Penetration testing: see how "ethical hackers" conduct mock attacks

Foreword:

Penetration testing refers to the process by which security professionals simulate an attack on a network or computer system with the permission of the system owner to evaluate its security. However, although it is a "simulated" attack, penetration testers will also use all the tools and techniques of the attacker in the real world on the target system, but they do not use the discovered vulnerabilities or the information obtained for profit. It is to report the results to the owner to help them improve the security of the system.

Since penetration testers follow the same attack strategy as malicious hackers, they are sometimes referred to as "ethical hackers" or "white hat hackers." Penetration testing can be conducted by a team or independent hackers. They may be internal employees of the target company, or they may work independently or for a security company that provides professional penetration testing services.

Broadly speaking, penetration testing works in exactly the same way as a real attempt to disrupt an organization's system. The penetration tester will first check and identify the hosts, ports, and network services associated with the target organization. Later, they will study potential vulnerabilities in this attack surface. This step requires deeper and more detailed detection of the target system. Finally, they will try to break through the boundaries of the target and access protected data or control their systems.

Of course, the details of penetration testing and real-world attacks may be very different. However, it should be noted that the tester must agree with the target organization in advance the exact type of test and the scope of the simulated attack, so as not to cause uncontrollable damage to the user's system.

Types of penetration testing

Contrast Security, an application security company, divides penetration testing types into the following categories:

▶External penetration test. In this way, the penetration testing team will evaluate the target network infrastructure from a remote location. They do not have any relevant information such as the internal topology of the target network. They completely simulate external attackers in the real network environment and use popular attack techniques and tools. , Organize and step by step to infiltrate and invade the target organization, reveal some known or unknown security vulnerabilities in the target network, and evaluate whether these vulnerabilities can be used to gain control or cause the loss of business assets.

▶Internal penetration testing. The team that conducts internal testing will be able to learn all the internal and low-level knowledge about the target environment, so penetration testers can find and verify the more serious security vulnerabilities in the system at the least cost. Internal testing reveals how disgruntled employees, malicious contractors, or super hackers who crossed the line can hack into the system.

▶Blind test. The blind test simulates a "real" attack from the attacker's side. Penetration testers will not obtain any information about the organization's network or system, which forces them to rely on publicly available information or information collected on their own skills.

▶ "Double-blind test". Double-blind testing also simulates real attacks on the target organization, but in this type of testing, IT and security personnel are not aware of the fact that penetration testing is being conducted to ensure the true security posture of the testing company.

▶Targeted testing. Targeted testing, sometimes referred to as "light-on testing", refers to the simulation of a "confrontation game" conducted by penetration testers and IT personnel of the target organization in specific scenarios focusing on specific aspects of the network infrastructure. Targeted testing usually requires less time or effort than other options, but it does not provide a complete view of the system's security posture.

Penetration testing steps

Although different types of penetration testing have their own unique features, the penetration testing execution standards (PTES) developed by industry experts summarize the seven main steps involved in most penetration testing scenarios:

▶Negotiating before action: For any penetration test, the tester and the target organization should determine the scope and objectives of the test in advance, preferably in written form.

▶Information collection: The tester should first conduct reconnaissance on the target to collect as much information as possible. This process may include collecting open source intelligence or publicly available information about the target organization.

▶Threat modeling: At this stage, penetration testers should model the capabilities and motivations of potential real attackers, and try to determine which targets in the target organization may attract the attention of attackers.

▶Vulnerability analysis: When formally conducting a penetration test, this may be the core issue that most people think about, that is, to analyze whether the target organization’s infrastructure has security vulnerabilities that allow hackers to invade.

▶Vulnerability Exploitation: At this stage, penetration testers use the vulnerabilities they find to enter the target organization's system and steal data. The goal of this step is not only to break through their borders, but to bypass active defensive measures and remain undetected for as long as possible.

▶Post-vulnerability exploitation: At this stage, penetration testers will try to maintain control of compromised systems and determine their value. This can be a particularly delicate stage for the relationship between penetration testers and their customers. At this stage, it is more important that the first stage of "pre-action negotiation" generates a set of clearly defined basic rules to protect customers and ensure that key services are not negatively affected by testing.

▶Report: Finally, testers must provide customers with a comprehensive and informative report on risks and vulnerabilities. In this process, the communication skills needed to clearly convey this information is undoubtedly a more important point.

