Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Penetration Testing Principles

1.Penetration Testing Overview


Was sind Penetrationstests?

Penetration testing tests your existing cybersecurity measures to try to find vulnerabilities that attackers could exploit. Pen tests give you insight into how attackers might try to breach your networks, so you can close any gaps and stay one step ahead.

Pen tests can be done in house, but generally they are done by a third party who uses a variety of tools and methods to try to penetrate your network. These tests resemble real-world attack methods attackers may use. The goal is to discover vulnerabilities, misconfigurations and other security weaknesses before an attacker can exploit them and put your organization at risk.

If an attack (or penetration from a pen test) is successful, the attacker could:

  • Gain access to personal health information (PHI)
  • Get access to personally identifiable information (PII)
  • Steal credentials
  • Steal data and records
  • Launch malware
  • Make lateral movements across your network (potentially for weeks or months before you even know they’re there)
  • Access credit card and other financial information
  • Disrupt business operations
  • Hold your systems and operations hostage and demand a ransom
  • Destroy your data

Pen tests help you uncover weaknesses within your attack surface so you can make plans to remediate them before they can be exploited.

Pen tests are a complementary component of your vulnerability assessment program. As part of vulnerability assessment, your organization should do routine vulnerability scans that give you insight into all the assets and vulnerabilities across your enterprise. Pen tests help you verify if an attacker can exploit these weaknesses and evaluate the success of your remediation efforts.

To build a comprehensive vulnerability assessment program, you should conduct vulnerability assessment scans on a continuous basis and then do pen testing periodically. Some compliance guidelines call for annual pen testing, but you may build a stronger cybersecurity program if you conduct these tests more frequently—for example, at least quarterly.

The Importance of Pen Testing

Here are some reasons why your organization should adopt penetration testing as part of your comprehensive cybersecurity program:

  • Pen tests help you discover if you have vulnerabilities an attacker could exploit to get access to your network, data and assets.
  • These tests can give you insight into how well you’re meeting compliance standards and where you have security gaps.
  • Pen tests can also help you determine if your security controls are working as you expect them to.
  • You can test applications your organization uses to see if there are programming mistakes that can give attackers access to your network.

2.Penetration Testing Goals and Processes


Generally, there are five phases for penetration testing.

  1. Your pen testing process begins with determining who you want to conduct your test — whether an in-house resource or a third-party pen tester. This phase should include setting goals and objectives for the pen test outcome. These goals should be specific to your organization and should align with your existing cybersecurity and business goals.
  2. Next, determine the scope of your test. For example, do you want the tester to target your entire network to see what can be uncovered? Or do you want to set parameters for the test and have the tester target only a specific subset? The scope you set will help your tester develop a plan of attack against your target(s).
  3. After setting your scope and targets, it’s time to begin testing. The tester will begin by doing a number of scans on your target to gather as much information as possible about existing security protocols and to try to find gaps and vulnerabilities. Once the pen tester has an understanding of your security measures, the tester should use a variety of exploitation methods to see if he/she can gain access, just like an attacker in the real world would do. After gaining access, the tester will determine if extended access can be maintained and what additional systems can be accessed from the breach. When the test is complete, the pen tester should remove all evidence of the attack including scripts and logs used during the testing phases.
  4. After your pen tester completes the test, the tester will provide you with a report on findings. The report should highlight what the vulnerability is, how it was breached, where there are gaps in your existing security measures, and the impact that a breach could have on your organization. You should review these findings and make plans for mitigation, starting with the most critical vulnerabilities with the greatest potential impact on your organization.
  5. Once you’ve implemented your mitigation plans, it’s a good idea to follow up with additional pen testing to see if your fixes work as you intended and whether or not new vulnerabilities surfaced since your last test.

Penetration Test Approaches

There are different approaches to pen testing, the two most common are whitebox testing and blackbox testing.

In whitebox testing, your organization will provide your tester with information about your intended target. Whitebox testing also generally takes place within a credentialed environment.

In blackbox testing, you don't share additional information about the target with your tester and the pen tester generally conducts network sweeps without using credentials.

