Conference Paper

Knowledge Extraction and Integration for Information Gathering in Penetration Testing

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... Las características del entorno de prueba pueden imposibilitar la ejecución de determinadas pruebas de seguridad como por ejemplo la ejecución de actividades de OSINT (Open Source Intelligence) (Kothia, Swar, & Jaafar, 2019) desde Internet si se trata de una aplicación web que no se ha puesto en producción. ...
... Utilización de consultores externos: la organización puede apoyarse en consultores externos para que le ayuden a evaluar el resultado de la prueba de penetración y puedan asesorar su traducción en políticas y controles técnicos efectivos para la erradicación de las vulnerabilidades encontradas. Como fue mencionado anteriormente, las herramientas automatizadas de seguridad desempeñan un papel importante durante una prueba de penetración, por este motivo, es nece-sario complementar estas medidas con el establecimiento de estrategias para focalizar su uso y ejecución (Bari & Ahamad, 2016;Hasan & Meva, 2018;Kothia et al., 2019;Manaseer et al., 2018;Mansfield-Devine, 2018;Miaoui & Boudriga, 2019;Sina, 2019;Such et al., 2016;Türpe & Eichler, 2009;Work, 2019;Wu et al., 2019), minimizando de este modo la afectación sobre el rendimiento y otros posibles impactos negativos que puedan tener sobre la aplicación web objetivo: ...
Article
Full-text available
This paper systematizes the main security risks that may be associated with penetration testing in web applications. Bibliographic sources and reports of a high scientific and technical level were consulted for the study. Thirty-one risks were identified and described, classified into two groups: those associated with direct damage to the confidentiality, integrity and availability of web application information and those related to the performance of a deficient penetration test and whose partial results also indirectly affect the security of web portals, the latter were divided into risks of scope and time, technological infrastructure and personnel. For the treatment of the described risks, a set of 14 basic recommendations is provided for the conformation of a mitigation strategy according to the existing test scenarios. It also focuses on how to apply automated vulnerability assessment tools to limit damage to web applications. The results achieved are highly relevant given the need for those involved in penetration testing processes to have a conceptual starting point that favors the treatment of risks and better contextualizes the decisions taken in order to solve the security vulnerabilities found through this type of security assessment.
... 239 condiciones organizativas y técnicas necesarias para ello, establecer un mecanismo de comunicación continuo, así como garantizar la auditabilidad de la prueba de penetración, aumentando la transparencia sobre las conclusiones reflejadas en el reporte final.14. Utilización de consultores externos: La organización puede apoyarse en consultores externos para que le ayuden a evaluar el resultado de la prueba de penetración y puedan asesorar su traducción en políticas y controles técnicos efectivos para erradicar las vulnerabilidades encontradas.Las herramientas automatizadas de seguridad desempeñan un papel importante durante una prueba de penetración, por este motivo, es necesario complementar estas medidas con el establecimiento de estrategias para focalizar su uso y ejecución(Bari & Ahamad;Hasan & Meva, 2018;Kothia et al., 2019;Manaseer et al., 2018;Mansfield-Devine, 2018;Miaoui & Boudriga, 2019;Nieles, Dempsey, & Pillitteri, 2017; PMI, 2017;Shon, 2019;Sina, 2019;Stallings & Brown, 2018;Such et al., 2016;Türpe & Eichler, 2009;Work, 2019;Wu et al., 2019;Yin et al., 2018):1. Inferencia de vulnerabilidades mediante interacciones de bajo impacto: Se extrae información de las peticiones HTTP resultantes de aplicar dinámicas similares a las realizadas por un usuario común. ...
Article
Full-text available
This paper systematizes the main security risks that may be associated with penetration testing in web applications. Bibliographic sources and reports of a high scientific and technical level were consulted for the study. Thirty-one risks were identified and described, classified into two groups: those associated with direct damage to the confidentiality, integrity and availability of web application information and those related to the performance of a deficient penetration test and whose partial results also indirectly affect the security of web portals, the latter were divided into risks of scope and time, technological infrastructure and personnel. For the treatment of the described risks, a set of 14 basic recommendations is provided for the conformation of a mitigation strategy according to the existing test scenarios. It also focuses on how to apply automated vulnerability assessment tools to limit damage to web applications. The results achieved are highly relevant given the need for those involved in penetration testing processes to have a conceptual starting point that favors the treatment of risks and better contextualizes the decisions taken in order to solve the security vulnerabilities found through this type of security assessment.
