[BreachExchange] What Type of Vulnerabilities Does a Penetration Test Look For?

Destry Winant destry at riskbasedsecurity.com
Tue Dec 4 09:27:10 EST 2018


https://www.tripwire.com/state-of-security/vulnerability-management/type-vulnerabilities-penetration-test/

Penetration testing is becoming increasingly popular as organizations
are beginning to embrace the need for stronger cybersecurity. But
there are still too many businesses that don’t fully understand the
benefits of regular security testing.

Pen testing is vital for any kind of organization with an IT system or
website. A recent survey of penetration testers revealed that 88
percent of those questioned said they could infiltrate organizations
and steal data within 12 hours. This shows that almost all businesses
are likely to be vulnerable to attacks.

But many people do not know what a pen test involves – particularly
the types of vulnerabilities that testing helps to identify. In truth,
there are many different types of pen testing, and the results can
depend largely on which type you have carried.

In general, however, here are four of the most common vulnerabilities
that a pen test can uncover:

1. Insecure setup or configuration of networks, hosts and devices

Open ports, weak user credentials, unsafe user privileges and
unpatched applications are types of vulnerabilities that a hacker
could use to compromise your systems. Unsecure network configurations
are usually relatively easy to remedy (as long as you are aware that
they are unsecure). However, with an organization’s security posture
changing so quickly, it can often only take the addition of new
devices or the use of new services to introduce added risks.

A good example of this is that more and more organizations are moving
to the cloud and failing to check that their environments are secure.
Authenticated vulnerability scans on on-premise and cloud networks are
good at identifying basic issues, but human penetration testers spend
extra time examining security from the outside. As criminals become
more sophisticated in the techniques they use, it is human pen testers
who are providing invaluable information to businesses about how to
keep their infrastructure secure.

2. Flaws in encryption and authentication

Encrypting data, either at rest or in transit, is a common method that
organizations use to ensure their communications are secure. SSH, SSL
and TLS are common protocols that are used to convert plaintext data
(which can be read by humans) into ciphertext data (which cannot be
read without a key). In some instances, however, businesses have used
less secure encryption methods, and often it is the case that these
can be cracked by hackers. In October 2017, it was discovered that
WPA2, a protocol used to protect the majority of Wi-Fi connections,
was actually breakable.

In some cases, hackers will attempt to intercept communications to
circumvent authentication systems designed to verify the digital
identity of senders. This can allow them to launch so-called
man-in-the-middle (MiTM) attacks. Huge organizations such as HSBC,
NatWest and Co-op Bank were all at risk for MiTM attacks for up to a
year before getting a security flaw fixed. Carrying out penetration
testing can help you to determine how secure your communications and
data storage methods really are.

3. Code and command injection

It is widely known and understood that one of the most effective ways
for hackers to target web applications is through vulnerabilities in
the software programming. By far the most common attack vector
targeting web applications is known as SQL injection – this involves
the execution of malicious commands designed to instruct or query
backend databases for information. This is a common way for hackers to
steal identifiable personal information and payment card details.

SQL injections are very common and can affect operations of all sizes.
A flaw in the Altima Telecom website meant that the Canadian internet
provider could have easily been compromised by SQL injection. It was
only through the skill of penetration testers that the company was
able to address the vulnerability and avert possible disaster.

4. Session management

In order to improve user-friendliness, web applications use session
management controls such as identification tokens or cookies to avoid
the need to continually log in an out as well as to store user
preferences and record activity. However, these controls can be
vulnerable to exploitation by hackers seeking to hijack sessions and
obtain higher privileges.

Session management testing can help you to assess whether tokens and
cookies are created in a secure way that is protected against
manipulation. A recent example saw Facebook breached due to a token
harvesting attack. Businesses need to be aware, therefore, that
similar types of attacks could easily target them.

Penetration testing can be extremely valuable in testing for all of
these issues, but it is also important to remember that every business
will have distinct and different needs. There is no one-size-fits-all
penetration test so it is advisable to talk through your requirements
with cybersecurity professionals so that they can offer the kind of
testing that will benefit you the most.


More information about the BreachExchange mailing list