Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Penetration Testing Principles

1.Penetration Testing Overview


¿Qué son las pruebas de penetración?

Penetration testing tests your existing cybersecurity measures to try to find vulnerabilities that attackers could exploit. Pen tests give you insight into how attackers might try to breach your networks so you can close gaps and stay one step ahead.

Pen tests can be done in house, but generally they are done by a third party who uses a variety of tools and methods to try to penetrate your network. These tests resemble real-world attack methods attackers may use. The goal is to discover vulnerabilities, misconfigurations and other security weaknesses before an attacker can exploit them and put your organization at risk.

If an attack (or penetration from a pen test) is successful, the attacker could:

  • Gain access to personal health information (PHI)
  • Get access to personally identifiable information (PII)
  • Steal credentials
  • Steal data and records
  • Launch malware
  • Make lateral movements across your network (potentially for weeks or months before you even know they’re there)
  • Access credit card and other financial information
  • Disrupt business operations
  • Hold your systems and operations hostage and demand a ransom
  • Destroy your data

Pen tests help uncover weaknesses within your attack surface so you can make plans to remediate them before threat actors can exploit them.

Pen tests are a complementary component of your vulnerability assessment program. As part of vulnerability assessment, your organization should do routine vulnerability scans that give you insight into all the assets and vulnerabilities across your enterprise. Pen tests help you verify if an attacker can exploit these weaknesses and evaluate the success of your remediation efforts.

To build a comprehensive vulnerability assessment program, conduct vulnerability assessment scans on a continuous basis and then do pen testing periodically. Some compliance guidelines call for annual pen testing, but you may build a stronger cybersecurity program if you conduct these tests more frequently — for example, at least quarterly.

The Importance of Pen Testing

Here are some reasons why your organization should adopt penetration testing as part of your comprehensive cybersecurity program:

  • Pen tests help you discover if you have vulnerabilities or other security weaknesses attackers could exploit to get access to your network, data and assets.
  • These tests can give you insight into how well you’re meeting compliance standards and where you have security issues.
  • Pen tests can also help you determine if your security controls are working as you expect them to.
  • You can test applications your organization uses to see if there are programming mistakes that can give attackers access to your network.

2.Penetration Testing Goals and Processes


Generally, there are five phases for penetration testing.

  1. Your pen testing process begins with determining who you want to conduct your test — whether an in-house resource or a third-party pen tester. This phase should include setting goals and objectives for the pen test outcome. These goals should be specific to your organization and should align with your existing cybersecurity and business goals.
  2. Next, determine the scope of your test. For example, do you want the tester to target your entire network to see what they can uncover? Or do you want to set parameters for the test and have the tester target only a specific subset? The scope will help your tester develop a plan of attack against your target(s).
  3. After setting your scope and targets, it’s time to begin testing. The tester will begin by doing a number of scans on your target to gather as much information as possible about existing security protocols and to try to find security weaknesses and vulnerabilities. Once the pen tester has an understanding of your security measures, the tester should use a variety of exploitation methods to try to gain access, just like an attacker in the real world would do. After gaining access, the tester will determine if extended access can be maintained and what additional systems can be accessed from the breach. When the test is complete, the pen tester should remove all evidence of the attack including scripts and logs used during the testing phases.
  4. After your pen tester completes the test, the tester will provide you with a report on findings. The report should highlight what the vulnerability is, how it was breached, where there are gaps in your existing security measures and the impact that a breach could have on your organization. You should review these findings and make plans for mitigation, starting with the most critical vulnerabilities with the greatest potential impact on your organization.
  5. Once you’ve implemented your mitigation plans, it’s a good idea to follow up with additional pen testing to see if your fixes work as you intended and whether or not new vulnerabilities have surfaced since your last test.

Penetration Test Approaches

There are different approaches to pen testing, the two most common are white-box testing and black-box testing.

In white-box testing, your organization will provide your tester with information about your intended target. White-box testing also generally takes place within a credentialed environment.

In black-box testing, you don't share additional information about the target with your tester and the pen tester generally conducts network sweeps without using credentials.

Grey-box (gray-box) testing is another approach to penetration testing. As the name implies, it’s somewhere in the middle of black-box and white-box testing. Here, your organization provides the tester with partial details about targets.

Nessus Expert is a great complementary tool for these approaches to penetration testing.

Penetration Testing Methods

In addition to the approaches to pen testing, pen testers may utilize a variety of testing methods during an engagement with your organization. Here are some examples:

Targeted testing: During targeted pen tests, your internal IT teams work together with your third-party tester to try to breach your attack surface. During these types of tests, both parties share information about what the tester is doing to initiate the attack and how your team is responding to block it. Not only does this type of testing give you information about where you may have vulnerabilities, but it also gives your team real-world experience in attempting to stop a hack while it’s happening.

Blind testing: Blind testing is a hacking scenario where all the tester knows is your URL or your organization’s name and your teams are only aware that you’ve given the go-ahead for testing. Here, your tester attempts to gain access to your network and systems in real time with little-to-no additional information about your company or security posture.

