Detailed introduction to penetration testing and vulnerability scanning

1. Concept

Penetration testing:

There is no standard definition of penetration testing , a common statement reached by some foreign security organizations; an evaluation method to evaluate the security of computer network systems by simulating the attack methods of malicious hackers. This process includes proactive analysis of any weaknesses, technical flaws, or vulnerabilities in the system from a position where an attacker may exist and be in a position to proactively exploit security vulnerabilities.

Penetration testing has two significant characteristics:

1. Penetration testing is a gradual and in-depth process, from shallow to deep, step by step. The heart of the target is the so-called capture drone. 2. On the one hand, penetration testing tests whether the security protection measures of the business system are effective and whether various security policies are implemented from the perspective of the attacker. On the other hand, penetration testing will highlight potential security risks in the form of real events. , after the penetration test is completed, write a penetration test report and feed it back to the customer, and immediately perform security reinforcement to solve the security problems discovered during the test.

Penetration testing classification:

Usually divided into black box testing, white box testing, and gray box testing.

Vulnerability scanning:

Vulnerability scanning, referred to as leakage scanning, refers to detecting the security vulnerabilities of specified remote or local computer systems through scanning and other means based on the vulnerability database. , a security detection that discovers exploitable vulnerabilities.

Missed scanning tools:

We generally use NESSUS, awvs, in our work OpenVAS, NetSparker, OWASP ZAP and other tools.

Vulnerability scanning classification:

Generally divided into network scanning and host scanning.

Through vulnerability scanning, the scanner can discover the configuration information of the remote network or host, the allocation of TCP/UDP ports, the network services provided, the specific information of the server, etc.

2. Workflow

General process of penetration testing:

Main There are clear goals, information collection, vulnerability detection, vulnerability verification, information analysis, obtaining required information, information sorting, and forming a test report.

Penetration testing is difficult to operate, and the scope of penetration testing is also targeted and requires human participation. You’ve heard of automated vulnerability scanning, but you’ve never heard of automated penetration testing in the world. During the penetration testing process, information security penetration personnel use a large number of tools and require very experienced experts to conduct testing, which cannot be achieved by training for one or two months.

Vulnerability scanning is to discover existing vulnerabilities in network devices, such as firewalls, routers, switch servers and other applications. The process is automated and mainly targets potential vulnerabilities on the network or application layer. and known vulnerabilities. The vulnerability scanning process does not involve the exploitation of vulnerabilities. Vulnerability scans are performed company-wide, requiring automated tools to handle large volumes of assets. Its scope is wider than penetration testing. Vulnerability scanning products are typically operated by system administrators or security personnel with good networking knowledge, and using these products effectively requires product-specific knowledge.

Vulnerability scanning mainly uses five main technologies: ping scanning, port scanning, OS detection, vulnerability detection, and firewall scanning. Each of these technologies has different goals and principles of application. Ping scanning It works at the Internet layer; port scanning and firewall detection work at the transport layer; OS detection and vulnerability detection work at the Internet test layer, transport layer and application layer. Ping scanning mainly determines the IP address of the host, port scanning detects the open ports of the target host, and then performs OS detection and vulnerability scanning based on the results of the port scanning.

Generally large companies will purchase automated vulnerability scanning products and conduct vulnerability scanning regularly every day or every week. It is similar to installing anti-virus software on your computer. You only need to Just scan it and perform anti-virus regularly. Penetration testing is done when new products are launched, or when it is discovered that the company has very important data on the server. For fear of being leaked or stolen, professional security vendors conduct manual penetration testing on a regular basis.

It can be seen that the two do not exist independently, and they need to be used in combination to achieve the best results and ensure the company's information security.

3. Nature

Penetration testing is much more aggressive. It will try to use various technical means to attack the real production environment; on the contrary, vulnerability scanning will only use a non-invasive method. A comprehensive approach to carefully locate and quantify all vulnerabilities in the system.

We can talk about the difference between vulnerability scanning and penetration testing based on cases:

Here we use Nessus as an example to do vulnerability scanning testing, and now the number of IP addresses scanned by Nessus has been Limitation, it seems that only 16 host IPs can be scanned, but as a novice, I got a virtual machine version of Nessus with the help of a friend. First, open https://192.168.205.149:8834 locally. The port for Nessus login is usually 8834. I scanned my virtual machine host locally.

The scan results can be exported for local viewing:

The above are the steps for Nessus vulnerability scanning. Generally, the ports opened by the host, running services, system vulnerabilities, overflow vulnerabilities, middleware (lower versions will output medium, high and low vulnerability identification), ssl The problem of low version is that these miss the main output results. As mentioned above, vulnerability scanning is to carefully locate and quantify all vulnerabilities in the system, while penetration testing is to use various attack methods (with authorization) to attack the real environment or test environment. Not limited to social engineering. It takes much more work than vulnerability scanning.

Generally, vulnerability scanning is done on the intranet. The customer gives you a list of host assets, and then you add the IP address of the asset list to the vulnerability scanning device for automated scanning. As for penetration testing (white box, black box, gray box), I mainly do black box testing in penetration testing. Compared to everyone, we all know that the early stage of black box testing is very boring, and you need to find the relevant assets of the target yourself. For example, digging subdomain names, running sensitive directories, scanning ports, etc. The amount of information collected in the early stage will determine the degree of penetration in the later stage. The general penetration test report output format is as follows:

4. Consumption cost and time

Compared to what everyone knows about penetration testing Compared with the cost and time of vulnerability scanning, generally speaking, penetration testing requires various preparations in the early stage. The more comprehensive the information assets are collected in the early stage, the deeper the penetration will be in the later stage. It is not only a process from shallow to deep, but also A chain reaction; compared to vulnerability scanning, which takes much less time, vulnerability scanning is generally scheduled and automated.

In short, the best results can be achieved by combining vulnerability scanning and penetration testing to help determine the most suitable control measures for the company, department or practice - both vulnerability scanning and penetration testing are very important. Applied to different purposes, produce different results.

Recommended related articles and tutorials: Web server security

The above is the detailed content of Detailed introduction to penetration testing and vulnerability scanning. For more information, please follow other related articles on the PHP Chinese website!