Improving Application Security through Penetration...
Transcript of Improving Application Security through Penetration...
![Page 1: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/1.jpg)
Improving Application Securitythrough Penetration Testing
Dominick Baier ([email protected])Security Consultant / BS 7799 Lead AuditorERNW GmbH
![Page 2: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/2.jpg)
2
Outline
• What is Penetration Testing and Auditing• Standards and Ethics• The Process of Testing• Pen-Testing Web Applications• The Tools
![Page 3: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/3.jpg)
3
"Improving the Security of Your Site byBreaking Into it"(Dan Farmer/Wietse Venema, 1993)http://www.fish.com/security/admin-guide-to-cracking.html
![Page 4: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/4.jpg)
4
Penetration Testing vs. Auditing
• Penetration Testing– Simulating a motivated attacker for a specific amount of time– Black Box / White Box Approach– Is more like a snapshot of the current security of a system or a
business process
• Auditing– Analyzing
• Configuration Files• Architecture• Source Code
– Policy conformance• Operational Plans and Procedures
![Page 5: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/5.jpg)
5
Why Penetration Testing
• To measure the security of a system, network or a businessprocess– By a third party
• To assess possible Risks
• To make the upper management "security aware"
![Page 6: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/6.jpg)
6
Possible Goals of a Penetration Test
• How much information about our network is publiclyavailable ?
• Is it possible to compromise this and that system ?• Is it possible to disturb business process X ?• How effective work our security controls ?
– Firewall– AntiVirus / Spam / Content Filter– Intrusion Detection Systems
• Is our Information Security Policy correctly enforced ?• Can employees compromise workstation security?
• "Are we safe ?"
![Page 7: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/7.jpg)
7
What can be tested
• Servers and Workstations– Web Server– Database Server– Domain Controller– Workstations
• Infrastructure– Network Devices– Wireless Networks– Dial-In Access– VPNs
• Applications• Employees (Social Engineering)
![Page 8: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/8.jpg)
8
Attackers to simulate
• Outside Attackers– Script Kiddies– Competitors– Terrorists– Journalists
• Insiders– Employees– Disgruntled Employees– Contractors– Consultants
![Page 9: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/9.jpg)
9
Standards
• Pete Herzogs's OSSTM"Open Source Security Testing Methodology Manual"– Very practical approach– Checklists of what and in which order to test– List of tools
• ISO 17799 / BS 7799 Standard for Information Security– Focuses more on the policy and paper work side of security– Extensive catalog of security controls– Defines a standard for audits
• NIST Guidelines for Network Security Testing
![Page 10: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/10.jpg)
10
Ethics
• Findings are under strict NDAs
• No information gathered during the test – is sent in clear text over the internet– is used for personal profit
• ISACA Code of Professional Ethics• ISC2 Code of Ethics
• Full Disclosure
![Page 11: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/11.jpg)
11
The STRIDE Threat Model
• STRIDE– Spoofing Identity– Tampering with data– Repudiation– Information Disclosure– Denial of Service– Elevation of Privilege
![Page 12: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/12.jpg)
12
The Pen-Tester's Mantra
• Segregation of Duties• Minimal Machine• Least Privilege• Patch-Level• Defense in Depth• Secure the Weakest Link• Strong Authentication
![Page 13: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/13.jpg)
13
Course of Actions
• Opening Meeting– Goals of the Pen-Test– Scope– Responsible Admins
• The Audit / Test itself
• The Report– Found issues– Countermeasures– Prioritization
• Closing Meeting
![Page 14: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/14.jpg)
14
Stages of a Pen-Test
• Gathering Information• Analyzing the Infra-Structure• Analyzing the Machines
– Fingerprinting– Port / Vulnerability-Scanning– Attacking the System / Proof of Concept
• Analyzing Applications– Functional / Structural Analysis– Attacking Authentication and Authorization– Attacking Data and Back-End Communication– Attacking Clients
![Page 15: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/15.jpg)
15
Information Gathering
• In this phase you try to compile as much publicly availableinformation as possible
– Internic– IANA / RIPE– Whois– Google / Usenet– Private homepages of employees– Email Addresses– Telephone numbers
![Page 16: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/16.jpg)
16
![Page 17: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/17.jpg)
17
![Page 18: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/18.jpg)
18
Information Gathering
• Google Search-Syntax
– allintitle:”Index of /etc”– site:gov site:mil site:ztarget.com– filetype:doc filetype:pdf filetype:xls– intitle:, inurl:, allinurl:– allinurl:mssql, allinurl:gw …– inurl:".aspx?ReturnUrl="– "+www.ernw.+de"– related:www.ernw.de– login site:www.microsoft.com– [cached]
![Page 19: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/19.jpg)
19
![Page 20: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/20.jpg)
20
![Page 21: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/21.jpg)
21
![Page 22: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/22.jpg)
22
![Page 23: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/23.jpg)
23
![Page 24: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/24.jpg)
24
![Page 25: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/25.jpg)
25
Information Gathering
• Mailing-Lists / Forums / Usenet– Some vendors even post internal support questions to public
newsgroups
?