Grey box testing is another approach to penetration testing. As the name implies, it’s somewhere in the middle of blackbox and whitebox testing. Here, your organization provides the tester with partial details about targets.

Nessus Professional is a great complementary tool for these approaches to penetration testing.

Penetration Testing Methods

In addition to the approaches to pen testing, pen testers may utilize a variety of testing methods during an engagement with your organization. Here are some examples:

Targeted testing: During targeted pen tests, your internal IT teams work together with your third-party tester to try to breach your attack surface. During these types of tests, both parties share information about what the tester is doing to initiate the attack and how your team is responding to block it. Not only does this type of testing give you information about where you may have vulnerabilities, but it also gives your teams real-world experience in attempting to stop a hack while it’s happening.

Blind testing: Blind testing is a true-to-life hacking scenario where all the tester knows is your URL or your organization’s name and your teams are only aware that you’ve given the go-ahead for a test. Here, your tester attempts to gain access to your network and systems in real time with little-to-no additional information about your company or security posture.

Double-blind testing: Double-blind testing is similar to blind testing, where the tester has limited information about your organization; however, unlike blind testing, your teams do not know that you’ve authorized a test and that an engagement is imminent.

External testing: In external testing, the tester attacks your external-facing assets and systems, for example web servers, firewalls, and email servers.

Internal testing: Internal testing gives testers access to your systems behind your firewall and simulates what would happen if an employee or a person with stolen credentials got unauthorized access to your enterprise systems.

Penetration Test Frequency

Your organization should plan for regular pen testing. While some compliance regulations call for annual tests, you may find it more beneficial for your overall cybersecurity posture if you do them more frequently, for example, at least once each quarter.

Pen tests give you a point-in-time snapshot of your security posture. Since your attack surface constantly changes and expands, routine pen tests may help you find holes and gaps in your existing program and enable you to remedy them before an attacker can exploit them.

3.Pen Tests and Vulnerability Management


  • There are differences between vulnerability assessment and penetration testing, but the processes complement one another.
  • Pen testing is a stand-alone activity that gives you a picture of your cyber exposures at a single point in time.
  • Vulnerability assessment is an ongoing practice that gives you visibility into all of your vulnerabilities. Each time you run a new vulnerability scan or conduct a new penetration test, you have the opportunity to uncover new information about your cybersecurity posture.
  • Pen tests help you define areas of improvements to strengthen your vulnerability assessment processes.

4 Pen Tests and Vulnerability Assessment


  • There are differences between vulnerability assessment and penetration testing, but the processes complement one another.
  • Pen testing is a stand-alone activity that gives you a picture of your cyber exposures at a single point in time.
  • Vulnerability assessment is an ongoing practice that gives you visibility into all of your vulnerabilities. Each time you run a new vulnerability scan or conduct a new penetration test, you have the opportunity to uncover new information about your cybersecurity posture.
  • Pen tests help you define areas of improvements to strengthen your vulnerability assessment processes.

Vulnerability Scanning and Pen Testing

Vulnerability scanning is a component of penetration testing. It’s a way to discover vulnerabilities and weaknesses within your attack surface and can help testers uncover which ones to target during a test.

Vulnerability scans can span across your entire attack surface or the tester may be limited to a specific subset. Here are some subset examples, some of which may be included in specialized tests:

  • Internal networks
  • External networks
  • Cloud environments
  • Internet of Things (IoT) devices
  • Industrial Internet of Things (IIoT) devices (Industry 4.0)
  • Operational technology (OT) devices
  • Container
  • Web-Apps

5. Penetration Test Tools


Penetration testing has long been a manual process that relies on the training, skills, and innovative thinking of testers to try to breach your attack surface. Today, however, testers are supported by an arsenal of automated tools to help them initiate tests on intended targets. One of them is Kali Linux.

Kali Linux has more than 600 penetration tools and is a free resource. It can be used for penetration testing, reverse engineering, tech forensics, and research.

