Projects - Penetration Testing (PenTEST)

A Penetration Test, PenTEST, is the authorized, scheduled and systematic process of using known vulnerabilities in an attempt to perform an intrusion into host, network or application resources. The penetration test can be conducted on internal (a building access or host security system) or external (the company connection to the Internet) resources. It normally consists of using an automated or manual toolset to test company.

PenTEST allows organizations to verify that new and existing applications, networks and system are secured and not vulnerable to unauthorized data disclosure, misuse, alteration or destruction of confidential information, including Personal Identifiers. Therefore organizations are encouraged to test the internal and external network as part of the organization Security Policy and Program based on best industry practices.

There are two types of PenTEST. The Internal PenTEST refers to tests performed to identify vulnerabilities with physical access or exposures to social engineering. These tests are intended to determine what vulnerabilities exist for systems that are accessible to authorized network connections or login credentials that reside within the network domain of the organization.

The External PenTest refers to tests performed to identify vulnerabilities that are present for connections that have been established through the organization such as connection to the Internet via the firewall or gateway. The objective of the test is to verify that the organisation internal domain is sufficiently secure from the corporate Internet site, so that their sensitive information are not exposed to the outside world.

Open Source Tools

Nessus - A network vulnerability scanner tool systems. http://www.nessus.org Firewalk - A traceroute like tool that allows the Access Control Lists of a firewall to be determined and a network map can be created. http://www.packetfactory.net/Projects/Firewalk/
SARA -The second successor to the vulnerability scanner tool SATAN (first successor was SAINT) http://www-arc.com/sara/ John The Ripper John is an active password cracking tool to identify weak password syntax. - http://www.openwall.com/john/
Whisker - A CGI vulnerability scanner http://www.wiretrip.net/rfp/p/doc.asp?id=21&iface=2 NAT (NetBIOS Auditing tool) - A tool to identify vulnerabilities in a NetBIOS configuration of a NT system. http://www.tux.org/pub/security/secnet/tools/nat10/
Crack / Libcrack -A password cracking tool for Unix systems. http://www.users.dircon.co.uk/~crypto/ Toneloc - A war dialer to check for modems on desktop systems that are set for auto-answer and or run remote access software.
Hping2 - A network tool that can send custom ICMP, UDP or TCP packets. Allows testing of firewall rules and supporting testing of fragmented packets. http://www.kyuzz.org/antirez/hping/ Cain and Abel - http://www.net-security.org/software.php?id=110

Commercial Tool Products

L0pht Crack - http://www.l0pht.com/l0phtcrack/
Internet Security Server - http://www.iss.net
CyberCop - http://www.pgp.com/asp_set/products/tns/ccscanner_intro.asp
Phonesweep - http://www.sandstorm.net/

Other documented security testing methodologies:
  • Internal Network Scanning
  • Port Scanning
  • Manual Configuration Weakness
  • System Fingerprinting
  • Services Probing
  • Configuration Testing
  • Exploit Research
  • Manual Vulnerability Testing and Verification
  • Testing and Verification
  • Limited Application Layer Testing
  • Firewall and ACL Testing
  • Administrator Privileges Escalation Testing
  • Password Strength Testing
  • Network Equipment Security Controls Testing
  • Database Security Controls Testing
  • Internal Network Scan for Known Trojans
  • Third-Party/Vendor Security

projects graphic
projects graphic