Penetration test: see how "moral hackers" conduct simulated attacks

Preface ：

Penetration testing means that security professionals with the permission of the system owner , The process of simulating an attack on a network or computer system to evaluate its security . however , Even though it is “ simulation ” attack , But penetration testers will also use all the tools and technologies of attackers in the real world on the target system , It's just that they don't use the loopholes they find or the information they get for profit , Instead, report the results to the owner , To help it improve system security .

Because penetration testers follow the same attack strategy as malicious hackers , So they are sometimes called “ Moral hackers ” or “ White hat hacker ”. Penetration testing can be performed by teams or independent hackers , They may be internal employees of the target company , It may also work independently or for a security company that provides professional penetration testing services .

In a broad sense , Penetration testing works in exactly the same way as really trying to destroy organizational systems . The penetration tester first checks and identifies the hosts associated with the target organization 、 Port and network services . And then , They will study potential vulnerabilities in this attack surface , This step requires a deeper understanding of the target system 、 More detailed detection . Last , They will try to break through the boundaries of their targets and access protected data or control their systems .

Of course , The details of penetration testing and real-world attacks can be very different . But it should be noted that , The tester must agree in advance with the target organization on the exact type of test to be carried out and the scope of the simulated attack , In order to avoid uncontrollable damage to the user system .

Type of penetration test

Application security company Contrast Security The penetration test types are divided into the following categories ：

External penetration test . In this way , The penetration test team will evaluate the target network infrastructure from a remote location , They don't have any information about the internal topology of the target network , Completely simulate the external attackers in the real network environment , Adopt popular attack technologies and tools , Organized 、 Gradually infiltrate and invade the target organization step by step , Reveal some known or unknown security vulnerabilities in the target network , And assess whether these vulnerabilities can be exploited to gain control or cause loss of business assets .

Internal penetration test . The team conducting internal testing will be able to learn all the internal and underlying knowledge about the target environment , Therefore, the penetration tester can find and verify the more serious security vulnerabilities in the system at the least cost . Internal tests revealed disgruntled employees 、 How do malicious contractors or cross-border super hackers invade the system .

Blind measurement （blind test）. Blind test simulates the attack from the attacker “ real ” attack . The penetration tester will not receive any information about the organization's network or system , This forces them to rely on publicly available information or information collected by their own skills .

“ Double blind ” test （double-blind test）. The double-blind test also simulates the real attack of the target organization , But in this type of test ,IT And security personnel are unaware of the fact that penetration testing is being carried out , To ensure the real security situation of the testing company .

Targeted testing . Targeted testing , Sometimes it's also called “ Light on test ”, Refers to the of penetration testers and target organizations IT People simulate in specific scenarios that focus on specific aspects of the network infrastructure “ Confrontation game ”. Targeted testing usually requires less time or effort than other options , However, it cannot provide a complete view of the system security situation .

Penetration test steps

Although different types of penetration tests have their own uniqueness , But the penetration test developed by industry experts implements the standard （PTES） Summarizes the seven main steps involved in most penetration testing scenarios ：

Pre action negotiation ： The scope and objectives of any penetration test should be determined in advance by the tester and the target organization , It is best to determine in writing .

Intelligence gathering ： The tester should first scout the target to collect as much information as possible , This process may include gathering open source intelligence or publicly available information about the target organization .

Threat modeling ： At this stage , Penetration testers should model the capabilities and motivations of potential real attackers , And try to determine which targets in the target organization may attract the attention of attackers .

Vulnerability analysis ： When conducting formal penetration test , This may be the core of most people's thinking , That is, analyze whether there are security vulnerabilities in the infrastructure of the target organization that allow hackers to invade .

Exploit ： At this stage , Penetration testers use the vulnerabilities they find to enter the target organization's system , And steal data . The goal of this step is not just to break through their borders , Instead, bypass active defense measures and stay undetected for as long as possible .

Post exploit ： In this phase , The penetration tester will try to maintain control of the damaged system , And determine their value . For the relationship between penetration testers and their customers , This can be a particularly delicate stage . At this stage , Here's the important thing , The first stage “ Pre action negotiation ” Generate a well-defined set of basic rules , To protect customers and ensure that critical services are not adversely affected by testing .

The report ： Last , The tester must provide the customer with a comprehensive and detailed report on risks and vulnerabilities . In the process , The communication skills needed to clearly convey this information are undoubtedly more important .

