Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Python: Penetration Testing for Developers

You're reading from   Python: Penetration Testing for Developers Execute effective tests to identify software vulnerabilities

Arrow left icon
Product type Course
Published in Oct 2016
Publisher Packt
ISBN-13 9781787128187
Length 650 pages
Edition 1st Edition
Languages
Arrow right icon
Authors (6):
Arrow left icon
Christopher Duffy Christopher Duffy
Author Profile Icon Christopher Duffy
Christopher Duffy
Mohit Raj Mohit Raj
Author Profile Icon Mohit Raj
Mohit Raj
Dave Mound Dave Mound
Author Profile Icon Dave Mound
Dave Mound
Terry Ip Terry Ip
Author Profile Icon Terry Ip
Terry Ip
Cameron Buchanan Cameron Buchanan
Author Profile Icon Cameron Buchanan
Cameron Buchanan
Andrew Mabbitt Andrew Mabbitt
Author Profile Icon Andrew Mabbitt
Andrew Mabbitt
+2 more Show less
Arrow right icon
View More author details
Toc

Table of Contents (32) Chapters Close

Python: Penetration Testing for Developers
Python: Penetration Testing for Developers
Credits
Preface
1. Understanding the Penetration Testing Methodology 2. The Basics of Python Scripting FREE CHAPTER 3. Identifying Targets with Nmap, Scapy, and Python 4. Executing Credential Attacks with Python 5. Exploiting Services with Python 6. Assessing Web Applications with Python 7. Cracking the Perimeter with Python 8. Exploit Development with Python, Metasploit, and Immunity 9. Automating Reports and Tasks with Python 10. Adding Permanency to Python Tools 11. Python with Penetration Testing and Networking 12. Scanning Pentesting 13. Sniffing and Penetration Testing 14. Wireless Pentesting 15. Foot Printing of a Web Server and a Web Application 16. Client-side and DDoS Attacks 17. Pentesting of SQLI and XSS 18. Gathering Open Source Intelligence 19. Enumeration 20. Vulnerability Identification 21. SQL Injection 22. Web Header Manipulation 23. Image Analysis and Manipulation 24. Encryption and Encoding 25. Payloads and Shells 26. Reporting Bibliography
Index

An overview of penetration testing


There is a huge misconception about what penetration testing is. This is common even among professionals who have recently entered the field. New penetration testers or professionals who request penetration tests often say that these tests prove the exploitability of vulnerabilities, the susceptibility of an environment to exploitation, or just the presence of vulnerabilities. This misunderstanding manifests itself into real impacts on engagements as they are scoped, sourced, and conducted. Further, this mistaken perception includes the thought that a penetration test will find all vulnerabilities, it will be able to find unknown zero days every time, and all objectives will always be met irrespective of the controls put in place.

A penetration test is the practice of assessing an organization's security strategy's ability to protect critical data from the actions of a malicious actor. A security strategy is the organization's overarching information security program. It focuses on maintaining the confidentiality, integrity, and availability of the organization's critical data and resources. This is to mitigate risk to an acceptable level by using a combination of people, processes, and technology. The difference between the first and the second definition of a penetration test is night and day.

The first definition focuses solely on vulnerabilities; this means that people expect the activity that an assessor will perform to be related to exploiting or finding vulnerabilities or simple misconfigurations. It does not take into account bad practices related to the policies, processes, or insecure relationships that the organization may have. These preconceived notions often have the following significant impacts for both organizations and new assessors.

Organizational leadership will not create goals related to breaching access controls related to critical data repositories or identifying critical data locations. There will also be an initial belief that Intrusion Protection Systems (IPS) and Intrusion Detection Systems (IDS) are the linchpin to preventing a compromise; all experienced assessors know that this is not true. Additionally, assessments may not be scoped in a manner that would provide realistic results. The most damaging result of this misunderstanding is that the organization may not be able to identify when an assessor is missing the skills necessary to execute the required engagement.

Note

Similarly, new assessors have the misconception that a Vulnerability Management Solution (VMS) such as Nexpose, Nessus, Qualys, or others will identify the way into an environment. These may highlight ways to get into a system, but there is a high rate of false positives and true negatives. A false positive means something was identified as vulnerable, but it is not. The opposite of a false positive is a true negative, which means that something was identified as secure, but it is instead vulnerable.

If vulnerabilities are not within the database, then the system will not identify the vulnerability that could grant access. VMS will not highlight the chained attacks related to bad practices or processes, which would be classified as a weakness or vulnerability. The use of these tools for penetration tests makes them exceedingly noisy, and they encourage assessors to simulate attacks that are relatively outdated.

Most malicious actors take advantage of the path of least resistance, which usually does not relate to Remote Code Exploits such as the famous MS08-067 or MS06-40. Instead, an assessor should step back and look for insecure associations and configurations that may provide unnoticed access. Most senior assessors do not use VMS tools during penetration tests, but instead focus on assessing environments manually.

Many of these misconceptions relate directly to other types of engagements. This comes from other security assessments being advertised as penetration tests, or from people either running or receiving the results of these engagements. In the following section, a sample of assessments that are often confused with penetration tests is listed. It should be enough to highlight the differences between an actual penetration test and other security assessments and activities.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image