SECURITY TESTING · leading web security standard “OWASP Testing guide” complemented by the...
Transcript of SECURITY TESTING · leading web security standard “OWASP Testing guide” complemented by the...
SECURITY TESTINGCYBERSECURITY SERVICES
WHO ARE THE THREAT ACTORS?
HACKTIVISMIdeological hacking
Motivation: shifting allegiances – dynamic, unpredictable
Impact on business: distribution of public activities/services, reputation loss
ORGANISED CRIMEGlobal, difficult to trace and to prosecute
Motivation: financial gains
Impact on business: theft of information
INSIDERIntentional or unintentional
Motivation: grudge, financial gain
Impact on business: distribution or destruction, theft of information, reputation loss
OPPORTUNISTICUsually performed by amateur criminals
Motivation: desire for notoriety, profit from finding and exposing flaws in a network
Impact on business: theft of information
INTERNAL USER ERRORSCan damage critical company resources
Motivation: accidental configuration mistakes
Impact on business: largest threats that organizations face — these may damage the whole company or one of the departments
STATE-SPONSOREDEspionage and sabotage
Motivation: political advantage, economic advantage, military advantage
Impact on business: disruption or destruction, theft of information, reputation loss
CYBERSECURITY SERVICES
Hacken provides a wide range of cybersecurity services that respond to the needs of clients. Our team employs the best specialists and technologies in the security industry to capitalize on the extensive experience and to provide custom-tailored
cybersecurity solutions for all businesses. Hacken delivers mature solutions that improve clients’ operational and business performance by following a convergent modern cybersecurity approach to IT infrastructure protection.
https://twitter.com/Hacken_iohttps://twitter.com/Hacken_iohttps://www.facebook.com/hacken.io/https://www.facebook.com/hacken.io/ https://www.linkedin.com/company/hacken/https://www.linkedin.com/company/hacken/ https://blog.hacken.io/@hacken/?utm_source=wp&utm_medium=mn&utm_campaign=hwvulnerabilitieshttps://blog.hacken.io/@hacken/?utm_source=wp&utm_medium=mn&utm_campaign=hwvulnerabilitieshttps://t.me/hackeniohttps://t.me/hackeniohttps://twitter.com/Hacken_io
https://twitter.com/Hacken_io
https://t.me/hackenio
Real-world threat scenario and tailoring the testing to maximize its efficiency
Infrastructure Security Testing
Web Security Testing
Mobile Applications Security Testing
PENETRATION TESTING
Reconnaissance: research the target company
Email phishing testing
Vishing (voice phishing) other methods, if needed
SOCIAL ENGINEERING
Early discovery of bottleneck issues saves business reputation and money:
Basic service with automated tools
Custom-tailored service with tools and custom scripts
LOAD AND PERFORMANCETESTING
Analysis of the functionality of smart contracts
Checks against known vulnerabilities
Basic, Expert, and Comprehensive Security Audit
SMART CONTRACTSECURITY AUDIT
24-hour protection for companies from phishing, pharming, and other impersonation attacks
Fast detection and takedown of phishing websites and chat messages
Takedown of fraudulent Google ads and fake social media accounts
ANTI-PHISHING SERVICES
PENETRATION TESTING
NETWORK AND SYSTEM TESTING APPROACHOur approach is to identify the most serious risks and security flaws first and to focus on the less obvious areas as the project proceeds. First, we test the network for vulnerabilities from the outside. Initially, we conduct the test assuming the point of view of an uninformed attacker. We then gradually increase the amount of information given to testers until we assume the role of a trusted user of the network trying to access an unauthorized resource or
service. The following list provides additional details regarding the specifics of each access level.
The consistent deployment of this approach is ensured by the use of leading security solutions. Further, the expertise of our staff, combined with the use of comprehensive work-programmes that enhance quality control procedures, allows us to consistently deliver the best customer experience.