The world's leading penetration testing company

Penetration testing is a professional field in the technology industry, and has so far resisted integration. In other words, there are many companies that provide penetration testing services, some of which are part of a larger product suite, and some specialize in ethical hacking. Here is an introduction to 5 mainstream penetration testing companies:

1. a1qa

a1qa is a software testing company from Lakewood, Colorado. In its 17 years of operation, it has delivered more than 1,500 successful projects and established 10 centers of excellence. It has established cooperation with more than 500 companies, from small businesses to Fortune 500 giants. The company's main customers include Adidas, Kaspersky Lab, SAP, Yandex, Forex Club, etc.

a1qa specializes in providing full-cycle QA and testing services, including comprehensive security penetration testing. Its expertise includes testing web applications such as portals, e-commerce, media and e-learning platforms, games and online casinos, as well as line-of-business testing such as CRM, collaboration, document management and financial systems. The company also operates a dedicated safety testing laboratory.

2. QA Mentor

QA Mentor, established in New York in 2010, has successfully established a strong global influence, with 12 testing centers around the world. Its team consists of 300 certified QA professionals who have successfully completed more than 870 projects, including Amazon, eBay, Bosch, HTC and other projects. The company provides more than 30 testing services, including network security penetration testing.

QA Mentor is currently in the industry leader quadrant in reports from research institutions such as Clutch, GoodFirms, and Gartner.

3. UnderDefense

UnderDefense is a certified computer and network security company founded in New York in 2016. It provides a wide range of testing services, with a special focus on security penetration testing. The company has performed hundreds of penetration tests, including specific compliance tests, application and wireless network penetration tests, and social engineering security tests. UnderDefense has won Clutch awards many times.

4. Iflexion

Founded in 1999, Iflexion is a full-cycle software development company. Today, the company has grown into an enterprise with more than 850 IT professionals. Its expertise covers a wide range of services from application development to testing. Iflexion has established cooperation with more than 500 companies from different industries, including PayPal, Philips, Adidas, eBay, Xerox, Expedia, KPMG, etc.

5. KiwiQA

Founded in 2009, KiwiQA is an international quality assurance and consulting company with a team of more than 100 professionals and has delivered more than 2,000 projects. Their software testing expertise covers automated, manual and innovative testing techniques. The company's security testing scope includes ethical hacker attacks, network security penetration testing and vulnerability audits. KiwiQA was named "Top Testing Company" by GoodFirms and Clutch.

Prospects for penetration testing

Facts have proved that penetration testers are in great demand, and these jobs are not only in independent security companies, but large technology companies like Microsoft also have complete internal penetration testing teams.

North Carolina State University’s IT Career Department survey found that there will be 16,000 job openings in 2020 alone. However, it should be noted that although the career trajectories of penetration testing and vulnerability analysts have many common skills, vulnerability analysts focus on discovering security vulnerabilities in applications and systems during development or before deployment, while penetration testers are Detect active systems.

Like many high-demand technical security positions, penetration testers can earn a decent salary. The Infosec Institute provides a good overview of salaries and positions in various regions of the United States: Overall, most penetration testers expect higher salaries. This is obviously a very promising and interesting job.

Penetration testing training and certification

The ethical hacking industry was founded by hackers who were once unethical, who are looking for a way to the mainstream and legal ways to allow them to make money using their skills. As in many technical fields, the first generation of penetration testers were mainly self-taught. Although there are still people who develop skills in this way, penetration testing has now become a common topic in computer science or IT university courses and online courses. When evaluating candidates, many hiring managers also hope that they have accepted some formal Training.

One of the best ways to prove that you have been developing penetration testing skills is to obtain some of the widely accepted certifications in the field. The licensed training courses that accompany these certificates are a great way to acquire or strengthen relevant skills:

▶EC-Council's Certified Ethical Hacker (CEH) and Licensed Penetration Tester (Master) (LPT);

▶IACRB's Certified Penetration Tester (CPT), Certified Expert Penetration Tester (CEPT), Certified Mobile and Web Application Penetration Tester (CMWAPT) and Certified Red Team Operations Expert (CRTOP);

▶CompTIA's PenTest+;

▶GIAC penetration tester (GPEN), exploit researcher and senior penetration tester (GXPN);

▶Offensive Security's certified experts, wireless experts and senior penetration testers.