Re: SkillSet for Pen Tester

[pleed <pleed () koeln ccc de>]

Hi,

what you do depends highly on the focus of your pentest. If I have to 
pentest a whole network we often have a concrete goal and the client 
wants to know if it can be achieved with a limited amount of time an 
knowledge. Then as long as you will achieve your goal - everything is 
all right and well done. However many clients would like to have a 
general analysis of their network security (which makes more sense for 
many companies). Before going into detail of any application, check for 
known vulnerabilities and configuration problems in the platform service 
or middleware (e.g. webserver), firewall, routers, switches, client OS 
and so on. Then try common vulnerability classes in the applications. If 
you have done all this and still some time (you shouldnt have time 
left), try to go into detail for the technologies you know well. Keep in 
mind that a pen-test is not only successfull when you found one 
vulnerability and got in. If there are basic security mistakes, you 
should first point out as much of them as you can because there are a 
lot more skiddies out there than there are sophisticated hackers.

Our company differentiates between network/infrastructure tests and 
application specific tests because of the named reasons.

Summary:
- Check/Enumerate network
- Check known vulnerabilities/configuration errors in 
platform/middleware software
- Check common vulnerability classes in applications
- Go into detail for the rest of your test

Regards,
    Felix
> As a pen-tester, you just need to find one issue with the technology
> stack, as opposed to being an expert.
>
> On 06/17/2011 06:31 PM, Vedantam Sekhar wrote:
> > Hi Group,
> >
> > When a tester start the assessment on his client's network, he
> > encounter various technologies, services, protocols, applications
> > built on various technologies(Java, asp, iis, apache, tomcat, ERP,SAP)
> > which he needs to attack. Obviously it may not be possible for him to
> > be a expert or atleast have knowledge on these. In this scenerio what
> > approach to follow in the limited time window mutually agreed by
> > client&tester? Obviously oneway is to perform trail&error on each and
> > every exploit for that technology available in google.
> >
> > Thnx,
> > Sekhar
> >
> > ------------------------------------------------------------------------
> > Securing Apache Web Server with thawte Digital Certificate
> > In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
> > it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
> > install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
> > highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
> >
> > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> > ------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------