Conference Paper
Full-text available
Na fase inicial do pentest, denominada Inteligência de Fontes Abertas (Open Source Intelligence-OSINT), executa-se o Google Hacking (GH), prática que utiliza strings compostas por operadores de pesquisa chamadas Dorks. Para melhorar o desempenho do pentest, tornando-o automático, pode-se utilizar Inteligência Artificial. O objetivo deste trabalho foi desenvolver e aplicar uma abordagem de Inteligência de Fontes Abertas com Mapas Auto-Organizáveis de Kohonen e Processamento de Linguagem Natural na execução automática de Dorks para melhorar o desempenho da prática do Google Hacking. A abordagem proposta foi desenvolvida em 10 fases, inclusive com a aplicação do Processamento de Linguagem Natural no pré-processamento das Dorks e dos Mapas Auto-Organizáveis na geração de 53 agrupamentos de Dorks. A execução automática do menor agrupamento foi 3 vezes mais rápida que a manual e a execução automática do maior agrupamento foi 4 vezes mais rápida. Concluiu-se, que a abordagem desenvolvida melhorou o desempenho da prática do GH.
Article
Full-text available
Na fase inicial do pentest, denominada Inteligência de Fontes Abertas (Open Source Intelligence-OSINT), executa-se o Google Hacking (GH), prática que utiliza strings compostas por operadores de pesquisa chamadas Dorks. Para melhorar o desempenho do pentest, tornando-o automático, pode-se utilizar Inteligência Artificial. O objetivo deste trabalho foi desenvolver e aplicar uma abordagem de Inteligência de Fontes Abertas com Mapas Auto-Organizáveis de Kohonen e Processamento de Linguagem Natural na execução automática de Dorks para melhorar o desempenho da prática do Google Hacking. A abordagem proposta foi desenvolvida em 10 fases, inclusive com a aplicação do Processamento de Linguagem Natural no pré-processamento das Dorks e dos Mapas Auto- Organizáveis na geração de 53 agrupamentos de Dorks. A execução automática do menor agrupamento foi 3 vezes mais rápida que a manual e a execução automática do maior agrupamento foi 4 vezes mais rápida. Concluiu-se, que a abordagem desenvolvida melhorou o desempenho da prática do GH.
Article
Full-text available
Reconnaissance or footprinting is the technique used for gathering information about computer systems and the entities they belong to. To exploit any system, a hacker might use various tools and technologies. This information is very useful to a hacker who is trying to crack a whole system. Subdomain enumeration plays a vital role in reconnaissance. Enumeration of subdomains provide an important insight towards the various underlying architecture and enable to find hidden user interfaces and admin panels. The less infrequent and unknown the domain name, the less visitors will visit the site. This enables a blindspot for the easy finding of low hanging vulnerabilities. Some of the most popular various tools used for recon on domains are Amass, Subfinder, KnockPy, altdns, sublis3r. We have done a comparative study and analysis of various functions of these tools on parameters like uniqueness, accuracy, complexity and conclude which works in certain scenarios along with static code analysis to find weak spots within the code infrastructure of each of the tools.
Article
Full-text available
Reconnaissance or footprinting is the technique used for gathering information about computer systems and the entities they belong to. To exploit any system, a hacker might use various tools and technologies. This information is very useful to a hacker who is trying to crack a whole system. Subdomain enumeration plays a vital role in reconnaissance. Enumeration of subdomains provide an important insight towards the various underlying architecture and enable to find hidden user interfaces and admin panels. The less infrequent and unknown the domain name, the less visitors will visit the site. This enables a blindspot for the easy finding of low hanging vulnerabilities. Some of the most popular various tools used for recon on domains are Amass, Subfinder, KnockPy, altdns, sublis3r. We have done a comparative study and analysis of various functions of these tools on parameters like uniqueness, accuracy, complexity and conclude which works in certain scenarios along with static code analysis to find weak spots within the code infrastructure of each of the tools.
Article
Full-text available
Penetration testing is a series of activities undertaken to identify and exploit security vulnerabilities. It helps confirm the effectiveness or ineffectiveness of the security measures that have been implemented. This paper provides an overview of penetration testing. It discusses the benefits, the strategies and the methodology of conducting penetration testing. The methodology of penetration testing includes three phases: test preparation, test and test analysis. The test phase involves the following steps: information gathering, vulnerability analysis, and vulnerability exploit. This paper further illustrates how to apply this methodology to conduct penetration testing on two example web applications.
