Security Testing and Vulnerability Assessment

Explains the different approaches used in security testing, including penetration testing, vulnerability assessments, and ethical hacking.

Types of security testing: This topic covers the various types of security testing methodologies, such as penetration testing, vulnerability scanning, and ethical hacking.

Security risks: This topic covers common security risks, such as malware, phishing, and social engineering, along with the consequences of these risks.

Vulnerability Assessment: This topic covers the process of identifying vulnerabilities in a system/network, and how to prioritize and address them.

Authentication and Authorization: This topic covers the methods of verifying the identity of a user and granting access to resources accordingly.

Physical Security: This topic covers the physical security measures that can be put in place to mitigate the risk of data breaches, such as access control and biometric authentication.

Cryptography: This topic covers the fundamentals of cryptography, such as encryption and decryption techniques, hashing, certificates, and digital signatures.

Network Security: This topic covers network security concepts such as firewalls, intrusion detection/prevention systems, and virtual private networks.

Web application security: This topic covers security considerations for web applications, such as injection attacks, cross-site scripting, and session hijacking.

Incident Response: This topic covers how to respond to security incidents and minimize the impact of the breach.

Compliance regulations: This topic covers security standards and regulations such as HIPAA, PCI DSS, and GDPR.

Penetration Testing: In this type of security testing, ethical hackers will try to discover vulnerabilities in a system or network by attempting to exploit them, just like a real hacker would.

Vulnerability Scanning: This type of assessment involves using automated tools to scan a system or network for known vulnerabilities, with the aim of identifying and categorizing them in order of severity.

Security Auditing: This is a more comprehensive type of testing that involves reviewing all aspects of a system or network's security, from access controls to network configuration, in order to identify potential weaknesses and threats.

Risk Assessment: In this type of testing, security professionals will use their knowledge of known threats and attack vectors to identify and measure the level of risk that a system or network is exposed to.

Brute Force Testing: Commonly used for password cracking and intrusion detection purposes, this type of testing involves repeatedly attempting to access a system or network using password combinations or attempts at guessing user roles.

Social Engineering: Social engineering is the practice of manipulating people into divulging confidential information or performing actions that are not in their best interest. Security professionals use this type of testing to evaluate the effectiveness of their training methods and to identify potential threats.

Fuzz Testing: This technique involves trying to discover a software program's vulnerabilities by providing unexpected, invalid or random input to see how the program responds.

Code Review: Security professionals use this type of testing to evaluate the security levels of software applications with the aim of identifying and remediating potential issues before deployment.

Threat Analysis: This is a type of testing that is used to identify and assess potential threats to a network or system, such as risks posed by malware, hackers, or other types of attack vectors.

SQL Injection Testing: This type of testing involves attempting to inject malicious SQL commands into a database or web application in order to gain unauthorized access to data or to compromise the security of a system or network.

What is a penetration test?

- "A penetration test, colloquially known as a pentest or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system."

How does a penetration test differ from a vulnerability assessment?

- "This is not to be confused with a vulnerability assessment."

What is the purpose of a penetration test?

- "The test is performed to identify weaknesses (or vulnerabilities), including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed."

How does a penetration test determine its target system?

- "The process typically identifies the target systems and a particular goal, then reviews available information and undertakes various means to attain that goal."

What are the different types of penetration test targets?

- "A penetration test target may be a white box...or a black box... A gray box penetration test is a combination of the two."

What is the importance of reporting security issues identified during a penetration test?

- "Security issues that the penetration test uncovers should be reported to the system owner."

What do penetration test reports assess?

- "Penetration test reports may also assess potential impacts to the organization and suggest countermeasures to reduce the risk."

How does the UK National Cyber Security Center define penetration testing?

- "The UK National Cyber Security Center describes penetration testing as: 'A method for gaining assurance in the security of an IT system by attempting to breach some or all of that system's security, using the same tools and techniques as an adversary might.'"

What are the goals of a penetration test?

- "The primary goal focused on finding vulnerabilities that could be exploited by a nefarious actor and informing the client of those vulnerabilities along with recommended mitigation strategies."

How does penetration testing relate to security audits?

- "Penetration tests are a component of a full security audit."

Which standards or frameworks exist for conducting penetration tests?

- "Several standard frameworks and methodologies exist for conducting penetration tests. These include the Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), the NIST Special Publication 800-115, the Information System Security Assessment Framework (ISSAF), and the OWASP Testing Guide."

What does CREST provide in relation to penetration testing?

- "CREST, a not for profit professional body for the technical cybersecurity industry, provides its CREST Defensible Penetration Test standard that provides the industry with guidance for commercially reasonable assurance activity when carrying out penetration tests."

What is "flaw hypothesis methodology" in penetration testing?

- "Flaw hypothesis methodology is a systems analysis and penetration prediction technique where a list of hypothesized flaws in a software system are compiled."

How is the list of hypothesized flaws prioritized in flaw hypothesis methodology?

- "The list of hypothesized flaws is then prioritized on the basis of the estimated probability that a flaw actually exists, and on the ease of exploiting it to the extent of control or compromise."

What are the different types of penetration testing?

- "Network (external and internal), Wireless, Web Application, Social Engineering, and Remediation Verification."