top of page

PENETRATION TESTING & TECHNICAL VULNERABILITY ASSESSMENTS

Whitehat

Whitehats use their knowledge within the legal requirements and report security vulnerabilities. Most penetration testers are whitehats.

 

Greyhat

Greyhats can be found between the white and black hat and sometimes violate the law. Greyhats are characterized by the fact that they cannot be clearly classified as good or bad.

 

Blackhat

Blackhats are cyber criminals who break the law and work on behalf of governments or organizations. Common motivations are financial gain or political goals.

 

 

The categories described below are the most frequently requested Penetration Tests & Technical Vulnerability Assessments. If your topic cannot be found, please feel free to contact us without obligation. We also work on other topics on request.

 

Coverage:

  • Web applications

  • Web services

  • Internal / external networks

  • IoT (Internet of Things), firmware reversing

  • Mobile applications

  • Source code reviews

 

 

 

 

Often, Penetration Tests and Technical Vulnerability Assessments are confused in practice or used as a uniform term, although there are significant differences.

 

What is a technical vulnerability assessment?

  • Broad search for technical security vulnerabilities with priority on critical vulnerabilities (breadth over depth).

  • Mainly automated vulnerability scans (see Vulnerability Scanning Service).

  • Vulnerabilities are identified but not exploited (no exploiting).

  • Goal: Finding as many weak points as possible within the given time frame.

 

When is a technical vulnerability assessment used?

  • If you have never carried out a technical vulnerability assessment or a Penetration Test, the Technical Vulnerability Assessment is suitable for getting an initial overview of the security status of your systems and/or applications (health check).

  • You have individual or a large number of systems that have to be monitored and periodically checked for weak points.

  • The applications or systems to be checked are in the low - critical range with regard to the security risk.

What is a Penetration Test?

  • Manual search for technical weaknesses that cannot be found by automated vulnerability scanners (depth over breadth).

  • Simulates a realistic "hacker attack".

  • Exploitation of the vulnerabilities found (exploiting).

  • Objective: Break-in / takeover of systems or applications defined in the scope.

When is a Penetration Test used?

  • A Penetration Test is suitable for checking systems or applications that already have advanced security mechanisms such as web application firewalls (WAF), intrusion detection (IDS) or similar in place. In this example, the goal of a Penetration Test would be to circumvent the implemented security mechanisms, uncover and exploit security vulnerabilities.

  • You want to check your security organization or security mechanisms with the help of a realistic "hacker attack".

  • It is a critical system or application for the company (e.g. e-banking systems).

  • The applications or systems to be checked are in the medium - critical range with regard to the security risk.

Whitehat

Whitehats use their knowledge within the legal requirements and report security vulnerabilities. Most penetration testers are whitehats.

 

Greyhat

Greyhats can be found between the white and black hat and sometimes violate the law. Greyhats are characterized by the fact that they cannot be clearly classified as good or bad.

 

Blackhat

Blackhats are cyber criminals who break the law and work on behalf of governments or organizations. Common motivations are financial gain or political goals.

 

 

PENETRATION TESTING

Whitehat

Whitehats use their knowledge within the legal requirements and report security vulnerabilities. Most penetration testers are whitehats.

 

Greyhat

Greyhats can be found between the white and black hat and sometimes violate the law. Greyhats are characterized by the fact that they cannot be clearly classified as good or bad.

 

Blackhat

Blackhats are cyber criminals who break the law and work on behalf of governments or organizations. Common motivations are financial gain or political goals.

 

 

Hackers come in all shapes and colors.

hats.PNG

There are the following implementation variants for penetration tests:

 

Blackbox

With the blackbox approach, our experts take the perspective of an attacker who has no prior knowledge of the target system. The attacker must obtain the information about the target system himself. For this purpose, publicly available data and, if necessary, port and vulnerability scans are used.

  • Simulates a realistic attack from the outside (usually via Internet).

  • The attacker has no prior knowledge of the target applications or systems.

  • Initial assessment: The black box approach is suitable for obtaining an initial overview of the security status of your systems or applications.

  • Usually little organizational effort.

  • The applications or systems to be checked are in the low - medium range with regard to the security risk.