![Page 26: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/26.jpg)
26
Information Gathering
• Mailing-Lists / Forum / Usenet
Invitation?
![Page 27: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/27.jpg)
27
Analyzing the Infra-Structure and Machines
• A layered modell
Data
Application
Service
OS
Data
Application
Service
OS
Network
![Page 28: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/28.jpg)
28
Analyzing the Infra-Structure and Machines
• The Reality
BrowserWeb
ServerApplication
ServerDatabase
Server
AuthDatabase
Web Content
Data
AuditLogs
HTTP
LDAP
DCOM
CORBA
SOCKETS
![Page 29: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/29.jpg)
29
Analyzing the Infra-Structure and Machines
• Querying System and DNS Information• Portscanning• Fingerprinting• Vulnerability Scanning• Exploiting a Vulnerability
![Page 30: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/30.jpg)
30
Querying System and DNS Information
• TraceRoute– Tracing the network route give you information about
• The provider• Type of connection
– Simple / Redundant / Load Balanced– At which hop gets ICMP blocked?
![Page 31: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/31.jpg)
31
Querying System and DNS Information
• DNS Zone transfer– DNS Server should be configured to allow Zone Transfers only
to specific peers– DNS Zones are very interesting
• Which machines are listed in the Zone• Get information about IP network-structure
![Page 32: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/32.jpg)
32
Portscanning & Fingerprinting
• Port Scanning gives you information about which ports a machine listens on
• Every open port is potentially vulnerable• More advanced scanners try to figure out what kind of
software (+ vendor and version) is installed
• Most popular Port Scanners– SuperScan (www.foundstone.com)– NMAP (www.insecure.org/nmap)
![Page 33: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/33.jpg)
33
Banner Grabbing
• Connect with Netcat or Telnet to a service• You will often get detailed information
![Page 34: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/34.jpg)
34
Vulnerability Scanner
• Automated scanners that check for known vulnerabilities– They often give you more information for vulnerability
investigation
• There are vulnerability and exploit databases on the internet– SecurityFocus (www.securityfocus.com)– Packet Storm (www.packetstormsecurity.com)
![Page 35: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/35.jpg)
35
Vulnerability Scanner
• System / Host Scanner– Nessus (www.nessus.org)– Retina (www.eeye.com)– ISS Security Scanner (www.iss.net)– Microsoft MBSA (www.microsoft.com)
• Database Scanner– MetaCoreTex (www.metacoretex.com)– AppSecInc AppDetective (www.appsecinc.com)– ISS Database Scanner (www.iss.net)
• Web Server Scanner– Nikto (www.cirt.net)
![Page 36: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/36.jpg)
36
Vulnerability Investigation
• www.securityfocus.com/bid
![Page 37: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/37.jpg)
37
Vulnerability Investigation
• www.packetstormsecurity.org
![Page 38: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/38.jpg)
38
Pen-Testing Web Applications
• Visualize the HTTP Traffic– Sniffer (e.g. Ethereal)– Web Proxies
• Achilles (http://packetstormsecurity.nl/web/achilles-0-27.zip)• Fiddler (www.fiddlertool.com)• WebProxy (www.atstake.com)
– Hand craft HTTP Requests• Wfetch & Tinyget (IIS6 Resource Kit)
Email Addresses
NN/about/about.aspx
Login PagePOSTYN/login/login.aspx
NN/Index.aspx
CommentGET/POSTSSL?Auth?PathPage
![Page 39: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/39.jpg)
39
Structural Analysis
• ...or graphical
![Page 40: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/40.jpg)
40
Pen-Testing Web Applications
• Try some URLs– Common Directories
• /html, /images, /jsp, /cgi– "Hidden" Directories
• /admin, /secure, /adm, /management– Backup and Log Files
• /.bak, /backup, /back, /log, /logs, /archive, /old– Include Files
• /include, /inc, /js, /global, /local– Lokalized Versions
• /de, /en, /1033– trace.axd
• Look at the HTTP Status Codes– Everything besides 404 ist interesting
![Page 41: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/41.jpg)
41
Pen-Testing Web Applications
• Look for– Cascading Style Sheets (.css)– XML Dateien / XML Stylesheets (.xml / .xsl)– JavaScript Dateien (.js)– Include Files (.inc)– Text Dateien (.txt)– Comments– Client-Side Validation– Forms
• Hidden Fields• Password Fields• MaxLength Attributes
![Page 42: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/42.jpg)
42
Pen-Testing Web Applications
• "Odd" Query Strings
• Cookie values
www.site.com/show.aspx?content=marketing.xmlwww.site.com/UserArea/default.php?UserID=5www.site.com/dbsubmit.php?Title=Mr&Phone=123www.site.com/menu.asp?sid=73299
![Page 43: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/43.jpg)
43
Canonicalization Errors
• Popular Examples– Apache WebServer
• /scripts und /SCRIPTS– Microsoft IIS 5
• ../ and .%2e%2f– ISS Firewall
• action=delete and action=%64elete– Microsoft IE4
• Dotless IP Bug
– ASP.NET Authorization Canonicalization Bug• http://localhost/formsec/secure%5csecret.aspx
![Page 44: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/44.jpg)
44
Resource Names
• Example
• Can I use this page to show other files?
