Difference between Penetration testing and Vulnerability Scan
Difference between Penetration testing and Vulnerability Scan
In our previous tutorial we have learnt what is penetration testing or pen testing. Today we will learn what is the difference between penetration testing and Vulnerability scanning or assessment. Most users believe that penetration testing is just an vulnerability scan but its a myth as Vulnerability scan or assessment is just one step or part of Penetration testing i.e. we can say vulnerability scan is just an subset of Penetration testing. Vulnerability scan or vulnerability assessment is limited to scanning of known vulnerabilities and reports potential exposures of an web based or network based IT system.
A vulnerability assessment is the process of running automated tools against defined systems to identify known vulnerabilities or flaws in the environment. Vulnerabilities typically include unpatched or mis-configured systems. The purpose of a vulnerability scan is to identify known vulnerabilities so they can be mitigated, normally through vendor supplied patches.
Penetration testing takes the vulnerability assessment to the next level. One of the initial phases performed by a penetration tester is to perform a vulnerability scan to do information gathering like get IP addresses, device type, operating systems, services running and vulnerabilities present on the systems, however unlike the vulnerability scan, the penetration tester does not stop there. The next phase of a penetration test is exploitation which takes advantage of the vulnerabilities identified in the system to escalate privileges to gain control of the network or to steal sensitive data from the system. The exploitation phase also uses automated tools which the penetration tester can configure to execute automate exploits against the systems. However, one key difference between penetration testers is their ability to also perform manual exploits of the system.
Although Vulnerability assessment and Penetration testing has different goals,but both should be performed to improve the overall security of the information system by a skilled information security professional.The penetration test should be performed at least annually and after significant changes in the information systems environment to identify exploitable vulnerabilities in the environment that may give a hacker unauthorized access to the system while the vulnerability assessment should be performed regularly to identify and mitigate known vulnerabilities on an ongoing basis.
I found difference list between Penetration testing and vulnerability scan by Berkeley Security quite interesting, so sharing that with all of you.
Vulnerability Scan
|
Penetration Test
| |
How often to run
|
Continuously, especially after new equipment is loaded
|
Once a year
|
Reports
|
Comprehensive baseline of what vulnerabilities exist and changes from the last report
|
Short and to the point, identifies what data was actually compromised
|
Metrics
|
Lists known software vulnerabilities that may be exploited
|
Discovers unknown and exploitable exposures to normal business processes
|
Performed by
|
In house staff, increases expertise and knowledge of normal security profile
|
Independent outside service
|
Required in regulations
|
FFIEC; GLBA; PCI DSS
|
FFIEC; GLBA; PCI DSS
|
Expense
|
Low to moderate: about $1200 / yr + staff time
|
High: about $5,000 per year outside consultancy
|
Value
|
Detective control, used to detect when equipment is/could be compromised
|
Preventative control used to reduce exposure
|
That’s all about difference between penetration testing and vulnerability scan. So we can conclude that vulnerability scan is basically first phase of Penetration testing. Keep Learning and Keep Connected.
Refreneces :
1. Berkeley Security, University of California
2. A-lign – Ask A-lign
What is Penetration testing or Pen testing? Penetration testing or Pen testing ( or Pen-testing) is an technique to evaluate and examine the security of an IT infrastructure system usually web or network based. It involves simulation of hack attack environment to assess the vulnerabilities in the system. Once an hack environment is set up, now security researchers attempt to exploit security vulnerabilities ( for example : Service flaws, application flaws, OS flaws, improper configurations, end-user behavior i.e. human errors etc.) like real time hackers do and assess its impact on business. Penetration testing help organizations to assess their efficacy of security mechanisms as well as end-user adherence to security policies. It is important for organizations to know that they are vulnerable or not? If yes, what’s the scope i.e. severity of vulnerability and much more. And most importantly how should i mitigate the vulnerabilities in the system if found any.
Most of people are confused with terms Penetration testing and Vulnerability assessment. Vulnerability assessment is basically a subset of Penetration testing i.e. its just a small part of Penetration testing. Major drawback with vulnerability assessment is that its limited to known vulnerabilities i.e. vulnerabilities known for any specific software while Penetration testing explores unknown threats and exploitable exposures for an business. So we can simply say that Penetration testing is Preventive Control while Vulnerability assessment is detective control or in simple words Penetration testing is prevention while Vulnerability assessment is cure and we all know Prevention is better than cure. Its a big topic in itself and we will discuss this in detail in later articles.
Penetration testing or Pen-testing can be classified into multiple categories based on their nature.
Based on process :
1. Manual Penetration testing
2. Automated Penetration testing
3. Combination of both Manual and Automated testing
Based on Strategy :
1. Black Box Penetration testing
2. Grey Box Penetration testing
3. Code Review or White Box Penetration testing
Based on Infrastructure:
1. Network Penetration testing
2. Application Penetration testing
3. Website Penetration testing
4. Physical Penetration testing
5. Cloud Penetration testing
6. Social Engineering Penetration testing
7. Configuration Overview Penetration testing
8. Operating System Penetration testing
There are several other classifications provided by service provides but above 3 covers all of those techniques.
