Web Hacking: Become a Pentester - Lecture 3: Methodology

Опубликовано: 13 Декабрь 2017
на канале: ÆTHER SECURITY LAB
956
16

In this video I introduce the testing methodology I use in work as well as follow in this course.

This is a preview lecture from my online web hacking training called Web Hacking: Become a Pentester.

Check out the full course: http://aetherlab.net/y/ho

Website: http://aetherlab.net
Blog:   / gergely.revay  
Trainings:
Web Hacking: Become a Web Pentester - https://hackademy.aetherlab.net/p/web...
Learn Burp Suite, the Nr. 1 Web Hacking Tool - https://hackademy.aetherlab.net/p/bur...
Reverse Engineering with Radare2 - https://hackademy.aetherlab.net/p/rad...

Transcript:
Hi,

As I said we will learn how a professional security assessment is done. So in this lecture I will describe the process of an assessment.

An assessment can be split into the following phases:
1) Planning phase
2) Testing phase
3) Reporting phase

This course is about the testing phase, I will talk briefly about the other to but we won't go into details.

Planning phase: I consider the planning phase from the first contact with the customer until the testing is started. The customer expresses his interest in your services and you decide that you will do an assessment for him. This phase have the following goal:
Decide the scope of the assessment, how big is the target application and how much time you are gonna test.
The customer prepares a test system for you, which is hopefully not the productive system. He makes backups and notifies any third parties that an assessment will be done, otherwise there will be a lot of surpised and pissed people.
Customer gives you credentials to the target system. We usually work with 2 users per user role including adminstrator. Some people ask, why administrator access is necessary, because there is nothing to hack than. The reason is that it speeds up the test significantly. You will only have a few weeks to test, when a real attacker have practically unlimited time. So having administative access only helps to be more efficient.

Testing phase: obviously the testing phase is where the real testing begins. You should attack the application only in this timeframe, otherwise it could be considered illegal. So the fun happens here. In this phase you will do the following activities:
Discovery of the application, basically clicking around and scanning to get to know your target.
Information gathering: checking the technologies and frameworks used by the target. Looking for public vulnerabilities.
Finding vulnerabilities, that is the focus of this course
Exploitation: creating proof-of-concept attacks against the vulnerabilities to show how a real attacker would exploit it

Reporting phase: to be honest with you, eveybody hates reporting. But from business perspective this is the most important part of your work. The customer only sees your report, so if it is not good quality then he will think that you did not do a good job, even if you found awesome hacks and exploits. Usually you will write a report where you document all your findings and make a final presentation to the customer where you talk the findings through.

In the rest of the course we will talk about the Testing phase and a little about the reporting at the end. So thanks for watching and see you in the next section.