LAYER 1External penetration testing (naive hacker)• Establish whether unauthorized logical access can be gained via external network interfaces by a “naive” hacker who has limited and/or no previous knowledge of your network.
LAYER 3Internal penetration testing (unauthorised user)• Ascertain whether unauthorized access can be gained via internal penetration and audit testing of your systems by exploiting loopholes in your network’s services and resources.• Determine whether it is possible to manipulate key controls that protect your system(s).• Assess whether existing procedures for responding to such breaches of security are adequate and effective.• Assess the security of certain sensitive servers and workstations.
LAYER 2External penetration testing (supplier/customer level access)• Establish whether unauthorized logical access can be gained via external network components by a hacker who has the same level of access to the target production environment and other key systems as your customers and suppliers.
LAYER 4Firewall and security systems review Analyze the effectiveness of policies employed by your firewalls and administrative infrastructure• Review the configuration of the operating system to ensure secure implementation.• Review the procedures and processes responsible for the monitoring and reporting of incidents on the firewall.• Review network and host security components (e.g. IDS).
NETWORK, SERVERS AND INFRASTRUCTUREAccording to the Cisco 2018 Annual Cybersecurity Report, 31% of security professionals said their organization has already experienced cyber attacks on OT infrastructure. Further, ransomware attacks are growing by more than 350 percent annually.
One of the most common vulnerability assessment activities for companies is penetration testing, which is a proven method of evaluating the security of your computing networks, infrastructure, and application weaknesses by simulating a malicious attack.
Our approachWe combine both manual and automated techniques to
unveil vulnerabilities that could exist in your networks. To ensure your security, we create real-world attack scenarios in a controlled and professional fashion. Hacken helps to ensure your sensitive data is properly protected and compliance requirements being met by imitating the attacks of real hackers.
Key deliverablesConsultant Technical Report with a detailed findings sectionScreenshots or a detailed description regarding the reproduction of security issuesVulnerabilities ranked by Risk level, CWE, CVSS v3.0Remediation recommendations and technical references
THE TESTING PROCESS
STAGE 1. RECONNAISSANCE STAGE 2. NETWORK TESTING
STAGE 4. SCENARIO TESTING STAGE 3. HOST TESTING
Researchexternalportal
information
Identify andconfirm network
targets
Networkmapping andfoot printing
Identify andanalyse thefirewalls/gateways
YESNO
Augment thenetwork
security map
Scan hosts forsecurityexposures
Exploitstandalonesecurityexposures
Any other hostsidentified?
Perform thescenarioanalysis
Exploitnetworkexposures
WEB APPLICATIONSECURITY TESTING
• Password management• Social engineering• Phishing• Update management• Waterhole attacks• Data governance• Administrative access
• Phishing• Framing• Click jacking• Man-in-the-Browser• Buffer Overflow• Data Caching
• Cross-site scripting• Weak input validation• Brute force attacks• Zero-day exploits• Weak session management• Vulnerable libraries• Privileges escalation
Web Server• Platform vulnerabilities• Server misconfiguration• Cross-site scripting• Cross-site request forgery• Weak input validation• Brute force attacksDatabase• SQL injection• Privileges escalation• Data dumping• OS command execution• Privileges escalation
THE BROWSERTHE USER
THE APPLICATION THE BACKEND
Many web apps process sensitive data such as user and financial information, which means they are of huge interest to cybercriminals. As web apps become increasingly complex, the range of exploitable vulnerabilities is rising - like all software, they inevitably contain defects.
Traditional penetration tests and security reviews do not generally identify application vulnerabilities: no automated tools exist that can perform an adequate security assessment of a custom-tailored application.
Verizon 2017 Data Breach Investigations Report found that “almost 60% of breaches involved web applications either as the asset affected, and/or a vector to the affected asset”.
