Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Learning Penetration Testing with Python

You're reading from   Learning Penetration Testing with Python Utilize Python scripting to execute effective and efficient penetration tests

Arrow left icon
Product type Paperback
Published in Sep 2015
Publisher
ISBN-13 9781785282324
Length 314 pages
Edition 1st Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Christopher Duffy Christopher Duffy
Author Profile Icon Christopher Duffy
Christopher Duffy
Arrow right icon
View More author details
Toc

Table of Contents (12) Chapters Close

Preface 1. Understanding the Penetration Testing Methodology FREE CHAPTER 2. The Basics of Python Scripting 3. Identifying Targets with Nmap, Scapy, and Python 4. Executing Credential Attacks with Python 5. Exploiting Services with Python 6. Assessing Web Applications with Python 7. Cracking the Perimeter with Python 8. Exploit Development with Python, Metasploit, and Immunity 9. Automating Reports and Tasks with Python 10. Adding Permanency to Python Tools Index

Understanding what penetration testing is not

Other types of assessments and activities are often advertised or confused as penetration tests. Examples of these types of engagements include vulnerability assessments, large-scale reverse engineering projects, and hacking. Let's address each of these in turn so as to understand where penetration testing fits in.

Vulnerability assessments

A Vulnerability Assessment (VA) uses a VMS to scan for vulnerabilities. The good VAs then use an assessor to eliminate false positives, after which the actual risk rating of the findings may be adjusted on the basis of the business impact and the likelihood of exploitation. Often security consultants or penetration testers execute these assessments, which may require the actual exploitation of these vulnerabilities for a proof of concept. This type of assessment is great for showing how good an organization is at performing patching and deploying assets in a secure configuration. The key here is that these types of assessments do not focus on gaining access to critical data from the perspective of a malicious actor, but instead relate to finding vulnerabilities.

Reverse engineering engagements

Reversing can be part of a penetration test, but it is much rarer today than in the past. Chapter 8, Exploit Development with Python, Metasploit, and Immunity, will discuss this in greater detail as an actual exploit development will be described here. Current penetration tests may include exploit development, but it is done to create a proof of concept related to homegrown code and gaining access to a critical system where the data may reside.

In contrast, in large-scale reversing engagements, an assessor tries to prove the overall susceptibility of the application to being reversed and the weaknesses related to the source code, compilation, and associated libraries. These types of engagements are better suited to a reversing engineer, who spends time identifying common attack chains and methods to compromise an application, versus gaining access to critical data. The level of experience in this specific arena is extensive. Often, many assessors move from penetration testing to this specific skillset where they do reversing full time.

Hacking

Hacking is not an assessment, but deals directly with taking advantage of exploitable vulnerabilities; it could be related to malicious activity or it could be done for research. The purpose of hacking is not to gain access to critical data, but to solely crack vulnerabilities. There are many definitions of hacking, and it is often directly related penetration testing, but there are no specific or explicit goals related to hacking. Now that some of the big differences between a penetration test and the other activities have been delineated, the methodology related to achieving goals can be highlighted.

You have been reading a chapter from
Learning Penetration Testing with Python
Published in: Sep 2015
Publisher:
ISBN-13: 9781785282324
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime