Standard Operating Procedure for Pen Testing

1.0   Introduction

The pen testing methodologies it is a very important thing for the organization because they test of the operational security of physical location, workflow, human security testing, physical security testing, wireless security testing, telecommunication security test, data networks security testing also compliance. It is important to have pen test methodologies in a certain organization because they see the threats and vulnerabilities have  environment. On this topic, I talk about the outline of the pen testing methodologies and the step which I have been asked to include in the assessment. (Happiest Minds).

This report I have described also analyses about the penetration testing methodologies with all, the purpose of the establishing about penetration testing is the process of identifying security vulnerability in the computing the SOP of pen testing , decision making tree

2.0   Benefit of Pen Testing Methodologies

The benefit of having penetration has become a very important their certain part of the evaluation also ameliorating by the security of an organization also by the system network. The purpose has pen testing to improve the security of the network by seeking to compromise that the system using the techniques for the attacker.  The penetration test is very important inside the Information technology infrastructure also that get to the electronic asset by the organization.  The purpose to identify ways to exploit vulnerabilities to circumvent also defeat the security features of system components.

https://www.swascan.com/swascan-penetration-testing/.

2.1 There are differents Penetration Testing methodologies

The vulnerabilities that could be found in type or kind the web application, there are three types of Pen Testing that could be used :

Black Box Penetration Testing:  Black Box Penetration Testing:  In a real world that the Cyberattack when the hacker probably will not be known all of the also out of the IT infrastructure of the corporation. There are other words, in this type of Pen test, there is no information has been given to the tester about the internal working of the particular web application, nor about its need to have a source code or software architecture. By the result, there is a particular type of test could take a very long time to complete so very often when the tester will need to rely upon the use automated processes to complete uncover by the weaknesses also vulnerabilities (InfoSec Resources.2018). 

White Box Penetration Testing :  It is the type of the Pen Test can be known as Clear Box Testing when the tester has full knowledge also access to both the source code also software architecture of the web application.  The white box test could be proficient in the much quicker time frame when you plan to evaluate to the Black Box Test. There is an advantage of this is that a much more thorough Pen Test could be completed (InfoSec Resources.2018).  

Gray Box Penetration Testing:  There is a type of test is needed to be a combination of the both the black box also the white box test. The penetration tester only could have partial knowledge of the internal workings of the web application. These are often restricted to just to getting access to the software code also system architecture diagrams The Gray Box Test , both manual also automated testing processes could be utilized. The pen tester could focus their main efforts focus on those areas of the Web application, that he or she knows the most about also from there also from there exploit any weaknesses or vulnerabilities (InfoSec Resources.2018). 

3.0   SOP and Penetration Methods

The standard operating procedure(SOP) it is a set of written instruction which the document the routine or repetitive activity need to be followed by the organisation. They need for development also using of the SOPs is an integral which is the part of the successful quality the system as it need to provide individuals with the information to be performing about the job properly also the facilitates constancy  with the quality also integrity  of the product or the certain result(Epa.gov). (2018). There is an SOP and then moves on to be described with the roles in producing consistent with quality addressing safety concerns also minimizing have chances for mis- communication.

3.1 Penetration Testing methods

External Testing – It is the test for the target the assets of the company which is visible on the internet. Example – The web application itself the company website also email also domain name servers (DNS), there is a goal gain access also extract valuable data.

Internal Testing-  The tester with access to an application behind it is a firewall simulate an attack by the malicious inside that could be needed to have certain protection for the company. The common start scenario could be an employee who credentials were could be stolen due to the phishing attack.

Blind Testing- The blind test which given the name of the enterprise which being the target. They could able to give a security personnel the real time look  into the how an actual application assault would take certain place.

Double blind Testing: It is a security personnel have certain no prior knowledge of the simulate attack. As in the real world, they won`t have any time to be shored up their defence before an attempted breach.