We will discuss all of these in detail in our upcoming articles. So keep connected and keep learning.
Secure Sockets Layer or SSL Hackers Guide : You might have heard some times that not to give your password or credit card information or any other sensitive information on public computers or on Facebook, yahoo etc chats.The reason why you might have heard that the Hackers have some ways to you would have probably heard that hackers have a way to steal your your credit card numbers , passwords etc.
A hacker can use different types of attacks such as Packet sniffing or ARP Poisoning to steal your sensitive information.
Secure Sockets Layer (SSL) is the most widely used technology for creating a secure communication between the web client and the web server. You must be familiar with http:// protocol and https:// protocol, You might be wondering what they mean. HTTP protocol is used for standard communication between the Web server and the client. HTTPS is used for a secure communication.
If two users want to have a secure communication they can also use cryptography to accomplish it
For example:
TFDVSF=Encrypted Text
SECURE= Decrypted Text
You might be wondering how i Decrypted it, Here i have used Algorithm=+ for the communication and the key is “1“, What comes after S is T so as you can see that S is converted into T, What comes After E is F to letter E from the word secure if converted into F and so on, To help you understand this more better I am adding a Video –
So If the hacker starts sniffing from between he will get Encrypted text and as the Hacker does not know the keys so he cant decrypt it, but if the attacker or hacker is sniffing from the starting point so he will get the key and can easily Decrypt the data.
Suppose there exists two communication parties A (client) and B (server)
When A will send information to B it will be in unencrypted manner, this is acceptable if A is not sharing Confidential information, but if A is sending sensitive information say “Password” it will also be in unencrypted form, If a hacker starts sniffing the communication so he will get the password.
This scenario is illustrated using the following figure –
In a secure communication i.e. HTTPS the conversation between A and B happens to be in a safe tunnel, The information which a user A sends to B will be in encrypted form so even if a hacker gets unauthorized access to the conversion he will receive the encrypted password (“xz54p6kd“) and not the original password.
This scenario is illustrated using the following figure –
A HTTPS protocol can be implemented by using Secure Sockets Layer (SSL), A website can implement HTTPS by purchasing SSL certificate.
The websites where a private conversation is occurred, Websites related to online transactions or other sensitive information needs to be protected needs to SSL Certificate.
In Internet Explorer and google chrome, you will see a lock icon in the Security Status bar. The Security Status bar is located on the right side of the Address bar. You can click the lock to view the identity of the website.
If you are making an online transaction through Credit card or any other means you should check if https:// secured communication is enabled.
Source: RHA InfoSec
Secure Sockets Lock Tutorial | What is SSL | SSL Hackers Guide |
A hacker can use different types of attacks such as Packet sniffing or ARP Poisoning to steal your sensitive information.
Secure Sockets Layer (SSL) is the most widely used technology for creating a secure communication between the web client and the web server. You must be familiar with http:// protocol and https:// protocol, You might be wondering what they mean. HTTP protocol is used for standard communication between the Web server and the client. HTTPS is used for a secure communication.
Cryptography
If two users want to have a secure communication they can also use cryptography to accomplish it
For example:
TFDVSF=Encrypted Text
SECURE= Decrypted Text
You might be wondering how i Decrypted it, Here i have used Algorithm=+ for the communication and the key is “1“, What comes after S is T so as you can see that S is converted into T, What comes After E is F to letter E from the word secure if converted into F and so on, To help you understand this more better I am adding a Video –
So If the hacker starts sniffing from between he will get Encrypted text and as the Hacker does not know the keys so he cant decrypt it, but if the attacker or hacker is sniffing from the starting point so he will get the key and can easily Decrypt the data.
Standard Communication VS Secure communication
Suppose there exists two communication parties A (client) and B (server)
Standard communication(HTTP)
When A will send information to B it will be in unencrypted manner, this is acceptable if A is not sharing Confidential information, but if A is sending sensitive information say “Password” it will also be in unencrypted form, If a hacker starts sniffing the communication so he will get the password.
This scenario is illustrated using the following figure –
Standard Communications HTTP |
Secure communication(HTTPS)
In a secure communication i.e. HTTPS the conversation between A and B happens to be in a safe tunnel, The information which a user A sends to B will be in encrypted form so even if a hacker gets unauthorized access to the conversion he will receive the encrypted password (“xz54p6kd“) and not the original password.
This scenario is illustrated using the following figure –
Secure communication(HTTPS) |
How is HTTPS implemented?
A HTTPS protocol can be implemented by using Secure Sockets Layer (SSL), A website can implement HTTPS by purchasing SSL certificate.
Which websites need SSL Certificate?
The websites where a private conversation is occurred, Websites related to online transactions or other sensitive information needs to be protected needs to SSL Certificate.
How to identify a Secure Connection?