Double-blind testing: Double-blind testing is similar to blind testing, where the tester has limited information about your organization; however, unlike blind testing, your teams do not know that you’ve authorized a test and that an engagement is underway.

External testing: In external testing, the tester attacks your external-facing assets and systems, for example web servers, firewalls and email servers.

Internal testing: Internal testing gives testers access to your systems behind your firewall and simulates what would happen if an employee or a person with stolen credentials got unauthorized access to your enterprise systems.

Penetration Test Frequency

Your organization should plan for regular pen testing. While some compliance regulations call for annual tests, you may find it more beneficial for your overall cybersecurity posture if you do them more frequently, for example, at least once each quarter.

Pen tests give you a point-in-time snapshot of your security posture. Since your attack surface constantly changes and expands, routine pen tests may help you find holes and gaps in your existing program and enable you to remedy them before an attacker can exploit them.

3.Pen Tests and Vulnerability Management


  • There are differences between vulnerability assessment and penetration testing, but the processes complement one another.
  • Pen testing is a stand-alone activity that gives you a picture of your cyber risks at a single point in time.
  • Vulnerability management is an ongoing program that uses a variety of technologies and tools to identify cyber risks across your entire organization, align them with your operational goals and objectives and then remediate vulnerabilities in a timely manner to secure your network and keep your operations safe.
  • Pen tests help you define areas of improvements to strengthen your vulnerability assessment processes.

4. Pen Tests and Vulnerability Assessment


  • There are differences between vulnerability assessment and penetration testing, but the processes complement one another.
  • Pen testing is a stand-alone activity that gives you a picture of your cyber risks at a single point in time.
  • Vulnerability assessment is an ongoing practice that gives you visibility into all of your vulnerabilities. Each time you run a new vulnerability scan or conduct a new penetration test, you have the opportunity to uncover new information about your cybersecurity posture.
  • Pen tests help you define areas of improvements to strengthen your vulnerability assessment processes.

Vulnerability Scanning and Pen Testing

Vulnerability scanning is a component of penetration testing. It’s a way to discover vulnerabilities and weaknesses within your attack surface and can help testers uncover which ones to target during a test.

Vulnerability scans can span across your entire attack surface or the tester may be limited to a specific subset. Here are some subset examples, some of which may be included in specialized tests:

  • Internal networks
  • External networks
  • Cloud environments
  • Internet of Things (IoT) devices
  • Industrial Internet of Things (IIoT) devices (Industry 4.0)
  • Dispositivos de tecnología operativa (OT)
  • Contenedores
  • Aplicaciones web

5. Penetration Test Tools


Penetration testing has long been a manual process that relies on the training, skills and innovative thinking of testers to try to breach your attack surface. Today, however, testers are supported by automated tools to help initiate tests on intended targets. One of them is Kali Linux.

Kali Linux has more than 600 penetration tools and is a free resource. It can be used for penetration testing, reverse engineering, tech forensics and research.

Tenable Nessus is not installed on Kali Linux by default, but you can easily install it and then use it to support pen testing engagements. Nessus can help your pen tester find local and remote vulnerabilities, check for default credentials, assist with configuration and compliance audits, and do web application scanning. You can read more about how Nessus supports Kali Linux pen testing here: https://www.tenable.com/blog/getting-started-with-nessus-on-kali-linux.

6. Nessus Vulnerability Scanning


Nessus Expert is an effective tool to help you discover vulnerabilities across your attack surface. It supports scanning across a variety of asset types such as operating systems (MacOS, Windows, Linux), applications, network devices and more.

Nessus comes with pre-built templates for credentialed and non-credentialed vulnerability scans. These templates, together with pre-built policies, help pen testers get the most out of their testing engagements. Nessus gives testers visibility into your organization's network and testers get an upper hand by being able to quickly uncover weaknesses and vulnerabilities.

Nessus templates support compliance frameworks such as Center for Internet Security (CIS), Health Insurance Portability and Accountability Act (HIPAA), Defense Information Systems Agency (DISA), Security Technical Implementation Guides (STIG) and others. You can also customize templates, including creating preferences to avoid false negatives or false positives.

Nessus has more than 189,000 plugins, which are automatically updated. It has coverage of more than 77,000 CVEs and more than 100 new plugins are released every week. That means with Nessus, pen testers get accurate, timely information about the latest vulnerabilities and malware.

Nessus
The Global Gold Standard in Vulnerability Assessment Built for the Modern Attack Surface

Pen Testing Resources

 

¿Cuál es la respuesta al problema de sobrecarga de vulnerabilidades?

 

Five Steps to Building a Successful Vulnerability Management Program

 

Qué buscar en una solución de gestión de vulnerabilidades en la nube

 

Gestión de vulnerabilidades: Detección de activos

 

4 Failings of Vulnerability Management You Need to Fix for a More Secure 2020

Tenable Vulnerability Management

Disfrute los accesos de seguridad completos a una plataforma moderna para la gestión de vulnerabilidades en la nube, que le permite ver y rastrear todos sus activos con una precisión inigualable.

Las pruebas de Tenable Vulnerability Management creadas en todas partes, excepto en los Emiratos Árabes Unidos, también incluirán Tenable Lumin y Tenable Web App Scanning.

