Upload File

ethical hacking & penetration testing

13
Ethical Hacking & Penetration Testing Presented By: Emily Chow July 6, 2011

Upload: ecmee

Post on 24-May-2015

1.706 views

Category:

Technology


3 download

Report

Tags:

TRANSCRIPT

Page 1: Ethical Hacking & Penetration Testing

Ethical Hacking & Penetration TestingPresented By: Emily ChowJuly 6, 2011

Page 2: Ethical Hacking & Penetration Testing

AgendaWhat is Ethical Hacking/Penetration Testing?

Issues Relevant to Organizations

Benefits & Limitations of Penetration Testing

Impact on the CA Profession

Current Issues

#1

Tools & Techniques of Penetration Testing

#2

#3

#4

#5

#6

#7 Recommendations

Page 3: Ethical Hacking & Penetration Testing

1. What is Ethical Hacking/Penetration Testing?

• Objective: Improve the security system and close the security gaps before a real hacker penetrates within the organization

• Preventative measure

• Exploit a company’s security weaknesses by using same or similar techniques of malicious hackers

• “White Hat Hackers”

• “Red Team”

Page 4: Ethical Hacking & Penetration Testing

2. Issues Relevant to Organizations

• Internal Risk: malicious employees & employee’s lack of security awareness

• External Risk: exploitation of external hackers

• Non-Financial Losses: damaged reputation, loss of credibility

• Financial Losses: lost in revenue, litigations

Page 5: Ethical Hacking & Penetration Testing

PROS - AUTOMATION• Cost-effective• Perform in several hours• As frequent as possible

• Flexibility of substituting different scenarios

PROS - MANUAL

2. Types of Penetration Testing: Automated vs. Manual

• WARNING: Both are NOT 100% Guaranteed!

Page 6: Ethical Hacking & Penetration Testing

EXTERNAL• Simulate Malicious Hacker• Use of Internet or Extranet

• Simulate Employee• Use of Intranet

INTERNAL

2. Types of Penetration Testing: External vs. Internal

Page 7: Ethical Hacking & Penetration Testing

Web Applications Software

2. Penetration Testing Techniques

Denial of Service

Wireless Network

Social Engineering

Google Hacking

Page 8: Ethical Hacking & Penetration Testing

Google search: intitle:"index of" site:edu "server at"

3. Google Hacking Example

Page 9: Ethical Hacking & Penetration Testing

BENEFITS• Strengthen security

procedures and processes• Improve efficiency and

effectiveness of risk management

• Increase degree of transparency

• Not 100% guaranteed• Changing technology• Legislations and contractual

obligations restrictions• Limited resources over

limited period of time

LIMITATIONS

4. Benefits & Limitations of Penetration Testing

Page 10: Ethical Hacking & Penetration Testing

5. Impact on CA Profession

• Provide greater assurance in addition to SysTrust, WebTrust and Section 5900

• Conformity with PIPEDA, Gramm-Leach-Act and SOX• IS Auditing Standards, CISA, COBIT Framework• Goes beyond the traditional methods by auditors

Page 11: Ethical Hacking & Penetration Testing

6. Current Hacking Issues in 2011

• Sony’s PlayStation Video Games – loss of personal data from 77M users’

• Sony Ericsson’s Canada eShop- loss of data from 2,000 customer accounts

• Google’s Gmail Accounts – U.S. Government Officials• CitiBank – loss of 200,000 credit card customers data

This calls for a greater need for penetration testing!

Page 12: Ethical Hacking & Penetration Testing

• SIGNIFICANCEBreach of trust

• LIKELIHOOD“Target of choice”

“Target of opportunity”

• PENETRATION TESTING

7.Recommendations

Page 13: Ethical Hacking & Penetration Testing

Thank You!

