Security Assessment and Testing - Chapter 15 Security Assessment and Testing

Ace your homework & exams now with Quizwiz!

What is a Gray box penetration test?

- also known as partial knowledge tests, these are sometimes chosen to balance the advantages and disadvantages of white and black box penetration tests.

What is a black box penetration test?

- does not provide the attackers with any information prior to the attack.

Dynamic software testing

- evaluates the security of software in a runtime environment and is often the only option for organizations deploying applications written by someone else.

What is TCP SYN scanning?

- it sends a single packet to each scanned port with a SYN flag set. This indicates a request to open a new connection. - if the scanner receives a response that has the SYN and ACK flags set, this indicates the system is moving ot the second phase in the three-way TCP handshake and that the port is open. - TCP SYN scanning is also known as half-open

what is a white box penetration test?

- provides the attackers with detailed information about the systems they target

What is a TCP ACK scan?

- sends a packet with the ACK flag set, indicating that it is part of an open connection

What port is used for POP3?

1110

What port is used for SQL server?

1433

What port is used for Oracle?

1521

What port is used for FTP?

21

What port is used for SSH?

22

What port is used for Telnet

23

What port is used for SMTP?

25

What port is used for RDP?

3389

Web Vulnerability Scanner

Best for SQL injection attacks as they are web attacks

What are the "big four" audit firms?

Ernst & Young, Deloitte & Touche, PricewaterhouseCoopers, KPMG

Open ports and Security

Ports 80 and 443 are expected to be open on a web server. Port 1433 is a database port and should never be exposed to an external network.

Static software testing techniques

e.g. code reviews, evaluate the security of software without running it by analyzing either the source code or the compiled application

categories of fuzz testing

- Mutation (Dumb) Fuzzing - takes previous input values from actual operation of the software and manipulates (or mutates aka bit flipping) it to create fuzzed input. - Generational (intelligent) fuzzing - Develops data models and creates new fuzzed input based on an understanding of the types of data used by the program

Describe the difference between TCP SYN scanning and TCP connect scanning

- TCP SYN scanning sends a single packet to each scanned port with the SYN flag set. This indicates a request to open a new connection. If the scanner receives a response that has the SYN and ACK flags set, this indicates that the system is moving to the second phase in the three-way TCP handshake and that the port is open. - TCP SYN scanning is also known as "half-open" scanning. - TCP connect scanning opens a full connection to the remote system on the specified port. This scan type is used when the user running the scan does not have the necessary permissions to run a half-open scan.

What is a Xmas Scan?

- sends a packet with the FIN, PSH, and URG flags set. - a packet with so many flags set is said to be "lit up like a Christmas tree"

What is TCP connect scanning?

- this opens a full connection to the remote system on the specified port. - this scan type is used when the user running the scan does not have the necessary permissions to run a half-open scan

What is the purpose of a security test?

- to verify that a control is functioning properly - These tests include automated scans, tool-assisted penetration tests, vulnerability assessments, software testing, audits, and security management tasks designed to validate controls and manual attempts to undermine security

What port is used for NTP?

123

What port is used for H.323?

1720

What port is used for PPTP?

1723

What port is used for HTTPS?

443

What port is used for DNS?

53

What port is used for HTTP?

80

What is known as misuse case testing or abuse case testing?

A process used by software testers to evaluate the vulnerability of their software to known risks. Testers first enumerate the known misuse cases and then attempt to exploit those use cases with manual and/or automated attack techniques. Aka abuse case testing

synthetic transactions

Included under Dynamic Testing, Is scripted transactions with known expected results. The testers run the transactions against the tested code and then compare the output of the transactions to the expected state. deviations between the actual and expected results represent possible flaws in the code and must be further investigated.

Security Management Oversight Tasks

Log reviews, particularly for administrator activities, ensure that systems are not misused. Account management reviews ensure that only authorized users retain access to information systems. Backup verification ensures that the organization's data protection process is functioning properly. Key performance and risk indicators provide a high-level view of security program effectiveness.

3 Port Status Values by Nmap

Open—The port is open on the remote system and there is an application that is actively accepting connections on that port. Closed—The port is accessible on the remote system, meaning that the firewall is allowing access, but there is no application accepting connections on that port. Filtered—Nmap is unable to determine whether a port is open or closed because a firewall is interfering with the connection attempt.

What is a security assessment?

Security assessments are comprehensive reviews of the security of a system, application, or other tested environment. does not, however, include actual mitigation of those vulnerabilities

What is a test coverage analysis?

Software testing professionals often conduct a test cover analysis to estimate the degree of testing conducted against new software.

What is bit flipping?

The activity of changing a bit to its opposite value. A technique commonly used in fuzzing to slightly modify input data

What is the most formal code review process and list six steps?

The most formal code review process is know as Fagin inspections 1. planning 2. Overview 3. preperation 4. inspection 5. Rework 6. Follow-up

Nmap

a network discovery scanning tool that reports the open ports on a remote system

Authenticated Scans

has read-only access to the servers being scanned, can read configuration information from the system and use the information when analyzing vulnerability testing results Can improve the accuracy of the scanning and reduce false positive and false negative reports

User interface testing

includes assessments of both graphical user interfaces (GUIs) and command‐line interfaces (CLIs) for a software program.

Metasploit

is an automated exploit tool that allows attackers to easily execute common attack techniques in penetration testing

What is the main work product of a security assessment?

its normally an assessment report addressed to management that contains the results of the assessment in nontechnical language and concludes with specific recommendations for improving the security of the tested environment.

Conducting Security Audits

occurs when a third party performs an assessment of the security controls protecting an organization's information assets. Internal audits are performed by an organization's internal staff and are intended for management use. External audits are performed by a third-party audit firm and are generally intended for the organization's governing body.

PCI DSS Critical Requirement

requires that orgs rescan the application at least annually and after any change in the application

What are the three major components of a security assessment program?

security tests security assessments security audits

Security assessment reports

should be addressed to the organization's management. For this reason, they should be written in plain English and avoid technical jargon.

unauthenticated scans

test target systems without having passwords or other special information that would grant the scanner special privileges Run from the perspective of the Attacker

Vulnerability assessments

use automated tools to search for known vulnerabilities in systems, applications, and networks. These flaws may include missing patches, misconfigurations, or faulty code that expose the organization to security risks

Penetration tests

utilizes attack techniques where an assessor attempts to exploit vulnerabilities and gain access to the system.


Related study sets

Health and Nutrition Chapter 4 Carbohydrates

View Set

Ch 8 Intermediate Accounting Concepts

View Set