Thesis
Full-text available
Network scanning and vulnerability testing relies on tools and processes to scan the network and its devices for vulnerabilities. This aids in refining any organization's security policy due to identification of vulnerabilities, and guarantees that the security measures taken actually gives the protection that the organization expects and requires. Administrator needs to perform vulnerability scan periodically which helps them to uncover shortcomings of network security that can lead to device or information being compromised or destroyed by exploits. Different implementations & tools of network scanning have distinctive proficiency and have different kinds of outputs. These outputs are typically heterogeneous which makes the further analysis a challenging task. In this dissertation, two basic open source scanners are considered NMAP & OpenVAS. We show how to incorporate this two scanners into a decently outlined GUI and give reliable information. On the basis of impediments of NMAP and OpenVAS, another tool is developed which holds best of both devices alongside overcoming few drawbacks. Network scanner created under this dissertation performs scanning over the network identifying the active hosts and conjecture the OS of the remote hosts and installed programs into the remote hosts. Apart identifying the active hosts it could find open ports and list the services which are running in the host. Further vulnerabilities scanning is performed by comparing the information obtained from a network scan to a database of vulnerability signatures to produce a list of vulnerabilities that are presumably present in the network. Along with performing network scanning and vulnerability assessment, auto-scan mechanism is also added in new tool to test device when they are compromised. In this dissertation, features of new tool is explored. In other words, network mapping, vulnerabilities and configuration faults in network are shown in various formats. Also, an easy approach is defined to reduce the scan duration of vulnerability.
Article
Some programming languages become widely popular while others fail to grow beyond their niche or disappear altogether. This paper uses survey methodology to identify the factors that lead to language adoption. We analyze large datasets, including over 200,000 SourceForge projects, 590,000 projects tracked by Ohloh, and multiple surveys of 1,000-13,000 programmers. We report several prominent findings. First, language adoption follows a power law; a small number of languages account for most language use, but the programming market supports many languages with niche user bases. Second, intrinsic features have only secondary importance in adoption. Open source libraries, existing code, and experience strongly influence developers when selecting a language for a project. Language features such as performance, reliability, and simple semantics do not. Third, developers will steadily learn and forget languages. The overall number of languages developers are familiar with is independent of age. Finally, when considering intrinsic aspects of languages, developers prioritize expressivity over correctness. They perceive static types as primarily helping with the latter, hence partly explaining the popularity of dynamic languages.
Article
With increasing world-wide connectivity of Information systems, and growth in accessibility of data resources, the threat to the Integrity and Confidentiality of Data and Services has also increased. Every now and then cases of Hacking and Exploitation are being observed. So in order to remain immune and minimize such threats, the Organizations conduct regular Vulnerability Assessment and Penetration Testing (VAPT) on their Technical Assets [1]. We at IDRBT have developed a new automated VAPT Testing Tool named Net-Nirikshak 1.0 which will help the Organizations to assess their Application/Services and analyze their Security Posture. Net-Nirikshak 1.0 detects the vulnerabilities based on the applications and Services being used on the target system. Apart from these it detects the SQL Injection vulnerabilities and reports all the Identified vulnerable links on the Target. Further the tool can also exploit the identified SQLI vulnerable links and grab confidential information from Target.The automated VAPT report generated by the tool is sent to the specified Email and all the traces of Scan along with the Report are removed from the Hard disk so as to ensure the Confidentiality of the VAPT Report. All the Technical and Operational aspects of Net-Nirikshak 1.0 are described in this paper along with the Outputs of a sample VAPT Test conducted on www.webscantest.com using Net-Nirikshak 1.0
Conference Paper
Internet-wide network scanning has numerous security applications, including exposing new vulnerabilities and tracking the adoption of defensive mechanisms, but probing the entire public address space with existing tools is both difficult and slow. We introduce ZMap, a modular, open-source network scanner specifically architected to perform Internet-wide scans and capable of surveying the entire IPv4 address space in under 45 minutes from user space on a single machine, approaching the theoretical maximum speed of gigabit Ethernet. We present the scanner architecture, experimentally characterize its performance and accuracy, and explore the security implications of high speed Internet-scale network surveys, both offensive and defensive. We also discuss best practices for good Internet citizenship when performing Internet-wide surveys, informed by our own experiences conducting a long-term research survey over the past year.