The world's leading penetration testing company

Penetration testing is a professional field in the technology industry , So far, integration has been resisted . let me put it another way , Many companies offer penetration testing services , Some of them are part of a larger product suite , Others specialize in ethical hacking . Let's introduce 5 A mainstream penetration testing company ：

1. a1qa

a1qa Is a software testing company from Lakewood, Colorado , In its 17 In operation in , It has been delivered 1,500 Several successful projects and established 10 A center of excellence . It has been associated with 500 Many companies have established cooperation , From small businesses to wealth 500 Strong giant . The company's main customers include Adidas 、 Kaspersky Laboratory 、SAP、Yandex、Forex Club etc. .

a1qa Dedicated to the full cycle QA And test services , Including comprehensive safety penetration testing . Its expertise includes testing portals 、 Electronic Commerce 、 Media and e-learning platforms 、 Online applications such as games and online casinos , And line of business testing , for example CRM 、 Collaboration 、 Document management and financial system . The company also operates a special safety testing laboratory .

2. QA Mentor

2010 Founded in New York in QA Mentor Has successfully established a strong global influence , It has... All over the world 12 A test center . Its team consists of 300 A certified QA Composition of professionals , They succeeded in 870 Multiple projects , Including Amazon 、eBay、 Bosch 、HTC Projects such as . The company offers 30 Multiple testing services , This includes network security penetration testing .

QA Mentor stay Clutch、GoodFirms and Gartner And other research institutions , At present, they are all in the quadrant of industry leaders .

3. UnderDefense

UnderDefense Is a certified computer and network security company , On 2016 Founded in New York in . It provides a wide range of testing services , Special focus on safety penetration testing . The company has conducted hundreds of penetration tests , Include specific compliance tests 、 Application and wireless network penetration testing and social engineering security testing .UnderDefense I have been awarded many times Clutch The award for .

4. Iflexion

Iflexion Founded on 1999 year , Is a full cycle software development company . Now , The company has developed into a company with 850 A number of IT Professional enterprises . Its expertise covers a wide range of services from application development to testing .Iflexion Has worked with... From different industries 500 Many companies have established cooperation , Include PayPal、 philips 、 Adidas 、eBay、 Xerox 、Expedia、 KPMG et al .

5. KiwiQA

KiwiQA Founded on 2009 year , Is an international quality assurance and consulting company , Have more than 100 A team of professionals , It has been delivered 2,000 Multiple projects . Their software testing expertise covers Automation 、 Manual and innovative testing techniques . The company's security tests include ethical hacking 、 Network security penetration testing and vulnerability audit .KiwiQA By GoodFirms and Clutch named “ Top testing companies ”.

Penetration testing prospects

The fact proved that , Penetration testers are in great demand , And these jobs are not just in independent security companies , Large technology companies like Microsoft also have complete internal penetration testing teams .

From North Carolina State University IT The occupational sector survey found that , only 2020 Years have 16,000 There is a job gap . however , It should be noted that , The career trajectory of penetration testing and vulnerability analysts has many common skills , But vulnerability analysts focus on identifying security vulnerabilities in applications and systems during development or before deployment , Penetration testers detect active systems .

Like many highly demanding technical safety positions , Penetration testers can get a good salary .Infosec Institute A good overview of compensation and positions in various regions of the United States ： Overall speaking , Most penetration testers expect a higher salary . This is obviously a job with great potential 、 Also very interesting work .

Penetration testing training and certification

The ethical hacking industry was founded by once unethical hackers , They are looking for a way to mainstream and legal ways , Let them use their skills to make money . As in many technical fields , The first generation of penetration testers were mainly self-taught . Although there are still people who develop skills in this way , But penetration testing has now become computer science or IT A common topic in college and online courses , Many hiring managers evaluate candidates , They will also want to have some formal training .

One of the best ways to prove that you've been developing penetration testing skills , Is to obtain some widely accepted certification in this field . The licensed training courses attached to these certificates are a good way to acquire or strengthen relevant skills ：

EC-Council Certified Ethical hackers (CEH) And a licensed Penetration Tester (Master) (LPT);

IACRB Certified Penetration Tester (CPT)、 Certified Expert Penetration Tester (CEPT)、 Mobile and mobile authentication Web Application Penetration Tester (CMWAPT) And certified red team operations experts (CRTOP);

CompTIA Of PenTest+ ;

GIAC Penetration tester (GPEN) And vulnerability exploitation researchers and senior penetration testers (GXPN);

Offensive Security Certified experts 、 Wireless experts and senior penetration testers .