185990691-Anatomy-of-an-Attack

Penetration testing gains access vulnerability

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ical or operational, Vulnerability Assessment wont. • Penetration testing gains access, Vulnerability testing doesn't. • Social Engineering cannot be performed in tandem with a Vulnerability Assessment. Social Engineering exploits human vulnerabilities and that exploitation crosses the boundaries of a Vulnerability Assessment. • Vulnerability Assessments cannot be applied to running Web Applications. Testing a running Web Application requires the submission of malformed and / or augmented data. When the data is received by the application, if the application is vulnerable, then an error or unexpected result is returned. This error or unintended result constitutes a degree of exploitation and as such crosses the Vulnerability Assessment boundaries. • Pivoting or rather, Distributed Metastasis cannot be performed during a Vulnerability Assessment. This is because Pivoting depends on the attackers ability to exploit vulnerabilities as a method of propagating a penetration. October 2013 4 Types of Pentests • Internal Penetration Testing (WhiteBox and Gray Box) • External /Remote Penetration Testing (Blackbox) October 2013 5 Black boxing • Stages: – Reconnaissance, Surveillance, Intel gathering and hours of stake-outs – Network Mapping, Office locations, Employees names their offices and their bosses and family – Social media Intel / Data Acquisition The hardest, but always the best. Takes longer, but its worthy it. October 2013 6 Malware attacks October 2013 7 Social Engineering October 2013 8 Domain Vulnerabilities especially in Banking October 2013 9 Government can be taken easy .e.g KRA October 2013 10 Client Side attacks October 2013 11 Questions Questions October 2013 12 Types of Risk October 2013 13 References References October 2013 14 References October 2013 15...
View Full Document

This document was uploaded on 04/02/2014.

Ask a homework question - tutors are online