Whitebox

With the whitebox approach, our experts take the perspective of an employee or external service provider who has certain detailed knowledge. The scope of knowledge can range from low knowledge (e.g. external service providers) to in-depth knowledge (e.g. employees). The customer usually provides source code, network plans, configurations and access to the target system for this type of attack.

  • Simulates a realistic attack from outside or inside (external / internal network).

  • Whitebox penetration tests achieve a broader and deeper coverage in the search for security vulnerabilities than the black- and greybox approach.

  • The attacker has detailed information about the target applications or systems.

  • The applications or systems to be checked are in the critical area with regard to the security risk.

Greybox

The greybox approach is a hybrid between black box and white box. In this case, only certain information such as logins are made available to our experts.

  • Simulates a realistic attack from outside and / or inside (external / internal network).

  • The attacker has certain information such as network plans and / or logins.

  • The applications or systems to be checked are in the medium range with regard to the security risk.

Procedure

The following graphic shows the typical procedure of a Penetration Test.

vorgehensweise.PNG

1. Kickoff meeting

The kickoff meeting serves to coordinate between the customer and Cybersec-ng. The appropriate contact persons, the scope and the planning should be defined. On request, we will work out the scope with our customers.

Activities:

  • Planning

  • Scope

  • Document delivery

Results:

  • Contact persons

  • Execution period

  • Time of submission for the report and final presentation

  • Targets to attack

  • Information about the target systems / applications.

 

2. Information gathering

In this phase, our experts search specifically for information about the target applications / systems.

 

Activities:

  • Analysis of the software stack

  • Document study

 

Results:

  • Operating system information

  • Information on the software used (CMS, programming language, libraries, etc.)

  • Analysis of the information / documentation received.

3. Vulnerability analysis

For the vulnerability analysis, we use a combination of automated vulnerability scans and manual reviews. The aim of this approach is to achieve the broadest coverage possible when it comes to finding security vulnerabilities. If possible, we use common standards such as OWASP, PTES, ISO or OSSTMM.

 

Activities:

  • Automated vulnerability scans

  • Manual security check

 

Results:

  • Vulnerabilities through our in-house developed multivendor scanning engine (link).

  • Manual evaluation of the results to rule out false positives.

  • Search for publicly available exploits and tools in the case of commercial software (CMS, extensions, libraries, frameworks, etc.)

 

4. Exploitation of vulnerabilities

The vulnerabilities found are analyzed and checked for their exploitability.

 

Activities:

  • Creation of proof of concepts

  • Review of exploitability (publicly available exploits and tools).

 

Results:

  • The exploitability of the vulnerabilities found is analyzed. For this purpose, a proof of concept is created for the individual vulnerabilities, which shows how it can be exploited.

  • Any publicly available tools and exploits are analyzed and executed.

 

5. Risk analysis

The vulnerabilities found are subjected to a risk assessment. The probability of occurrence and the impact of vulnerabilities are taken into account. In the event of critical vulnerabilities, the customer is informed immediately and receives detailed information so that they can be fixed as soon as possible.

Activities:

  • Risk assessment of the vulnerabilities found

Results:

  • Risk assessment of the individual vulnerabilities

6. Reporting

The final stage is the creation of a report. The aim of the report is to give management an overview of the most important vulnerabilities, their countermeasures and to provide detailed technical documentation for the technical department.

Activities:

  • Creation of a management summary

  • Creation of an overview of weak points, details and countermeasures.

 

Results:

  • Management-friendly summary of the most important vulnerabilities, their countermeasures and general recommendations.

  • Technically detailed documentation of the individual vulnerabilities:

    • Risk assessment (overall risk, probability of occurrence, impact)

    • Description of the vulnerability

    • Proof of concept

    • Countermeasure

    • References

 

7. Final presentation

The final presentation includes a management and a technical part. The management part contains a clear, understandable summary of the most important results and recommendations. In the technical part, the individual findings are discussed in detail on a technical level.

 

Activities:

  • Final presentation

 

Results:

  • Management summary

  • Discussion of the technical details of the found vulnerabilities

  • Answers to any open questions

bottom of page