Our approachOur approach is based on the latest version of the leading web security standard “OWASP Testing guide” complemented by the custom security testing process and experience. We identify vulnerabilities that can be used to steal funds or damage the reputation of the project.
https://twitter.com/Hacken_iohttps://www.facebook.com/hacken.io/ https://www.linkedin.com/company/hacken/ https://blog.hacken.io/@hacken/?utm_source=wp&utm_medium=mn&utm_campaign=hwvulnerabilitieshttps://t.me/hackeniohttps://twitter.com/Hacken_iohttps://www.facebook.com/hacken.io/https://twitter.com/Hacken_iohttps://twitter.com/Hacken_iohttps://www.facebook.com/hacken.io/https://www.facebook.com/hacken.io/ https://www.linkedin.com/company/hacken/https://www.linkedin.com/company/hacken/ https://blog.hacken.io/@hacken/?utm_source=wp&utm_medium=mn&utm_campaign=hwvulnerabilitieshttps://blog.hacken.io/@hacken/?utm_source=wp&utm_medium=mn&utm_campaign=hwvulnerabilitieshttps://t.me/hackeniohttps://t.me/hackeniohttps://twitter.com/Hacken_io https://www.linkedin.com/company/hacken/
https://blog.hacken.io/@hacken/?utm_source=wp&utm_medium=mn&utm_campaign=hwvulnerabilities
https://blog.hacken.io/@hacken/?utm_source=wp&utm_medium=mn&utm_campaign=hwvulnerabilities
https://t.me/hackeniohttps://www.facebook.com/hacken.io/
https://www.facebook.com/hacken.io/
The number of mobile device users has been increasing significantly in the last years: more than half the world now uses a smartphone, and mobile applications have become an integral tool in our daily life. Therefore, protecting data used by mobile applications has become critically important. The explosion of apps can be seen in just about every industry;
Hacken assesses the following application security mechanisms:AuthenticationSession ManagementInput ManipulationOutput ManipulationInformation Leakage
MOBILE APPLICATIONTESTING
Browser• Phishing• Framing• Click jacking• Man-in-the-Mobile• Buffer Overflow• Data CachingApplication• Sensitive data storage• No / Weak encryption• Improper SSL validation• Configuration manipulation• Runtime injection• Privileges escalation• Device accessPhone / SMS• Baseband attacks• SMS phishing
Operating System• Password management• Jail breaking / rooting• OS data caching• Data access• Carrier-loaded software• Zero-day exploit
Communication Channels• No / weak Wi-Fi encryption• Rogue access point• Packet sniffing• Man-in-the-middle• Session hijacking• DNS poisoning• Fake SSL certificate
Web Server• Platform vulnerabilities• Server misconfiguration• Cross-site scripting• Cross-site request forgery• Weak input validation• Brute force attacksDatabase• SQL injection• Privileges escalation• Data dumping• OS command execution
THE SYSTEM
THE NETWORK
THE BACKEND
Key deliverables: Consultant Technical Report with detailed findings Remediation recommendations and technical references.
SECURE SOURCE CODE REVIEW
Types of Secure Code Reviews & Analysis
Our approach to delivery Secure Source Code Review project:
Our Secure Source Code Review is a basic mechanism for validating the design and implementation of software. It also helps to maintain a level of consistency in design and implementation practices across projects and among the various modules inside the projects.
Advanced Secure Code Review: Security Code Reviewing of Client code repositories by automotive tools and manual verification of results
Kickoff meeting: Identify Objectives Conduct an Automatic Static code review
Coupling Source Code Review and Penetration Testing - 360° Review
Benefits of Secure Source Code Review
Reporting
Expert Secure Code Review: Line by line security code review of Client code repositories, where manual tests are performed to verify and expand the results of the automatic tools
A secure code review involves manual and/or automated review of an application’s source code to quickly identify security-related weaknesses in the code. We offer the next two type of review
This approach implies that results of a source code review are used to plan and execute a penetration test, and the results of the penetration test are, in turn, used to inform additional source code review.