Tenable Vulnerability Management

Disfrute los accesos de seguridad completos a una plataforma moderna para la gestión de vulnerabilidades en la nube, que le permite ver y rastrear todos sus activos con una precisión inigualable. Compre una suscripción anual hoy mismo.

100 activos

Seleccione su tipo de suscripción:

Comprar ahora

Tenable Vulnerability Management

Disfrute los accesos de seguridad completos a una plataforma moderna para la gestión de vulnerabilidades en la nube, que le permite ver y rastrear todos sus activos con una precisión inigualable.

Las pruebas de Tenable Vulnerability Management creadas en todas partes, excepto en los Emiratos Árabes Unidos, también incluirán Tenable Lumin y Tenable Web App Scanning.

Tenable Vulnerability Management

Disfrute los accesos de seguridad completos a una plataforma moderna para la gestión de vulnerabilidades en la nube, que le permite ver y rastrear todos sus activos con una precisión inigualable. Compre una suscripción anual hoy mismo.

100 activos

Seleccione su tipo de suscripción:

Comprar ahora

Tenable Vulnerability Management

Disfrute los accesos de seguridad completos a una plataforma moderna para la gestión de vulnerabilidades en la nube, que le permite ver y rastrear todos sus activos con una precisión inigualable.

Las pruebas de Tenable Vulnerability Management creadas en todas partes, excepto en los Emiratos Árabes Unidos, también incluirán Tenable Lumin y Tenable Web App Scanning.

Tenable Vulnerability Management

Disfrute los accesos de seguridad completos a una plataforma moderna para la gestión de vulnerabilidades en la nube, que le permite ver y rastrear todos sus activos con una precisión inigualable. Compre una suscripción anual hoy mismo.

100 activos

Seleccione su tipo de suscripción:

Comprar ahora

Probar Tenable Web App Scanning

Disfrute de accesos de seguridad completos a nuestra última oferta de análisis de vulnerabilidades de aplicaciones web diseñada para aplicaciones modernas como parte de la plataforma Tenable One Exposure Management. Escanee de manera segura todo su portafolio en línea para detectar vulnerabilidades con alto grado de exactitud sin el esfuerzo manual intensivo ni la interrupción de aplicaciones web críticas. Registrarse ahora.

Su prueba de Tenable Web App Scanning también incluye Tenable Vulnerability Management y Tenable Lumin.

Comprar Tenable Web App Scanning

Disfrute los accesos de seguridad completos a una plataforma moderna para la gestión de vulnerabilidades en la nube, que le permite ver y rastrear todos sus activos con una precisión inigualable. Compre una suscripción anual hoy mismo.

5 FQDN

USD 3578

Comprar ahora

Probar Tenable Lumin

Visualice y explore su gestión de exposición, realice un seguimiento de la reducción de riesgos de seguridad en la nube a lo largo del tiempo y compárese con sus competidores con Tenable Lumin.

Su prueba de Tenable Lumin también incluye Tenable Vulnerability Management y Tenable Web App Scanning.

Comprar ahora Tenable Lumin

Póngase en contacto con un representante de ventas para saber cómo puede ayudarle Tenable Lumin a obtener información de toda su organización y gestionar vulnerabilidades y riesgos cibernéticos.

Probar Tenable Nessus Professional gratuitamente

GRATIS POR 7 DÍAS

Tenable Nessus es el escáner de vulnerabilidad más completo en el mercado hoy en día.

NUEVO - Tenable Nessus Expert
Ahora disponible

Nessus Expert viene con aún más funcionalidades, incluyendo análisis de vulnerabilidades de superficie de ataque externa y la capacidad de agregar dominios y escanear infraestructura en la nube. Haga clic aquí para probar Nessus Expert.

Rellene el formulario a continuación para continuar con la prueba de Nessus Pro.

Comprar Tenable Nessus Professional

Tenable Nessus es el escáner de vulnerabilidad más completo en el mercado hoy en día. Tenable Nessus Professional ayudará a automatizar el proceso de análisis de vulnerabilidades, ahorrará tiempo en sus ciclos de cumplimiento y le permitirá involucrar a su equipo de TI.

Compre una licencia multi anual y ahorre. Agregue Soporte Avanzado para acceder a soporte por teléfono, chat y a través de la Comunidad las 24 horas del día, los 365 días del año.

Seleccione su licencia

Compre una licencia multi anual y ahorre.

Añada soporte y capacitación

Probar Tenable Nessus Expert gratuitamente

GRATIS POR 7 DÍAS

Diseñado para la superficie de ataque moderna, Nessus Expert le permite ver más y proteger a su organización contra las vulnerabilidades, desde TI hasta la nube.

¿Ya tiene Tenable Nessus Professional?
Actualice a Nessus Expert gratuitamente por 7 días.

Comprar Tenable Nessus Expert

Diseñado para la superficie de ataque moderna, Nessus Expert le permite ver más y proteger a su organización contra las vulnerabilidades, desde TI hasta la nube.

Seleccione su licencia

Compre una licencia plurianual y ahorre más.

Añada soporte y capacitación