Please feel free to contact me via uwace if you have any questions


Ethical Hacking Using Penetration Testing

hacking and ethical hacking

Penetration Testing / Ethical Hacking

the-eye.eu · Advanced Web App Penetration Advanced Penetration Testing, Testing and Ethical Hacking Exploits, and Ethical Hading and Ethical Hading and Ethical Hading c cit/ SQL

Hacking & Ethical Hacking

Ethical Hacking & Penetration Testing Techniques

INFORMATION Network Security 2019 TRAINING · SEC642 Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques SEC660 Advanced Penetration Testing, Exploit

The Most Trusted Source for Information Security Training ...€¦ · SEC542 Web App Penetration Testing and Ethical Hacking---- ... SEC575 Mobile Device Security and Ethical Hacking-----FOR500

Penetration Testing Guide - TBG Security“Ethical Hacking” and other types of hackers and testing I’ve heard about? The terms Ethical Hacking and Penetration Testing are synonymous

Ethical Hacking & Penetration Testing

# !@ Ethical Hacking. 2 # !@ Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting

Ethical Hacking & Penetration Testing

Cybersecurity Professional - Zoom Cybersense · INTRODUCTION TO ETHICAL HACKING What is Hacking What is Ethical Hacking What is Penetration Testing What is Vulnerability Auditing

ETHICAL HACKING AND PENETRATION TESTING GUIDE › pentestingbootcamp › books › Poste… · Library of Congress Cataloging‑in‑Publication Data Baloch, Rafay. Ethical hacking

Protect Your Business | Advance Your Career · Eight hands-on, immersion-style ... Cyber Defense Penetration Testing Ethical Hacking ... SEC560 Network Penetration Testing and Ethical

2016 October November December - Microsoft · Master an ethical hacking methodology that can be used in a penetration testing or ethical hacking situation. Prepare for EC-Council

Ethical Hacking Module I Introduction to Ethical Hacking

Ethical Hacking dallo sviluppo Ethical Hacking, dallo ...panzieri.dia.uniroma3.it/Colloquia/Colloquia/Eustema_AIIC-sicurezza... · Ethical Hacking dallo sviluppo Ethical Hacking,

Free Style Penetration Testing · Penetration Testing •Pen-test, Pen-testing •Ethical hacking techniques ... •Copy Windows XP vmdk file (VirtualXPVHD_original.vmdk) •Create

Using an Ethical Hacking Technique to Assess Information ... an Ethical Hacking Technique to Assess Information Security Risk 3 It is important to point out that a penetration test

Ethical Hacking: Hacking GMail. Teaching Hacking

Ethical Hacking Module 01 Introduction to Ethical Hacking

Penetration Testing - Montana State University · Penetration Testing •We are considering White Hat hacking –Ethical hacking •But to do that, we have to act like an attacker

Ethical Hacking as a Professional Penetration Testing ... · PDF fileEthical Hacking as a Professional Penetration Testing Technique Rochester ISSA Chapter Rochester OWASP Chapter

Ethical Hacking as a Professional Penetration Testing Technique

Ethical Hacking & Penetration Testing Techniques · Introduction to Ethical Hacking The aim is to introduce the participants to ethical hacking terminology, as well as to define the

Penetration Testing and Ethical Hacking

Ethical Hacking is testing the resources for a good cause and for the betterment of technology. Technically Ethical Hacking means penetration

Hacking – Ethical Hacking

sarkariresults.org.insarkariresults.org.in/upload/SOENG.pdfexperience in ethical hacking, ... Cyber Forensic Analyst Certified Ethical Hacker & Penetration ... Indian Army/Navy/Air

Including the Top Gun Jobs - Wilmington Universityand Ethical Hacking (GPEN) • SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses (GAWN) • SANS Pen Testing Summit

Ethical Hacking: Rationale for a hacking methodological ...infosecwriters.com/text_resources/pdf/Ethical_Hacking_Hartley.pdf · Ethical Hacking 3 Ethical Hacking: Rationale for a

Network Penetration Testing: Ethical Hacking - Sans Brochure

SEC617 (GAWN): SANS Wireless Ethical Hacking, Pen Testing ... · SEC617 SANS Wireless Ethical Hacking, Penetration Testing and Defenses – Index Page 6 of 38 SANS SEC617 (GAWN) Wireless

Ethical hacking: Threat modeling and penetration testing a