Tenable Nessus is not installed on Kali Linux by default, but it can be easily installed and then used to support pen testing engagements. Nessus can help your pen tester find local and remote vulnerabilities, check for default credentials, assist with configuration and compliance audits, and do web application scanning. You can read more about how Nessus supports Kali Linux pen testing here: https://www.tenable.com/blog/getting-started-with-nessus-on-kali-linux.

6. Nessus Vulnerability Scanning


Nessus Professional is an effective tool to help you discover vulnerabilities across your attack surface. It supports scanning across a variety of asset types such as operating systems (MacOS, Windows, Linux), applications, network devices and more.

Nessus comes with pre-built templates for credentialed and non-credentialed vulnerability scans. These templates, together with pre-built policies, help pen testers get the most out of their testing engagements. Nessus gives testers visibility into your organization's network and testers get an upper hand by being able to quickly uncover weaknesses and vulnerabilities.

Nessus templates support compliance frameworks such as Center for Internet Security (CIS), Health Insurance Portability and Accountability Act (HIPAA), Defense Information Systems Agency (DISA), Security Technical Implementation Guides (STIG) and others. You can also customize templates, including creating preferences to avoid false negatives or false positives.

Nessus has more than 142,000 plugins, which are automatically updated. It has coverage of more than 56,000 CVEs and more than 100 new plugins are released every week. That means with Nessus, pen testers get accurate, timely information about the latest vulnerabilities and malware so they can hunt them down on your network.

Verwandte Produkte

Die Nummer eins bei Vulnerability Assessment-Lösungen.

Die Nummer eins bei Vulnerability Assessment-Lösungen.

Mehr anzeigen

Pen Testing Resources

 

Schwachstellenüberlastung – wie kann man dem Problem ein Ende setzen?

 

Five Steps to Building a Successful Vulnerability Management Program

 

Worauf Sie bei einer Cloud-Lösung für das Schwachstellen-Management achten sollten

 

Schwachstellen-Management: Asset-Erfassung

 

4 Failings of Vulnerability Management You Need to Fix for a More Secure 2020

COPYRIGHT 2020 TENABLE, INC.ALLE RECHTE VORBEHALTEN.TENABLE, TENABLE.IO, TENABLE NETWORK SECURITY, NESSUS, SECURITYCENTER, SECURITYCENTER CONTINUOUS VIEW UND LOG CORRELATION ENGINE SIND EINGETRAGENE MARKEN VON TENABLE, INC.TENABLE.SC, LUMIN, ASSURE UND THE CYBER EXPOSURE COMPANY SIND MARKEN VON TENABLE, INC.ALLE ANDEREN PRODUKTE BZW. SERVICES SIND MARKEN IHRER JEWEILIGEN INHABER.

tenable.io

30 TAGE KOSTENLOS


Wir bieten Ihnen vollen Zugriff auf eine moderne, cloudbasierte Schwachstellen-Management-Plattform, mit der Sie alle Ihre Assets mit beispielloser Genauigkeit sehen und nachverfolgen können.

tenable.io KAUFEN

Wir bieten Ihnen vollen Zugriff auf eine moderne, cloudbasierte Schwachstellen-Management-Plattform, mit der Sie alle Ihre Assets mit beispielloser Genauigkeit sehen und nachverfolgen können. Erwerben Sie noch heute Ihre jährliche Subscription.

65 Assets

Wählen Sie Ihre Subscription-Option:

Jetzt kaufen

Testen Sie Nessus Professional kostenlos

7 TAGE KOSTENLOS

Nessus® ist der umfassendste Schwachstellen-Scanner auf dem Markt. Nessus Professional unterstützt Sie bei der Automatisierung des Scan-Prozesses, spart Zeit in Ihren Compliance-Zyklen und ermöglicht Ihnen die Einbindung Ihres IT-Teams.

Nessus Professional kaufen

Nessus® ist der umfassendste Schwachstellen-Scanner auf dem Markt. Nessus Professional unterstützt Sie bei der Automatisierung des Scan-Prozesses, spart Zeit in Ihren Compliance-Zyklen und ermöglicht Ihnen die Einbindung Ihres IT-Teams.

