Penetration Testing Tutorial: Stages, Types, Methods & Tools

Penetration testing or also known as pen testing is the process of simulating real attacks on systems or networks to access the risks associated with potential security breaches. During pen test, testers not only discover vulnerabilities but also exploit them.
app testing
Pen testing is mainly attempting to breach any application systems, protocol interface etc. to uncover vulnerabilities, such as codes that are susceptible to attacks. Penetration testing which is generally ethical hacking is a necessary in-demand skill for testing an organization’s defense systems.
Why do we need to perform Pen Testing:

  • To uncover the critical vulnerabilities within your network systems
  • It can provide an overview of an organization’s exploitable vulnerabilities and include recommendations on how you can optimize the protection levels
  • Reveal problems that were not known
  • Prevent business interruptions, loss and protect brand image
  • Find both known and unknown hardware/software flaws which can be identified and fixed using automated tools
  • Assess and validate the efficacy of an organization’s defensive mechanisms

Stages of Penetration Testing:
As penetration testing is very much technical and complicated, it needs to be split into different stages. Lets take a brief look:
1)  Planning & Setting your Goal: In this phase, you define the scope and goal of the test to be carried out including, addressing the system on which the test is performed and finalising the steps for the test. You need to also understand and gain knowledge about the network, domains and the server to identify how the target works on potential vulnerabilities.
mobile app
2) Scanning Phase: During this phase, it becomes clear to the tester that how the target app will respond to the intrusion attempts. This is basically done in 2 ways:

  1. Static Analysis: Inspect an app’s code to see how it performs in a running state
  2. Dynamic Analysis: Provides a real-time view of how an app performs

3) Selection of Proper Pen-testing tools: Choosing the right tool, requires mere intelligence, a little bit of luck and lot of patience. Rather than just going for quality and checking whether it fits to your job, its essential to note that it doesn’t contain any sort of malware or codes that could in-turn hack the tester.
There are plenty of tools available online for free but note to double check as most of them may contain malware and mostly undocumented back doors. But the best pen testers always go for their own written codes and tools as they don’t trust on free sources.
Eg: Nmap, Aircrack-ng, Wifiphisher, Burp Suite, OWASP ZAP etc.
4) Gaining Access: This stage is basically about using web apps like SQL injections, cross-site scripting, back doors etc. to uncover the target vulnerabilities. Once the vulnerabilities are found, testers try to solve them by intercepting traffic, escalating privileges or by stealing data.
5) Maintaining the Access: In this stage, the pen tester tests whether the vulnerability can be used to achieve a persistent presence in the exploited system. This is done to imitate the advanced persistent threats that remain for months or even years in a system to steal the most sensitive data from an organization.
6) Analysing the System: The results like the number of vulnerabilities exploited, the intensity of the sensitive data that could have been accessed and the total time the pen tester could spend within a network system without being detected is checked and documented.
Types of Penetration Testing
The type of penetration testing generally depends upon the scope of the goal to be attained or the testing is simulated against the employee, internal resources or external sources. On the basis of this, penetration testing is mainly of 3 types:

  • Black Box Testing: In this case, the tester needs to collect all information regarding the system before he/she starts working
  • White Box Testing: Here, the pen tester is provided with almost all details regarding the system such as IP addresses, source codes, OS details etc.
  • Grey Box Testing: In this, the tester is provided with partial knowledge about the system

Penetration Testing Methods
By analysing different methods of attacks that might affect an organization, there might be different methods of penetration testing:
1) External Testing: This targets the assets of an organization that is visible on the internet. So the main aim is to gain access and also extra valuable data.
2) Internal Testing: Here, the tester with the access to an app behind its firewall is simulated by an attack by the malicious insider.
3) Blind Testing: In this case, the pen tester is only given the name of the organization, so that the system security personal gets a real-time look at how actual app assault happens.
4) Double Blind Testing: In this type of attack, the security personal within the organization would have no idea regarding the assault same as like it happens in real attempted breaches.
5) Targeted Testing: In this testing, the pen tester and the security personal both work together regarding the vulnerabilities. This is quite a valuable method as it offers instant suggestions from the hackers point of view.
Penetration Testing Tools
Penetration testing is the process which is undertaken by testers to find vulnerabilities in your systems before the attackers intrude in. The different pen test tools can be broken down into major categories like:
1) Port Scanners: Tools in this category typically gather information and personal data about a specific target from a remote environment.
2) Vulnerability Scanner: These tools are used to find if there is any known vulnerabilities in the targeted system.  This is again subdivided to:

