Penetration Testing is an assessment method used to determine the security of a system, network, equipment, or other facility by simulating attacks on the system or "target" to demonstrate how vulnerable it is to a real attack.
Penetration testing methodologies are generally accepted standards created by various communities, relevant institutions, and organizations to produce more reliable and repeatable results for security audit tests.
Penetration Testing Standards have been determined in accordance with Turkish Standards Institute TS-13638, while penetration testing and security audit methodologies are based on global standards such as NIST-SP800-115, PTES, OSSTMM, and OWASP. At Gais Cyber Security, we provide our services to you at a local and global standard scale.
Penetration tests are part of various security audits such as BDDK, EPDK, PCI-DSS, ISO 27001, Trust Seal, and KVKK, and are tests that must be performed both periodically and compulsorily after system changes.
Penetration testing can be thought of as a check-up for an information system, and vulnerabilities of the company are detected with the recommended annual penetration testing.
Penetration Testing Phases
1. Information Gathering
Information gathering is a stage used to collect all possible information about the target in order to perform a comprehensive security assessment. Technical (whois/dns queries) and non-technical (search engines, news groups, email lists, social networks, etc.) methods can be used to gather information about the target company or system over the internet. The purpose of this stage is to discover every possible attack path and obtain a comprehensive view of the target and its applications. This allows every vector related to information security on the target to be tested. This step is usually the first and most important step of the methodology, which is often overlooked. It ensures a comprehensive approach in all other stages.
2. Network Mapping
After the information gathering stage, a more technical approach is applied to analyze the target network and resources. Network mapping is an active information gathering stage. The goal in this stage is to produce a possible network topology of the target system and to detail the network structure. In this stage, port and service scanning on the target system, identification of open systems, identification of open ports and services on open systems, determination of which operating systems and services are running on systems, detection of version information for operating systems, services, and applications, detection of hardware/software used on systems and versions are determined, and a detailed network map is created by identifying network devices such as routers, firewalls, and IPSs. Network mapping will help to verify the information obtained in the information gathering stage and obtain some information about the target systems.
3. Classification
In this phase, a TCP/UDP port scanning process is carried out on the systems that were identified as live in the previous step. The ports that are found to be open are checked for which services they belong to, which vendors provide these services, their versions, etc. This information is obtained through a method called "banner grabbing" and then validated through manual testing. Based on this information, vulnerability databases are scanned, and known vulnerabilities are noted for use in the next steps.
If active network devices such as routers and switches are detected among the live systems, the operating systems running on these devices, their versions, services on these devices, routing protocols, management-related services and their versions are tried to be determined, and the vulnerability database is examined based on this information and noted for use in later stages. In addition, if unnecessary services, default usernames or passwords, or insecure protocols used for management are detected on these devices, these vulnerabilities are reflected in the report under the configuration problems section.
4. Vulnerability Detection
After collecting information about the target system and creating a network map, the obtained data is analyzed to perform a vulnerability assessment. The goal of this stage is to evaluate the technical vulnerabilities of the target system using the collected information. Vulnerability identification moves the security audit one step further by finding vulnerabilities in networks, servers, applications, and other components. In this stage, automated vulnerability scanning tools can be used to identify vulnerabilities without causing any harm to the target system. The vulnerability scanning tools are configured based on the target system and are not used with default settings. The scan results are then evaluated by a Penetration Testing Expert to eliminate false positive and false negative results. The vulnerability identification and analysis result in identifying the penetration paths and scenarios to the target system.
5. Exploitation
After the vulnerability analysis, the identified vulnerabilities are attempted to be exploited through tests performed on the target system's security. The goal is to gain access to the target system by bypassing its security measures and establishing as much connection as possible (reverse, bind). Suitable PoC codes/tools are used or created to exploit the identified vulnerabilities. If the exploit to be used is obtained from open sources, it is tested in a cloned environment before being used on the target system, and steps that may harm the target system are avoided.
Penetration Testing Types
01. Wireless Network Penetration Testing
02. Mobile Application Penetration Testing
03. Internal Network Penetration Testing
04. External Network Penetration Testing
05. Payment Infrastructure Penetration Testing
06. Web Application Penetration Testing
07. SCADA Penetration Testing
08. Autonomous System Penetration Testing
09. ATM/Kiosk Penetration Testing
10. Embedded System Penetration Testing