Targeted testing: There is a security personnel work together also keep each other appraised of their movements.  Mostly there is a valuable training exercise which needs to be provided the security team with a real time need to have feedback from the hacker`s point of the view Incapsula.com. (2018

3.2 The Absolute Basics Of Penetration Testing

The penetration testing is a way for you to simulate a method which an attacker might use to circumvent  security controls also gain access to an organisation system. The penetration testing is more than running by scanners also automate tool also they could able to writing a report. There is a shift in the way people regard also define penetration testing within the security industry. The Penetration Testing Execution Satndard(PTES) is redefining by the penetration test in a way which will affect both new also experience penetration testers, also it has been adopted by the several leads by the members of the security community.  There is a phases of the PTES which has been designed to define by the penetration test also assure the client organisation which the standardized level of effort will be expended in the penetration test by anyone could able to conduct this type of assessment.There are divided into seven categories with different level of effort required for each , depend by the organisation under attacks.

• Pre-engagement Interactions :  In this section of the PTES is to be present also explain about tools also technique available that aid in the successful pre-engagement step of the penetration test.  There is a typically occur when plan to discuss the scope also terms of the penetration test with certain client. It is a critical for pre engagement which you convey the goals of the engagement. They is a stage also need to have serves as your opportunity to educate about the customer about what they expect from the thorough , full scope which need to penetration test one need to have a certain restriction need engagement (Metasploit 201).
•  
• Intelligence Gathering: You need to gather certain information that could be about the organisation you are attacked by using social media networks, Google hacking, foots printing the target, also so on. There are most of the important skills a penetration tester could have is the ability to be learned about the target , include how it behaves, how it operates also how it ultimately could be attacked.  The intelligence gathering you need attempt to identify what need for protection mechanisms are in there is a place at the target by slowly starting to probe its systems (Metasploit 2011).
•  
• Threat Modelling:  By having the information you need acquire with the intelligence gathering phase to be identify any existing vulnerability on the target system. When you performing threat modelling you will need to be determine the most of the effective attack method, the type of information you are after, and how the organisation might be attacked. Threat  modelling involve look of the organisation as an adversary also attempt to exploit weakness as an attacker would (Metasploit 2011).
•  
• Vulnerability Analysis:  By will  identify the most viable attack method, you need to be considering  how you will accessing with the target. During  Vulnerability analysis you need to combine the information which you need to be learned about the prior phase also use it to be understand what need to attack might be viable. The among other things , vulnerability analysis take into account port also vulnerability scans, data gather by banner grab, also information collected during intelligence gathering (Metasploit 2011).
•  
• Exploitation: There is a probably one of the most of the glamorous parts of the penetration test, yet it is often that can be done with the brute force rather with a precision. By exploiting should be performed only when you need to know almost beyond a shadow of the doubt that is a particular exploit  need successful. Blindly firing off the mass onslaught of the exploits also praying for the shell is not productive , it is noisy also provide little if any value to you as the penetration tester by the client (Metasploit 2011).
•  
• Post Exploitation: It is a  critical component in any penetration test. This is where you differentiate yourself from the average run, of the mill hacker also actually need to provide valuable system, identify critical infrastructure , also the targets information or data which the company need to have value most also that it has attempt by secure.  When you exploit one of the system after another you plan to try to be demonstrated attacks which would have been the greatest business impact (Metasploit 2011).
• Reporting: It is far more important element which is needed to penetration test. There is an information you need to obtain during the test is vital to the success of the organisation information security programming also by stopping future attacks. There is a compile also report you  find , think about the how they organisation could be use your find to raise awareness, remediate the issue discover also improve overall security rather than just path there is a technical vulnerability. The technical find will be used by the client to remediate security holes, but this is also where the value lies in the penetration test. There is an example It is good to be used for the SQL injection vulnerabilities in the in the client web based application, you might need to recommend that you are the client sanitize all of the user input, leverage parameterized SQL Query , run SQL as the limited user account also turn on custom error messages (Metasploit 2011).

4.0   Decision Tree Analysis for Penetration Testing (250 words)

You will not have to write a lot in this section. You can do it with half a page, which amounts to abut 250 words. You will describe what a decision tree for Pen Testing is (one reference, or even two). For example: According to Smith (2011) and Richards (2014), a pen testing decision tree is …….

Then will describe some attack trees with examples, and you will choose one with reasons.  Another three references can be easily squeezed in here.

You will put the chosen attack tree in the appendix, and you might even propose an adaptation of it, based on the specific scenario. However, you don’t have to. No marks will be deducted for this, but you might gain extra marks if an adaptation is done. We award extra marks for trying hard, and we will not look at the “right or wrong”, because you are not experts. We will only look at common sense.

6.0 References

• Anon, (2018). [online] Available at: https://www.researchgate.net/publication/274174058_An_Overview_of_Penetration_Testing [Accessed 5 Nov. 2018].
• Diva-portal.org. (2018). [online] Available at: http://www.diva-portal.org/smash/get/diva2:356502/fulltext01.pdf [Accessed 5 Nov. 2018].
• Doc.lagout.org. (2018). [online] Available at: https://doc.lagout.org/network/2010_professionnal_testing_lab.pdf [Accessed 11 Nov. 2018].
• Eprints.lancs.ac.uk. (2018). [online] Available at: http://eprints.lancs.ac.uk/74275/1/Penetration_testing_online_2.pdf [Accessed 5 Nov. 2018].
• Epa.gov. (2018). [online] Available at: https://www.epa.gov/sites/production/files/2015-06/documents/g6-final.pdf [Accessed 5 Nov. 2018].
• Groups.hcon.in. (2018). [online] Available at: http://groups.hcon.in/uploads/1/8/1/9/1819392/hga_bhashit_pandya_-_pentest_methodologies.pdf [Accessed 5 Nov. 2018].
• Happiest Minds. (2018). What is Penetration Testing?. [online] Available at: https://www.happiestminds.com/Insights/penetration-testing/ [Accessed 3 Nov. 2018].
• Ijritcc.org. (2018). [online] Available at: http://www.ijritcc.org/download/1441259454.pdf [Accessed 5 Nov. 2018].
• Incapsula.com. (2018). [online] Available at: https://www.incapsula.com/web-application-security/penetration-testing.html [Accessed 8 Nov. 2018].
• InfoSec Resources. (2018). The Types of Penetration Testing [Updated 2018]. [online] Available at: https://resources.infosecinstitute.com/the-types-of-penetration-testing/#gref [Accessed 11 Nov. 2018].
• Metasploit by Jim O’Gorman; Mati Aharoni; Devon Kearns; David Kennedy Published by No Starch Press, 2011
• Media.readthedocs.org. (2018). [online] Available at: https://media.readthedocs.org/pdf/pentest-standard/latest/pentest-standard.pdf [Accessed 11 Nov. 2018].
• Ro.ecu.edu.au. (2018). [online] Available at: https://ro.ecu.edu.au/cgi/viewcontent.cgi?referer=https://www.google.co.uk/&httpsredir=1&article=1181&context=ism [Accessed 3 Nov. 2018].
• . Tang, A. (2014). A guide to penetration testing. Network Security, 2014(8), 8. doi: 10.1016/S1353-4858(14)70079-0
• https://www.swascan.com/swascan-penetration-testing/

7.0 Appendices

7.1 Appendix A Detailed SOP for Penetration Testing

There is a development the Standard Operating Procedure: Every engagement also every type of client is unique also each deserves to be treated as such. There is a general principle guiding how the team plans for also conducts physical security assessment are not.

7.2 Attack Tree (or Decision Tree) for pen testing a Linux Server

http://www.diva-portal.org/smash/get/diva2:356502/fulltext01.pdf