  • Host-based
  • Network based

3)  Application Scanner: These type of tools checks in for any type of weakness within the web-application (eg: Ecommerce apps)
Below we have listed a few tools that can be used for simple assessments or even complex tasks in which some are got for free and some require licence payments.
1) Aircrack-ng: This is a full suite of wireless assessment tool that covers attacking(cracking WAP & WEP) and packet capture.
2) SQLmap: This is an automated SQL injection and database tool common and widely used in platforms -MSSQL, MySQL, Access, PostgreSQL, SQLite etc.
3) THC-Hydra: It is generally known to be a network login cracker that supports several services and it isn’t very complex to handle.
4) Metaspoilt: One of the most popular and advanced framework that is based on the concept of ‘exploit’ that is you pass on a code that cause breaches and enter the system.
 5) Nessus vulnerability scanner: This is one of the most commonly used pen tool worldwide to identify vulnerabilities, malware that attackers use against your system and even policy violating configurations.
 6) WireShark: Also known as Ethereal, this is a network analysis tool that captures packet in real time and displays the results in human readable format codes.
automation testing
 Conclusion
As high-profile data breaches continue to dominate the headlines, the attitude of enterprises towards cyber security have also started shifting. As a result, there is an increased focus on detection and remediation strategies today. But, sophisticated security strategies only work out if the process, technology and people put in their inputs together to test and identify whether there is any weaknesses left open.

5 Main Software Testing Issues and Methods to Resolve Them

Software testing is an integral part of any software development phase. Testing often accounts for more than 50% of the expenditure incurred in developing a particular software. The more complex is the software, the more time and resources need to be spent to make sure that flaws are detected and set right. However, often this is not the real picture.
testbytes-mobile-app-testing-banner
Software or systems are often installed and rolled out with hundreds of defect in them. The result is poor performance and loss of many days both for the software development firm as well as the client. To avoid such problems team leads or managers must sort out some issues which are inherent to software testing. Let us go through 5 main software testing issues and methods to resolve them.

  1. Inadequate schedule of testing:

Testing is a time consuming affair. It has to be so since it is done to bring out the defects or inadequacies of the system under different conditions and not to show that it works. Testing needs to go hand in hand with development. This will make sure that inadequacies or errors in a particular functionality of the system is brought to the notice of the development team and sorted out sooner than later.
However, more often than not what happens is that managers keep on postponing testing until late in the development process. This leaves very little time for final testing which results in inadequate schedule of the process.

  • The managers must emphasize the need for testing as a follow up and they have to make sure that development and testing of different functionalities of a system goes side by side. This will give the testing team enough time to look at the systemic inadequacies and vulnerabilities comprehensively.
  1. Insufficient testing environment and tools:

Tools and environments are backbones of proper software testing. However, testing is often carried out in inadequate testing environment. An over reliance on manual testing or COTS testing tools is another aspect. Moreover,  some of the environmental components themselves suffer from defects. What is commonly seen is that test environment, test data and test software are not under adequate configuration control.

  • Team managers must ensure that actual or close enough hardware and software requirements are met in a testing environment. This will make sure that testing brings out the flaws that would actually evolve during operations by the end user
  • Team managers must also deploy automated testing tools if the testing process is complex, as involving more human testers is not possible. This will make sure that testing is carried out fast, with limited resource and repeatedly and can bring out more flaws in the system
  1. Wrong testing mindset

Often the mindset of the software testing team revolves around finding out functionality of the system rather than finding defects in it. This itself prohibits the team from finding out flaws in the software.

  • It is the duty of team lead to inculcate the notion that testing is done to find fault with the system or software under different conditions and not to prove that it works
  1. Testing lessons are often ignored

It is often seen that same type of problems are repeated in systems,projects after projects.

  • This is purely a management related problem. Management must ensure that team leads are careful enough to document each and every lesson learnt in previous projects and implement them in projects thereafter.
  1. Poor integration of testing and engineering processes

Often it is seen that testing and engineering processes are not properly integrated. This means that components or subsystems are often tested for flaws before they are mature enough to be tested on all parameters. Moreover, there may be some project specific needs that need to be looked into. One size fits all formula does not apply to software testing.
automation testing

  • Testing team must ensure that components and subsystems are tested when they are mature enough to be tested on all parameters. This can only happen if the testing and engineering team works are well coordinated.

Conclusion
For letting us conclude, it is best said that unlike a single person, being a team is smarter. So, the best advice is to get together and fly high. Large enterprise and customers should not spend too much time accounting for errors which come up. Following a good and systematic practice for your QA needs will certainly provide quality to your team.