Penetration Testing

Need for a Methodology

Penetration Test vs. Vulnerability Test

Reliance on Checklists and Templates

Phases of Penetration Testing

Passive Reconnaissance

Best Practices

Results that can be expected

Indicative passive reconnaissance steps include (but are not limited to)

Introduction to Penetration Testing

Type of Penetration Testing Methodologies

Open Source Vs Proprietary Methodologies

Security Assessment Vs Security Auditing

Risk Analysis

Types of Penetration Testing

Types Ethical Hacking

Vulnerability Assessment Vs Penetration Testing

Do-it Yourself Testing

Firms Offering Penetration Testing Services

Penetration Testing Insurance

Explication of Terms of Engagement

Pen-Test Service Level Agreements

Offer of Compensation

Starting Point and Ending Points of Testing

Penetration Testing Locations

Black Box Testing

White Box Testing

Grey Box Testing

Manual Penetration Testing

Automated Penetration Testing

Selecting the Right Tools

Pen Test Using Appscan

HackerShield

Pen-Test Using Cerberus Internet Scanner

Pen-Test Using CyberCop Scanner

Pen-Test Using Foundscan

Pen-Test  Using Nessus

Pen-Test Using NetRecon

Pen-Test Using Retina

Pen-Test Using SAINT

Pen-Test Using SecureNET

Pen-Test Using SecureScan

Pen-Test Using SATAN, SARA and Security Analyzer

Pen-Test Using STAT Analyzer

Pen-Test Using Twwscan

VigilEnt

WebInspect

Evaluating Different Types of Pen-Test Tools

Platform on Which Tools Will be Used

Asset Audit

Fault Tree and Attack Trees

GAP Analysis

Device Inventory

Perimeter Firewall Inventory

Web Server Inventory

Load Balancer Inventory

Local Area Network Inventory

Demilitarized Zone Firewall

Internal Switch Network Sniffer

Application Server Inventory

Database Server Inventory

Name Controller and Domain Name Server

Physical Security

ISP Routers

Legitimate Network Traffic Threat

Unauthorized Network Traffic Threat

Unauthorized Running Process Threat

Loss of Confidential Information

Business Impact of Threat

Pre-testing Dependencies

Post-testing Dependencies

Failure Management

Test Documentation Processes

Penetration Testing Tools

Defect Tracking Tools

Configuration Management Tools

Disk Replication Tools

Pen-Test Project Scheduling Tools

Network Auditing Tools

DNS Zone Transfer Testing Tools

Trace Route Tools and Services

Network Sniffing Tools

Denial of Service Emulation Tools

Traditional Load Testing Tools

System Software Assessment Tools

Operating System Protection Tools

Fingerprinting Tools

Port Scanning Tools

Directory and File Access Control Tools

File Share Scanning Tools

Password Directories

Password Guessing Tools

Link Checking Tools

Web site Crawlers

Web-Testing based Scripting Tools

Buffer Overflow Protection Tools

Buffer Overflow Generation Tools

Input Data Validation Tools

File encryption Tools

Database Assessment Tools

Keyboard Logging and Screen Reordering Tools

System Event Logging and Reviewing Tools

Tripwire and Checksum Tools

Mobile-Code Scanning Tools

Centralized Security Monitoring Tools

Web Log Analysis Tools

Forensic Data and Collection Tools

Security Assessment Tools

Multiple OS Management Tools

SANS Institute TOP 20 Security Vulnerabilities

All Operating System Platforms

Default installs of operating systems and applications

Accounts with no passwords or weak passwords

Nonexistent or incomplete backups

Large number of open ports

Not filtering packets for correct incoming and outgoing addresses

Nonexistent or incomplete logging

Vulnerable Common Gateway Interface (CGI) programs

Windows-specific

Unicode vulnerability-Web server folder traversal

Internet server application programming interface (ISAPI) extension buffer overflows

IIS Remote Data Services (RDS) exploit

Network Basic Input Output System (NetBIOS), unprotected Windows networking shares

Information leakage via null session connections

Weak hashing in SAM (Security Accounts Manager)-LanManager hash

UNIX-specific

Buffer overflows in Remote Procedure Call (RPC) services

Sendmail vulnerabilities

Bind weaknesses

Remote system command (such as rcp, rlogin, and rsh) vulnerabilities

Line Printer Daemons (LPD) vulnerabilities

Sadmind and mountd exploits

Default Simple Network Management Protocol (SNMP) strings

Penetration Testing Deliverable Templates

Test Status Report Identifier

Test Variances

Test Comprehensive Assessment

Summary of Results (Incidents)

Test Evaluation

Names of Persons (Approval)

Template Test Incident Report

Template Test Log

Active Reconnaissance

Attack Phase

Activity: Perimeter Testing

Activity: Web Application Testing – I

Activity: Web Application Testing – II

Activity: Wireless Testing

Activity: Acquiring Target

Activity: Escalating Privileges

Activity: Execute, Implant & Retract

Post Attack Phase & Activities

Automated Penetration Testing Tool - CORE Impact

What are your favorite tools to use people???

Works fine on my XP system. Did you let the Nmap installation create the desktop icon or did you create it yourself? If need be, we can compare settings of the shortcut.

Don

Oooooo, that's a big help. Explains a lot. I don't have time to play with it right now, but I should be able to later on tonight. I'll let ya know.

Thanks a lot!!!   

(my favorite smiley. really says a lot).