In Internet Explorer and google chrome, you will see a lock icon in the Security Status bar. The Security Status bar is located on the right side of the Address bar. You can click the lock to view the identity of the website.
If you are making an online transaction through Credit card or any other means you should check if https:// secured communication is enabled.
Source: RHA InfoSec
How do Hackers Hack Bank Accounts and Personal Information? Most people studying hacking have a keen interest in learning how to can hack bank accounts. They become discouraged with the prevailing perception that it is almost impossible to hack credit cards, debit cards, or net banking passwords, which is true to an extent. Today I will discuss with you why hacking bank account information is tough and considered to be almost impossible. We will also discuss the different, contemporary methods that hackers use to hack bank accounts.
Almost everybody uses the internet nowadays to pay bills, book reservations and tickets, purchase items, or simply to transfer money. All of these online transactions involve money, meaning they’re using banking information, credit or debit card payments, or simply net banking. Most banks use SSL (Secured Sockets Layer) connection and at least 128 or 256 bit encryption for online banking and transaction purposes. An additional layer of security that companies are introducing is called “transaction PIN layer” which means that for each and every online transaction you have to enter your password, and that during transactions you have to enter a PIN, a type of password between 4 and 8 characters in length. Thus, banks do a lot of work to protect your credentials from the eyes of the world that may wish to gain access to your vital information.
Below, examples will illustrate to you how powerful the encryption method is:
- 40 bit encryption means there are 2^40 possible keys that could fit into the lock that holds your account information. That means there are billions of possible keys and using brute force is not an option. The only thing left now is a dictionary and rainbow attack. But it’s not only the security measure that banks use to secure information.
- 128 bit encryption means there are 2^88 times as many key combinations that are possible for 40 bit encryption. That means a computer would require exponentially more processing power and time than a 40-bit encryption to find the correct key.
That’s a very powerful method of encrypting data sent from your machine to bank machine. But it’s all useless once your system has been compromised or hacked.
Now we’re going to discuss how all these security encryption can be bypassed and your system can be compromised online. There are several methods for exploiting such account information. Note: This is for educational purposes only (for more details read the disclosure).
Some of them are:
1. Phishing: We have discussed phishing on this website in a lot of tutorials, such as how to hack Gmail or Facebook accounts. But for newcomers, I’ll explain phishing in some detail. Phishing is a technique used to hack password and login details of a website. Phish pages are simply fake pages that look the original webpage where you’re taking the information from. The only difference between a phish page and the original page is the address bar link (for a normal user), redirection post, and get method (inside source for advanced users). How do you identify a fake link? Just check the address bar URL for a fake page or Phish page. It will be showing a different URL than the original. You can install a web security tool bar in your browser (like AVG and Crawler web security tool bars) to detect the phishing automatically, and to stop your browser from visiting Phishing pages.
Learn more about Phishing and how to protect yourself from Phishing:
2. Trojans: Trojans are a type of virus that steals your information. It can come in many forms like keyloggers or RATs (remote administration tools). A keylogger monitors all the keys that you have pressed on your physical keyboard, stores them in a log, and sends the details to hackers. RATs are an advanced form of keylogger that remotely monitors all your activities, whereas a keylogger is simply a functionality. Using RAT, a hacker can connect to your system anonymously, without your information when you are online. RATs have a huge list of functionalities and they are the best type of hacking tools available on the market. Now, how do you protect yourself from a keylogger? Just keep your antivirus software updated and install a keyscrambler that encrypts your keystrokes. Unfortunately, once the RAT enters your system you cannot do anything other than formatting your system. An RATs attack can only can be prevented before it enters in your system. For RAT prevention, please do not download any software or keygens online. Also avoid downloading freewares from new websites, only use certified websites like CNET, filehippo, etc. Avoid testing fake hack tools because most hacking tools have keylogger and RATs attached to them. Test it under secured conditions like on Virtual Users.
Learn more about how to avoid trojans:
3. Session Hijacking: Most of us use wireless networks to access the internet and data flow in the form of packets and channels. We know that wireless networks are easier to hack due to their weak encryption. When hackers hack wireless networks, they take control of the internet data transfer and redirect the user to their intended path. Suppose you visit Gmail or Facebook, a hacker gains access and then he redirects you to somewhere on the page and captures your account details. Packet sniffing is another way to hack account information and credentials using the wireless networks. Hackers capture packets and decrypt information to get data in the form of plain text. Now how do you prevent this? The solution is also relatively simple, you just need to hide your SSID and BSSID from being discovered by the other networks. Leave the SSID or BSSID empty. Now hackers will not be able to discover your wireless router in order to hack it.
Learn more about Session Hijacking :
To find out more information on these concepts on how hackers hack bank accounts on an ongoing basis simply join our list.
RECOMMENDED ARTICLES FOR YOU:
That’s all for today friends, I hope you all have liked the discussion about why hacking bank accounts is tough.
If you like my information or have any doubts please post your comments.
No comments