path you’re going down until you can’t hack it any longer (pun intended). If you haven’t found any vulnerabilities, you haven’t looked hard enough. Vulnerabilities are there. If you uncover something big such as a weak password or SQL injection on an external system, you need to share that information with the key players (developers, database administrators, IT managers, and so on) as soon as possible to plug the hole before it’s exploited.
The specific deliverables: Deliverables may include vulnerability scanner reports and your own distilled report outlining important vulnerabilities to address, along with recommendations and countermeasures to implement.
Selecting tools
As in any project, if you don’t have the right tools for your security testing, you’ll have difficulty accomplishing the task effectively. Having said that, just because you use the right tools doesn’t mean that you’ll discover all the right vulnerabilities. Experience counts.
Many tools focus on specific tests, and no tool can test for everything. For the same reason that you wouldn’t drive a nail with a screwdriver, don’t use a port scanner to uncover specific network vulnerabilities or a wireless network analyzer to test a web application. You need a set of specific tools for the task. The more (and better) tools you have, the easier your security testing efforts will be.
Make sure that you’re using tools like these for your tasks:
To crack passwords, you need cracking tools such as Ophcrack and Proactive Password Auditor.
For an in-depth analysis of a web application, a web vulnerability scanner (such as Acunetix Web Vulnerability Scanner or Probely) is more appropriate than a network analyzer (such as Wireshark or OmniPeek).
The capabilities of many security and hacking tools are misunderstood. This misunderstanding has cast a negative light on otherwise excellent and legitimate tools; even government agencies around the world are talking about making them illegal. Part of this misunderstanding is due to the complexity of some of these security testing tools, but it’s largely based in ignorance and the desire for control. Whichever tools you use, familiarize yourself with them before you start using them. That way, you’re prepared to use the tools in the ways that they’re intended to be used. Here are ways to do that:
Read the readme and/or online help files and FAQs (frequently asked questions).
Study the user guides.
Use the tools in a lab or test environment.
Watch tutorial videos on YouTube (if you can bear the poor production of most of them).
Consider formal classroom training from the security-tool vendor or another third-party training provider, if available.
Look for these characteristics in tools for security testing:
Adequate documentation
Detailed reports on discovered vulnerabilities, including how they might be exploited and fixed
General industry acceptance
Availability of updates and responsiveness of technical support.
High-level reports that can be presented to managers or nontechnical types (especially important in today’s audit- and compliance-driven world)
These features can save you a ton of time and effort when you’re performing your tests and writing your final reports.
Executing the plan
Good security testing takes persistence. Time and patience are important. Also, be careful when you’re performing your tests. A criminal on your network or a seemingly benign employee looking over your shoulder may watch what’s going on and use this information against you or your business.
Making sure that no hackers are on your systems before you start isn’t practical. Just be sure to keep everything as quiet and private as possible, especially when you’re transmitting and storing test results. If possible, encrypt any emails and files that contain sensitive test information or share them via a cloud-based file sharing service.
You’re on a reconnaissance mission. Harness as much information as possible about your organization and systems — much as malicious hackers do. Start with a broad view and narrow your focus. Follow these steps:
1 Search the Internet for your organization’s name, its computer and network system names, and its IP addresses.Google is a great place to start.SAMPLE SECURITY TESTING TOOLSWhen selecting the right security tool for the task, ask around. Get advice from your colleagues and from other people via Google, LinkedIn, and YouTube. Hundreds, if not thousands, of tools are available for security tests. Following are some of my favorite commercial, freeware, and open-source security tools:Acunetix Web Vulnerability ScannerCain & AbelBurp SuiteCommView for WiFiElcomsoft System RecoveryLUCYManageEngine Firewall AnalyzerMetasploitNessusNetScanTools ProNetsparkerOmniPeekProactive Password AuditorProbelyQualysSoftPerfect Network ScannerI discuss these tools and many others in Parts 2 through 5 in connection with specific tests. The appendix contains a more comprehensive list of these tools for your reference.
2 Narrow your scope, targeting the specific systems you’re testing.Whether you’re assessing physical security structures or web applications, a casual assessment can turn up a lot of information about your systems.
3 Further narrow your focus by performing scans and other detailed tests to uncover vulnerabilities on your systems.
4 Perform the attacks and exploit any vulnerabilities you find (if that’s what you choose to do).
Check out Chapters 4 and 5 for information and tips on this process.
Evaluating results
Assess your results to see what you’ve uncovered, assuming that the vulnerabilities haven’t been made obvious before now. Knowledge counts. Your skill in evaluating the results and correlating the specific vulnerabilities discovered will get better with practice. You’ll end up knowing your systems much better than anyone else does, which will make the evaluation process much simpler moving forward.
