The Pentesting has been since its inception the mostly used analysis technique for the vulnerability detection, and troubleshooting. Currently, it is considered one of the most important cybersecurity activities.
We all know the ins and outs offer a wealth of information, where the attacker can use it as he wants, and it is there, where a pentester must act, so that these thefts can be prevented.
Later we will explain you in exact science what this type of activity consists of, and who is known as a pentester. In this article, we have all the information on this topic, including its history.
What is pentesting and what is this type of cybersecurity testing for?
Pentesting It is a technique that has been implemented a lot today, due to the great attacks and frauds that are executed in Internet. It is a subject that it is closely related to cybersecurity. The word pentesting is a compound of penetration and testing, and refers to the practice or countermeasure that is used to prevent failures or vulnerabilities.
This is one of the professions or branch of cybersecurity most in demand today, so that organizations and large industries may have a greater defense against cyber hazards. A pentester or cybersecurity auditor has a fairly wide area of application, and should not be limited to a simple penetration test, since, their work is to avoid failures, and determine the scope of each of them, within the system.
History and Origin When was this test to detect vulnerabilities born?
Computer security was a topic of debate, which lasted many years, starting from 1960, where attacks on communication networks were very constant. But the real start of the pentesting, It was in June 1965, where a conference called by La System Development Corporation (SDC) to discuss security issues and the computer crisis that was occurring at the time.
It was at that conference where one of the participants, from the SDC, was able to invade the system, bypassing all security protections, which were added to it, circumventing the structure and protection of AN / FSQ-32. For this moment, there were only two models of that computer, and one of them was the one who used the United States Central Intelligence Agency. Clearly, such an act was of great alarm throughout the computer society.
After so much study, it was in the spring of 1967 that the word penetration originated, thus granted to indicate violations of a security system. Those who gave such a name to these attacks were; Willis Ware, Harold Petersen and Rein Tern (RAND Corporation), and Bernard Peters of the National Security Agency (NSA). By now, all computer experts used the methods of an attacker to identify vulnerabilities.
The United States government supported the research, forming teams for the study of penetrations, with the name of Equipo Tigre. After 1970, after the appearance of the tiger team, it was where the word was created pentesting indicating computer penetration. In 1980, there were already different techniques and tools for this work, and it was the step for the improvement and detection of vulnerabilities in a system, until today.
Pentest types How are these safety tests classified?
Now that we know a bit about the history of vulnerability tests, we proceed to know what are the different classifications of these security tests.
Go for it:
This test consists of the analysis of the firewall configuration, by means of the Stafeful filtering study. The objective is identify the different vulnerabilities found in network services, weakening the security of the system.
This is the analysis that is done in depth, for studying web applications. Through this, can detect intruders or our page is being attacked. The detailed analysis report, allows us to find the root cause of the whole problem, like determine possible vulnerabilities that can give way to the intrusion of an attacker.
Through this test softwares can be explored, applications, content and web browsers. Like all analyzes, it is used to Obtain data on the threats and vulnerabilities found.
Wireless Network Test
As the name implies, allows analysis of wireless networks found in the corporation. The tests are based on careful study of the network protocols, their access points and the permissions for asset management.
Social Engineering Test
Social engineering attacks, are the most common today, and through this test, we can review or review all the access points of these campaigns, in addition to determining when we have collaborated on them.
What information can we get after performing a pentest?
After performing a pentest, you can extract different types of information. This depends on the type of test or evaluation that is carried out.
Next, we will show you their rankings:
All the information and data structure of the system is known, including passwords, IP addresses, firewalls, and more. This type of analysis is the most complete, and provides essential information to identify vulnerabilities in the system architecture
It is the analysis, known as real pentesting, and provides information regarding threats, attacks, and failures found in the network fabric. The processes that are executed in this type of pentesting, they act more like a cybercriminal attack, that is, as if the analysis were carried out from a external point of the network server.
The latter, is the most recommended pentester, since it is the hybrid of the previous two. It consists of obtaining information of an auditor type, and attacker, the information obtained, have both points of view.
List of the main tools used to perform penetration exams
The pentesters make use of different tools, which allows studying / understanding all threats and the level of aggression of each one. The objective will always be focused on obtaining information from security breaches exist in a network.
The most used tools to do this type of work are the following:
The great Kali Linux, is one of the distros of Linux we’ve mentioned more in our ethical hacker articles. Now, we will mention of this, its great system obtained since its last update. Offering us new functionalities with the Metasploit 5.0 pentesting suite, and the 4.19 kernel updates. Kali Linux, also gives us a version known as Out Of The Box, designed for attacks on computer networks, offering us more than 300 pentesting and cybersecurity tools.
This tool is one of the most recognized in the world of pentesting, valued for its great scanner. With the use of nmap (Network Mapper), we can map the system, obtaining information from the ports of a machine, and what we can find in them. The information you get it is of utmost importance, and can be used to understand the device operation, know what version of app you use, or we simply access the service ID through it.
Regarding the analysis and vulnerability detection, is the great Metasploit. A tool, highly known for its work efficiency in terms of networks, security, applications, and connected hardware.
The analysis process, consists of subjecting the target to one or different exploits that contains the database of this tool. This whole process begins, when a code is inserted to the destination, to explore all its information. With the use of Metasploit, we can understand what the different types of vulnerabilities are that exist within a network or system, allowing us to extract as much information as possible, in order to strengthen, or generate security measures against the infected or damaged sector.
With Wireshark, we can get information from a network, including protocols and traffic. The process consists of capturing traffic in real time, allowing us to determine in a detailed way, what are the anomalies that occur. It is normally used for the study of protocols, IP and TCP / IP. However, this tool is not limited, because is able to offer further investigation, involving almost all the protocols of a network.
SQL code injections, allows us deep analysis of databases, allowing us to know what are the vulnerabilities found with the intention of dissipating them. Sqlmap, offers us the best way, not only for the great comfort, but also for his excellence in work, to obtain this information and exploit all possible threats existing in our database, including the gaps in the DB servers.