IT부터 클라우드까지, 더 많은 것을 모니터링하고 조직을 취약성으로부터 보호할 수 있습니다.

라이선스 선택

프로모션 가격은 12월 31일까지 연장되었습니다.
여러 해 라이선스를 구매하여 비용을 더 절감하십시오.

지원 및 교육 추가