Secure Source Code can often find programming flaws and bugs such as format string exploits, race conditions, memory leaks, and buffer overflows, thereby improving software security. It helps to improve both the overall quality of software and is a way of helping ensure that the application has been developed to be “self-defending” in its given environment.
We want to learn about your application’s use cases. For us critical to understand the types of bugs that are possible in the code we’re reviewing.
By understanding the context and setting clear objectives we can keep focused during code review.
Using the right tools is vital to the success of your code review. A static analysis tool can be used to automatically check code for compliance with a set of rules and best practices that you’ve predefined. A
static analysis scan is a fast and efficient way to detects low-hanging fruits and hundreds of other vulnerabilities.
For the next pass-over, we reading source code line-by-line in an attempt to identify
prioritize vulnerabilities. It is a tedious process that requires skill, experience, persistence, and patience. Vulnerabilities discovered, and subsequently addressed through the manual review process, can greatly improve an organization’s security posture. Findings give your developers a great starting point when looking for common bugs and vulnerabilities in your code.
Once you’ve completed your code review, the next step is to prioritise the vulnerabilities in order of severity, to ensure that the most serious vulnerabilities get fixed before less serious ones. You can then fix the bugs you’ve identified, and your dev team can learn from those mistakes. How were these bugs found, and how were they fixed? This knowledge will help to improve the code they write in the future.
1 24 3
Reduce costs associated with security bug fixes by producing secure code on an early stage in the software development cycleProactively harden your applications against malicious attacksIdentify and provide remediation guidance on coding flawsValidate security measures and processes against industry best practicesConduct security assessment of key applications and 3rd party softwareSatisfy compliance requirements such as PCI DSS and ISO27001Educate developers on secure coding best practices
SMART CONTRACT AUDITING
The goal of an audit is to help customers to find and fix security issues to protect the application from hacker attacks. Each smart contract contains a unique business logic, and our audit checks
whether a smart contract is vulnerable to known attacks, verifies whether it is free from logical or access control issues, and makes sure that it is compliant with the Solidity Code Style guide.
Team and experience
We are a team of high-level application security experts - every month, we perform 5-10 security audits and share our professional knowledge at conferences all over the globe.
Key features of the service
Hacken provides clients with a detailed report that contains general project info, executive summary, as-is overview, audit overview (highlights all issues and suggests solutions), conclusion, and appendixes with evidence.
Hacken Smart Contract Security Audit
PREPARATION
FUNCTIONALITY OVERVIEW
AUTOMATED TOOLS ANALYSIS
MANUAL ANALYSIS
FINAL STAGE
(OPTIONAL) SECONDARY AUDIT
OUR APPROACH
Security Audit(3-5 days)
Expert Audit(1-2 weeks)
Comprehensive Audit
(2-4 weeks)
Smart Contract Auditing Goals
01
02
03
04
05
06
AUTOMATED TOOLS ANALYSIS
MANUAL ANALYSIS
FINAL STAGE
Training
At CyberSchool developers study the fundamentals of secure development and secure testing as well as understanding the necessary industry regulations and standards.
Discovery
Discovery starts with an analysis to uncover all aspects of the future system which, then enables us to evaluate the terms and resources needed to plan for the development of the system.
System Design
System design starts with research and prototyping to find appropriate final design solutions. It ends with system architecture and threat modeling, to define back-end basis and its possible weaknesses.
Acceptance and Maintenance
We provide real-time security acceptance and maintenance by engaging with thousands of researches who tirelessly test application.s. This approach allows cybersecurity experts to work at finding exceptional vulnerabilities from an attackers mindset.
Secure Development
Secure Development mitigates the risk from internal and external sources, integrates security practices into the software development lifecycle and verifies the security of developed components using secure development testing before they are deployed.