Mehrjahreslizenz kaufen und sparen! Mit Advanced Support erhalten Sie rund um die Uhr, 365 Tage im Jahr Zugang zum Support – per Telefon, Chat und über die Community.

Lizenz auswählen

Mehrjahreslizenz kaufen und sparen!

Support und Training hinzufügen

Tenable.io 30 TAGE KOSTENLOS TESTEN

Wir bieten Ihnen vollen Zugriff auf eine moderne, cloudbasierte Schwachstellen-Management-Plattform, mit der Sie alle Ihre Assets mit beispielloser Genauigkeit sehen und nachverfolgen können.

Tenable.io KAUFEN

Wir bieten Ihnen vollen Zugriff auf eine moderne, cloudbasierte Schwachstellen-Management-Plattform, mit der Sie alle Ihre Assets mit beispielloser Genauigkeit sehen und nachverfolgen können. Erwerben Sie noch heute Ihre jährliche Subscription.

65 Assets

Wählen Sie Ihre Subscription-Option:

Jetzt kaufen

Tenable.io Web Application Scanning testen

30 TAGE KOSTENLOS

Profitieren Sie vom vollen Zugriff auf unser neuestes Angebot zum Scannen von Web-Applikationen, das als Teil der Tenable.io-Plattform für moderne Applikationen entwickelt wurde. Scannen Sie auf sichere Weise Ihr gesamtes Online-Portfolio auf Schwachstellen – mit hoher Genauigkeit und ohne großen manuellen Aufwand oder Unterbrechung kritischer Web-Applikationen. Melden Sie sich jetzt an.

Tenable.io Web Application Scanning kaufen

Wir bieten Ihnen vollen Zugriff auf eine moderne, cloudbasierte Schwachstellen-Management-Plattform, mit der Sie alle Ihre Assets mit beispielloser Genauigkeit sehen und nachverfolgen können. Erwerben Sie noch heute Ihre jährliche Subscription.

5 FQDN

3.578,00 USD

Jetzt kaufen

Tenable.io Container Security testen

30 TAGE KOSTENLOS

Profitieren Sie von vollem Zugriff auf die einzige Lösung für Containersicherheit, die in eine Schwachstellen-Management-Plattform integriert ist. Überwachen Sie Container-Images auf Schwachstellen, Malware und Richtlinienverstöße. Kann in Systeme für kontinuierliche Integration und Bereitstellung (CI/CD) eingebunden werden, um DevOps-Praktiken zu unterstützen, die Sicherheit zu stärken und die Einhaltung von Unternehmensrichtlinien zu fördern.

Tenable.io Container Security kaufen

Tenable.io Container Security ermöglicht eine nahtlose und sichere Umsetzung von DevOps-Prozessen, indem es die Sicherheit von Container-Images – einschließlich Schwachstellen, Malware und Richtlinienverletzungen – durch Integration in den Build-Prozess transparent macht.

Tenable Lumin testen

30 TAGE KOSTENLOS

Mit Tenable Lumin können Sie Ihre Cyber Exposure visualisieren und genauer untersuchen, die allmähliche Reduzierung von Risiken nachverfolgen und Benchmark-Vergleiche mit ähnlichen Unternehmen anstellen.

Tenable Lumin kaufen

Kontaktieren Sie einen Vertriebsmitarbeiter, um zu erfahren, wie Lumin Sie dabei unterstützen kann, Einblick in Ihr gesamtes Unternehmen zu erhalten und Cyberrisiken zu managen.

Tenable.cs testen

30 TAGE KOSTENLOS Profitieren Sie von vollem Zugriff, um Fehlkonfigurationen der Cloud-Infrastruktur in den Design-, Build- und Runtime-Phasen Ihres Software Development Lifecycle (SDLC) zu erkennen und zu beheben.

Tenable.cs kaufen

Kontaktieren Sie einen Vertriebsmitarbeiter, um mehr über Cloud Security und die Absicherung jedes Schritts vom Code bis zur Cloud zu erfahren.