• Try some variations
http://server/cms/show.aspx?file=content.xml
http://server/cms/show.aspx?file=../web.config.http://server/cms/show.aspx?file=../web.config::$DATAhttp://server/cms/show.aspx?file=..%5cweb.confighttp://server/cms/show.aspx?file=..%255cweb.confighttp://server/cms/show.aspx?file=..%%35%63web.config
http://server/cms/show.aspx?file=../web.config
![Page 45: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/45.jpg)
45
Testing for SQL Injection
• Try if you can inject SQL code in forms• If the programmer simply concatenates user input with SQL
statements a database compromise is most likely possible
• Try to generate errors– Insert a ' character– Does the application behave different ?– Is maybe even a database error returned ?
• You can execute nasty statements through SQL Injection– Union– Drop...– XP_CMDSHELL
![Page 46: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/46.jpg)
46
Testing for Cross Site Scripting
• Cross Site Scripting let's an attacker inject script code in Web Pages
• This happens when the Application directly outputs clientinput whithout proper HTML encoding
• Can be hard to find - look in– Query Strings– Form Fields– HTTP Headers
• Enables Cookie Stealing / Harvesting Attacks
• Many Developers rely on ASPX's ValidateRequest– Try <%00...> encoding
![Page 47: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/47.jpg)
47
Tools
• Automatic Mirroring of Web Sites– wget (www.gnu.org/directory/wget.html)– Black Widow (www.softbytelabs.com)– Teleport Pro (www.tenmax.com)
• Web Scanner– WebInspect (www.spidynamics.com)– NStealth (www.nstalker.com)
• ASP.NET Specific Scanners– ASP.NET Security Analyzer (www.owasp.org)– ASP.NET Shared Hosting Analyzer (www.owasp.org)
![Page 48: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/48.jpg)
48
Conclusion
• Pen-Testing is no Black Magic• Very systematic procedure
• If you follow the 7 golden rules, you can eliminate most of thevulnerabilities
• Do regular Pen-Tests or Audits – you can only benefit– Internal and third party
![Page 49: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/49.jpg)
49
• Questions ?
you can download the slides from www.leastprivilege.com
![Page 50: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/50.jpg)
50
Links
• OSSTM– www.isecom.org
• NIST Draft Guidelines to Network Security Testing– http://csrc.nist.gov/publications/drafts/security-testing.pdf
• ISC2 Code of Ethics: – https://www.isc2.org/cgi/content.cgi?category=12
• ISACA Code of Professional Ethics– http://www.isaca.org/Template.cfm?Section=Code_of_Ethics1
![Page 51: Improving Application Security through Penetration Testingjeduxploit.weebly.com/uploads/9/1/8/6/9186091/pentest.pdf · Improving Application Security through Penetration Testing Dominick](https://reader035.fdocuments.net/reader035/viewer/2022070113/60614df725c2163973195779/html5/thumbnails/51.jpg)
51
Links
• Wfetch– (http://download.microsoft.com/download/d/e/5/de5351d6-
4463-4cc3-a27c-3e2274263c43/wfetch.exe)• NetCat
– http://www.atstake.com/research/ tools/network_utilities/nc11nt.zip)