This preview shows page 1. Sign up to view the full content.
Unformatted text preview: ical or operational,
Vulnerability Assessment wont.
• Penetration testing gains access, Vulnerability testing doesn't.
• Social Engineering cannot be performed in tandem with a Vulnerability
Assessment. Social Engineering exploits human vulnerabilities and that
exploitation crosses the boundaries of a Vulnerability Assessment.
• Vulnerability Assessments cannot be applied to running Web Applications.
Testing a running Web Application requires the submission of malformed and /
or augmented data. When the data is received by the application, if the
application is vulnerable, then an error or unexpected result is returned. This
error or unintended result constitutes a degree of exploitation and as such
crosses the Vulnerability Assessment boundaries.
• Pivoting or rather, Distributed Metastasis cannot be performed during a
Vulnerability Assessment. This is because Pivoting depends on the attackers
ability to exploit vulnerabilities as a method of propagating a penetration. October 2013 4 Types of Pentests
• Internal Penetration Testing (WhiteBox and Gray
• External /Remote Penetration Testing (Blackbox) October 2013 5 Black boxing
– Reconnaissance, Surveillance, Intel gathering and hours of
– Network Mapping, Office locations, Employees names their
offices and their bosses and family
– Social media Intel / Data Acquisition The hardest, but always the best.
Takes longer, but its worthy it.
October 2013 6 Malware attacks October 2013 7 Social Engineering October 2013 8 Domain Vulnerabilities especially in
Banking October 2013 9 Government can be taken easy .e.g
KRA October 2013 10 Client Side attacks October 2013 11 Questions
Questions October 2013 12 Types of Risk October 2013 13 References
References October 2013 14 References October 2013 15...
View Full Document
This document was uploaded on 04/02/2014.
- Spring '14