Article
Nmap Network Scanning is the official guide to the Nmap Security Scanner, a free and open source utility used by millions of people for network discovery, administration, and security auditing. From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book suits all levels of security and networking professionals. A 42-page reference guide documents every Nmap feature and option, while the rest of the book demonstrates how to apply those features to quickly solve real-world tasks. Examples and diagrams show actual communication on the wire. Topics include subverting firewalls and intrusion detection systems, optimizing Nmap performance, and automating common networking tasks with the Nmap Scripting Engine. Hints and instructions are provided for common uses such as taking network inventory, penetration testing, detecting rogue wireless access points, and quashing network worm outbreaks. Nmap runs on Windows, Linux, and Mac OS X. Nmap's original author, Gordon "Fyodor" Lyon, wrote this book to share everything he has learned about network scanning during more than 11 years of Nmap development. Visit http://nmap.org/book for more information and sample chapters.
Article
Penetration testing is widely used to help ensure the security of web applications. Using penetration testing, testers discover vulnerabilities by simulating attacks on a target web application. To do this efficiently, testers rely on automated techniques that gather input vector information about the target web application and analyze the application's responses to determine whether an attack was successful. Techniques for performing these steps are often incomplete, which can leave parts of the web application untested and vulnerabilities undiscovered. This paper proposes a new approach to penetration testing that addresses the limitations of current techniques. The approach incorporates two recently developed analysis techniques to improve input vector identification and detect when attacks have been successful against a web application. This paper compares the proposed approach against two popular penetration testing tools for a suite of web applications with known and unknown vulnerabilities. The evaluation results show that the proposed approach performs a more thorough penetration testing and leads to the discovery of more vulnerabilities than both the tools. Copyright © 2011 John Wiley & Sons, Ltd.
Conference Paper
Penetration testing is the art of finding an open door. It is not a science as science depends on falsifiable hypotheses. The most penetration testing can hope for is to be the science of insecurity - not the science of security nasmuch as penetration testing can at most prove insecurity by falsifying the hypothesis that any system, network, or application is secure. To be a science of security would require falsifiable hypotheses that any given system, network, or application was insecure, something that could only be done if the number of potential insecurities were known and enumerated such that the penetration tester could thereby falsify (test) a known-to-be-complete list of vulnerabilities claimed to not be present. Because the list of potential insecurities is unknowable and hence unenumerable, no penetration tester can prove security, just as no doctor can prove that you are without occult disease. Putting it as Picasso did, "Art is a lie that shows the truth" and security by penetration testing is a lie in that on a good day can show the truth. These incompleteness and proof-by-demonstration characteristics of penetration testing ensure that it remains an art so long as high rates of technical advance remains brisk and hence enumeration of vulnerabilities an impossibility. Brisk technical advance equals productivity growth and thereby wealth creation, so it is forbidden to long for a day when penetration testing could achieve the status of science.
Quantitative analysis of automation and manual testing
  • sharma
R. Sharma, "Quantitative analysis of automation and manual testing," International Journal of Engineering and Innovative Technology, vol. 4, no. 1, 2014.
System and method of identifying internet-facing assets
  • D K Pon
  • E Manousos
  • C Kiernan
  • B Adams
  • M Chiu
  • J Edgeworth
D. K. Pon, E. Manousos, C. Kiernan, B. Adams, M. Chiu, and J. Edgeworth, "System and method of identifying internet-facing assets," Apr. 21 2016, uS Patent App. 14/520,029.
Fedramp penetration test guidance
  • fedramp
P. FedRAMP, "Fedramp penetration test guidance," The Federal Risk and Authorization Program, 2015.
Nist sp 800-115: technical guide to information security testing and assessment
  • K Stouffer
  • J Falco
  • K Scarfone
K. Stouffer, J. Falco, and K. Scarfone, "Nist sp 800-115: technical guide to information security testing and assessment," National Institute of Standards and Technology, 2008.
Open-source security testing methodology manual
  • herzog
P. Herzog, "Open-source security testing methodology manual," Institute for Security and Open Methodologies (ISECOM), vol. 3, 2010.
Conducting a penetration test on an organization
  • wai
C. Wai, "Conducting a penetration test on an organization," SANS Institute InfoSec Reading Room, vol. 1, pp. 1-14, 2002.
A study on the information gathering method for penetration testing
  • stoica
A. Stoica, "A study on the information gathering method for penetration testing," Security Engineering, vol. 5, no. 5, pp. 411-418, 2008.
System and method of identifying internet-facing assets
  • pon