Before we dive-in to this let us understand the basic concept.
What is Penetration testing ??
Penetration testing is a type of security testing that is used to test the security of an application. It is conducted to find a security risk which might be present in a system.In last few years this term has become very synonyms with cyber security.
Why Business needs Pentesters ??
If a system is not secure, then an attacker may be able to disrupt or take unauthorised control of that system. A security risk is normally an accidental error that occurs while developing and implementing software. For example, configuration errors, design errors, and software bugs, etc
A small security bug can completely ruin any million dollar company in no time.All the hard work put together since start of the company could result in disastrous outcome if they couldn’t secure their cyber sanity.So in this world of rapid digitisation cyber security should be must have adaption to all scale businesses.It is estimated that cyber-crimes to cost $10 trillion dollars by 2025.A cyber attack could potentially disable the economy of a city, state or our entire country.
What makes you genuine pentester ?
A real penetration tester must be able to proceed rigorously and detect the weaknesses of an application. They must be able to identify the technology behind and test every single door that might be open to hackers.This repository aims first to establish a reflection method on penetration testing and explain how to proceed to secure an application. And secondly, to regroup all kind of tools or resources pen testers need.
Some of the terms/scope generally revolves around Cyber Security and it is essential to understand first before on-boarding.
Infosec: Information security, which is the practice of preventing unauthorised access, use, disclosure, disruption, modification, inspection, recording or destruction of information. Infosec can also be a person who practices ethical security.
Opsec: Operations security, which is a process that identifies critical information to determine if friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.
Black/grey/white hat hacker: Someone who uses bugs or exploits to break into systems or applications. The goal and the method differs depending if they’re a black, grey or white hat hacker. A black hat is just someone malicious that does not wait permission to break into a system or application. A white hat is usually a security researcher who practice ethical hacking. A grey hat is just in the middle of these two kind of hackers, they might want to be malicious if it can be benefit (data breach, money, whistleblowing …).
Red team: According to Wiki, a red team or the red team is an independent group that challenges an organisation to improve its effectiveness by assuming an adversarial role or point of view. It is particularly effective in organisations with strong cultures and fixed ways of approaching problems. In simple word RED teamers are playing the role of attacker and there job is to discover vulnerabilities to get backdoor entry into application/systems.
Blue team: A blue team is a group of individuals who perform an analysis of information systems to ensure security, identify security flaws, verify the effectiveness of each security measure, and to make certain all security measures will continue to be effective after implementation. As a result, blue teams were developed to design defensive measures against red team activities. In infosec exercises, Blue teamers are playing the role of defenders.
Reverse engineering: Reverse engineering, also called back engineering, is the process by which a man-made object is deconstructed to reveal its designs, architecture, or to extract knowledge from the object. Similar to scientific research, the only difference being that scientific research is about a natural phenomenon.
Social engineering: In the context of information security, it refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional “con” in that it is often one of many steps in a more complex fraud scheme. The term “social engineering” as an act of psychological manipulation of a human, is also associated with the social sciences, but its usage has caught on among computer and information security professionals. Wikipedia
Threat analyst: A threat hunter, also called a cybersecurity threat analyst, is a security professional or managed service provider (MSP) that proactively uses manual or machine-assisted techniques to detect security incidents that may include the grasp of automated systems. Threat hunters aim to uncover incidents that an enterprise would otherwise not find out about, providing chief information security officers (CISOs) and chief information officers (CIOs) with an additional line of defence against advanced persistent threats (APTs)
In upcoming posts we will cover the ideology , attack methods , target approach and remediation approach for cyber attacks.