Vulnerability Assessment and Penetration testing
AaftabKhan14
303 views
15 slides
Jun 06, 2024
Slide 1 of 15
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
About This Presentation
Vulnerability Assessment and Penetration testing
Slide Content
Penetration Testing Date: 28 th September 2022 11am - 1pm (Wednesday) - - Aftab Harun ( $7absec ) -- Cybersecurity Researcher An ethical way of hacking
Agenda What is Pentesting VA v/s PT Pentest Engagement Methodology Work of scope Conclusions 11:10 AM 11:20 AM 11:40 AM 12:25 PM 12:35 PM 12:50 PM Image source — https://www.subpng.com/png-4ek66c/
What is Penetration Testing A penetration testing is an authorized simulated attack performed on a computer system to evaluate its security Image source — https://rhinosecuritylabs.com/assessment-services/red-team-engagement/ Penetration testers use the same tools, techniques, and processes as attackers to find and demonstrate the business impacts of weaknesses in a system. Penetration tests usually simulate a variety of attacks that could threaten a business. With the right scope , a pen test can dive into any aspect of a system.
VA v/s PT Vulnerability Assessments tend to be wide in coverage but narrow in scope. Penetration Testing take vulnerability assessments to the next level by exploiting and proving out attack paths. Credit — Image credit goes to respective creator
Pen test Engagement Every pentesting engagement will start by defining clear goals Pentest engagements also improve on regular vulnerability assessments by exploiting vulnerabilities Depending on the resources available, the pentest exercise can be run in tow ways - Network based Host based Credit — Image credit goes to respective creator
Methodology We follow the following pen testing methodology Reconnaissance Automated Testing Exploration and Verification Assessment Reporting Optional Remediation
Methodology Reconnaissance This process begins with detailed scanning and research into the architecture and environment, with the performance of automated testing for known vulnerabilities. Different methods are used to evade the firewall and IDS during the intelligence gathering. During reconnaissance the Live Hosts discovery and Network/Port scanning activities are carried out. Credit — Image credit goes to respective creator
Methodology Automated Testing Once the target has been fully enumerated, MapleCloud Technologies uses both vulnerability scanning tools and manual analysis to identify security flaws. With decades of experience and custom-built tools, our security engineers find weaknesses most automated scanners miss. The results of automated tools are analyzed to filter out the false positives. The vulnerabilities identified by automated tools are manually verified by our security engineers. Credit — Image credit goes to respective creator
Methodology Exploration and Verification At this stage of the assessment, our consultants review all previous data to identify and safely exploit identified application vulnerabilities Once sensitive access has been obtained, the focus turns to escalation and movement to identify technical risk and total business impact. During each phase of the compromise, we keep client stakeholders informed of testing progress, ensuring asset safety and stability. Credit — Image credit goes to respective creator
Methodology Assessment Reporting Once the engagement is complete, MapleCloud Technologies delivers a detailed analysis and threat report, including remediation steps. Our consultants set an industry standard for clear and concise reports, prioritizing the highest risk vulnerabilities first. The assessment includes the following: Executive Summary Strategic Strengths and Weaknesses Identified Vulnerabilities and Risk Ratings Detailed Risk Remediation Steps Assets and Data Compromised During Assessment Credit — Image credit goes to respective creator
Methodology Optional Remediation As an optional addition to the standard assessment, MapleCloud Technologies provides remediation retesting (Revalidation) for all vulnerabilities listed in the report. At the conclusion of the remediation testing and request of the client, MapleCloud Technologies will update the report with a new risk level determination and mark which vulnerabilities in the report were in fact remediated to warrant a new risk level. Credit — Image credit goes to respective creator
Work of scope We followed the Network based Vulnerability Assessment approach. The Methodology will differ for the different IT assets. Elements Approach Network Devices (switch, router, firewall) Configuration Review Servers (Virtual, Physical (DC, DR)) Network Based VAPT Web Application WebApp VAPT SDWAN Configuration Review Mobile Applications Static and Dynamic Testing (source code review)
Conclusions A penetration testing is one of the best ways to expose potential vulnerabilities in your system. This can be in relation to a cloud database, an in-house service or any form of tech system you're operating on. This ability to expose vulnerabilities is vital to ensuring that your system is as secure as it possibly can be. Image source — https://www.nicepng.com/ourpic/u2q8r5r5a9w7e6e6_graphic-freeuse-stock-conclusion-clipart-planning-planning-transparent/
Get in touch for Penetration Testing For online consulting visit https://7absec.dorik.io Or mail us on [email protected]
Questions/Suggestions … Thank you :) 7absec [email protected]
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 303
- Slides 15
- Age 543 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
44 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views