Training Discovery System Design
Research
Prototype
Design
System Architect
Threat Modeling
Secure Development
Acceptance and Maintenance
AnalysisPlaning
Evaluation
Secure Coding
Secure Delivery
Secure Testing
SECURE SOFTWARE DEVELOPMENT
Welcomes Blocks links in 2 modes Anti-spam function
Spam pre-checks Statistics monitoring Whitelist
BlackList Wallet Recognition Fake Telegram Groups Warning
Anti-admin phishing Stopword list Limits the activity of new users
INCIDENT RESPONSE SERVICES
HACKEN ANTI-PHISHING BOT
Hacken provides 24-hour protection for companies from phishing, pharming, and other impersonation attacks.
Key services Continuous monitoring of potentially dangerous domains that engage in impersonation Continuous monitoring of brand mentions from search engines, social networks (Twitter, Facebook, Instagram) and open chats on Telegram for instant phishing detection. Abusive Domain Blocking & Takedown Automated Block & Takedown Manual Attack Takedown Block & Takedown of fake social media accounts (Twitter, Facebook, Instagram) using your brand Marking phishing wallets
Key deliverableContinuous brand name monitoring and protection from attacks and abuses.
Keeps your Telegram channels and groups clean and secure, protects your community against phishers, removes fraudulent links
What it does:
According to the Verizon Data Breach Investigation Report (DBIR, 2017), 43% of the documented breaches involved social engineering attacks. That makes up almost half of the attacks, and it is important to remember that the report only includes reported/documented breaches. Notably, 66% of malware came from malicious email attachments.
SOCIAL ENGINEERING TESTING
Our approach
To identify and gather entry points that can be used to attack a victim with social engineering
To evaluate the effectiveness of technical and organizational measures employed in social engineering attacks
To improve/create company privacy policy, suggest the list of recommendations to eliminate identified weaknesses
Social engineering combines a broad range of malicious techniques:
Email phishingFake or stolen accountsPretextingVishingSMShing or SMiSHingBaitingSpoofing
1
2
4
3
5
Research thetarget company
Develop the relationship
Research summary
Selectvictim
Exploit the relationship
https://twitter.com/Hacken_iohttps://twitter.com/Hacken_iohttps://www.facebook.com/hacken.io/https://www.facebook.com/hacken.io/ https://www.linkedin.com/company/hacken/https://www.linkedin.com/company/hacken/ https://blog.hacken.io/@hacken/?utm_source=wp&utm_medium=mn&utm_campaign=hwvulnerabilitieshttps://blog.hacken.io/@hacken/?utm_source=wp&utm_medium=mn&utm_campaign=hwvulnerabilitieshttps://t.me/hackeniohttps://t.me/hackeniohttps://twitter.com/Hacken_io
https://twitter.com/Hacken_io
https://blog.hacken.io/@hacken/?utm_source=wp&utm_medium=mn&utm_campaign=hwvulnerabilitieshttps://t.me/hackenio
LOAD AND PERFORMANCE TESTING“The Need for Mobile Speed” report by DoubleClick (a Google subsidiary that develops and provides online ad serving services) says: Look at what statistics say:
53% of visits are likely to be abandoned if pages take longer than 3 seconds to load.
4.3% Loss in
revenue per visitor
3.75% Reduction in
clicks
1.8% Drop off in queries
What we provide Basic service Simulating load with automated tools
Custom-tailored service Simulating load with tools and custom scripts
Our approach Creating load scenarios Generating the load Detecting performance issues and analyzing the results.
The testing examines the responsiveness, stability, scalability, reliability, speed and resource usage of your applications and infrastructure to see how well they handle user requests.
01 Project assessment
02 Planning
03 Scripting
04 Test execution
05 Results analysis
06 Reporting
TESTING PROCESS:
CONTACTS
Zero Impact OÜ
zeroximpact.com
Head Office
Tallinn, Lasnamäe linnaosa,
Peterburi tee 47, 11415