External Penetration Testing(Red Teaming)

            Penetration Testing (also known as PenTesting), is the practice of finding security flaws in an organization that could be exploited by hackers.

            We identify vulnerabilities in your server and web applications and provide a solution to fix them.

Work Plan for Penetration Testing

  1. Identify open ports and all the services in use.
  2. Enumerate each of these services.
  3. Identify specific vulnerabilities for specific port/services.
  4. Use Public Exploits.
  5. Use Private (0 day) – for 0 day assessments.
  6. Use Manual methods for identifying if any other vulnerability can be  exploited.
  7. Tools – Nmap, Nessus, Metasploit, Canvas+packs(for 0day), sqlmap, w3af, firewall analysis tools(other tools available).

Tests carried out in Web Applications

Standards – The OWASP Top 10 – 2013 is as follows

  1. A1 Injection
  2. A2 Broken Authentication and Session Management
  3. A3 Cross-Site Scripting (XSS)
  4. A4 Insecure Direct Object References
  5. A5 Security Misconfiguration
  6. A6 Sensitive Data Exposure
  7. A7 Missing Function Level Access Control
  8. A8 Cross-Site Request Forgery (CSRF)
  9. A9 Using Components with Known Vulnerabilities
  10.  A10 Unvalidated Redirects and Forwards

Information Gathering:

  1. Check website’s robots.txt .(Reaction to Spiders, Robots, and Crawlers)
  2. Indexing by Search Engine’s.(Check for document/information disclosure)
  3. Web Application Fingerprinting.
  4. Information Disclosure due to error messages and banner grabbing.

Configuration Testing:

  1. SSL/TLS checks.
  2. Database testing.
  3. Check for backup files and databases.

Authentication Testing:

  1. Check if credential transport is over encrypted.
  2. Testing for authentication bypass bugs.
  3. Bruteforce and Dictionary attacks against login forms.
  4. Test password reset forms.
  5. Testing CAPTCHA implementation.

Session Management:

  1. Testing how web application handles expired cookies and browser cache.
  2. Check how web application reacts to spoofed or forged cookies.
  3. Testing for CSRF. (Cross Site Request Forgery)

Authorization Testing:

  1. Check for path transversal vulnerabilities.
  2. Testing for Privilege escalation of accounts.

Check for Cross Site Scripting (XSS):

  1. Reflected
  2. Stored
  3. DOM based
  4. Cross Site Flashing

Check for SQL Injection:

1.Oracle

2.MySQL

3.MsSQL

4.SQL Server

5.MS Access

6.PostgreSQL

7.LDAP Injection

8.ORM Injection

9.XML Injection

10.SSI Injection

11.IMAP/SMTP Injection

12.Code Injection

13.Command Injection

14.Overflow vulnerabilities

15.DOS Attacks

16.SQL wildcard attacks.

17.Locking accounts.

18.Buffer Overflow.

19.AJAX Testing

Web Services Testing

1)SOAP Attacks.

2)Replay Testing.

Tools Used

1)Burp Suite.

2)Iron Wasp.

3)Retina Scanner.

4)SqlMap.

5)Havij.

6)Metasploit. (Web modules)

7)Nmap.

8)Netcat.

9)Nessus.

10)Joom Scan.

11)W3af.

12)FOCA.

13)Maltego

14)Xenotix XSS Framework.

15)Assortment of stress testers.

16)WP scan (If applicable).