How To Properly Conduct A Penetration Test
Beware of scanner/software penetration testing services as they are inferior in quality to a genuine manual penetration test.
Agile Armory guarantees that it’s Network Penetration Testing services will produce a report that contains absolutely no false positives, and are likely to identify vulnerabilities that can not be identified with conventional testing methods. If any Agile Armory Penetration Testing deliverable contains false positives, then your next Penetration Test of identical scope and size will be done free of charge.
Our Tested & Proven Penetration Testing Process
The steps below provide a high-level outline of our proven Penetration Testing Process. This process can be augmented by Advanced Threat Modules (ATM) that include, but are not limited to, our stealth testing module, managed security service provider testing module, IDS / IPS effectiveness and tuning module, pseudo-malware module, distributed metastasis module, Social Engineering module, and many more.
Step 1: Logistics and Controls
Logistics and controls is an important yet often overlooked component of delivering quality penetration tests. The purpose of this step is to reduce the rate of false positives and false negatives by assuring proper adjustments are made to all testing modules prior to launch. This module is perpetual in that it continues to run during the entire course of testing. Its purpose is to identify any issues that may exist before testing, or to identify network or system state changes during testing.
Step 2: Advanced Reconnaissance
Agile Armory begins all penetration tests with a combination of Social and Technical reconnaissance. Social reconnaissance, not to be confused with Social Engineering, is focused on extracting information from personal websites, social networking sites like linkedin and facebook, technical forums, internet relay chat rooms, company job opportunities, documents that have been leaked or published, etc. The goal of social reconnaissance is to identify information that might assist in compromising the target. Historically this information has included source code, confidential files, passwords, troubleshooting questions about IT issues, etc.
Technical reconnaissance focuses on the discovery of hosts, service fingerprinting, configuration analysis, web server directory enumeration, the identification of administrative portals, the identification of customer portals, the identification of hidden endpoints such as cable modems or DSL lines, the use of third party services provided by hosting providers, managed security service providers, and much more. Technical reconnaissance may or may not use port scanners, web application scanners, vulnerability scanners, etc. depending on the threat and intensity levels of the service being provided.
Step 3: Analysis
Once initial social and technical reconnaissance tasks are complete, Agile Armory enters an analysis stage. During this stage all information is correlated and an attack matrix is created. The matrix identifies all potential attack vectors and organizes them by probability of successful penetration. Every identified listening port or web application component is considered to be a potential attack vector until proven otherwise.
Step 4: Real Time Dynamic Testing
Once sufficient intelligence has been gathered Agile Armory begins penetration efforts. While common tools may be used to penetrate systems with low-hanging fruit, a manually intensive research driven process is used to penetrate more complex targets. For example, bypassing a Web Application Firewall that is in line with an Intrusion Prevention System to perform successful Blind SQL Injection against an otherwise well hardened web application.
Quality Network Penetration Testing
Network Penetration Testing is a type of Penetration Test that applies to Information Technology. The purpose of Network Penetration Testing is to identify the presence of points where a threat (defined by the hacker) can align with existing risks to achieve penetration. Agile Armory helps prevent penetration by identifying these points and providing effective methods for remediation before they are exploited by malicious hackers.
In order to ensure that Agile Armory’s Network Penetration Tests provide an accurate measure of risk (risk = probability x impact) the tests are delivered at threat levels that are slightly elevated from that which are likely to be faced in the real world (unless reduced by customer requirements). Testing at a lower than realistic threat levels, such as with methodologies that are driven by automation, is ineffective from a true security perspective.
Agile Armory adjusts threat levels by adding or removing attack classes. These attack classes are organized under three top-level categories, which are Network Attacks, Social Attacks, and Physical Attacks. Each of the top-level categories can operate in a standalone configuration or can be used to augment the other. For example, Network Penetration Testing with Social Engineering creates a significantly higher level of threat than just Network Penetration Testing or Social Engineering alone. Each of the top-level threat categories contains numerous individual attacks.
Risk of Outage or Damage
The safety of a service depends on the expertise of the team delivering the services, and on the state and stability of the target(s). Agile Armory’s services are driven by its SNOsoft Research Team. All members of the SNOsoft Research Team are required to be well versed in Vulnerability Research and Exploit Development. This advanced level of expertise is uncommon in the Network Penetration Testing industry and is one of Agile Armory’s primary differentiating factors. Because our experts understand vulnerabilities at the lowest possible levels they are much less likely to cause an outage as the result of a mistake.
Agile Armory’s reporting process is outlined here in detail.
Please contact us for a quote.