Automated Scanning

Vulnerability Assessment

• Manual Scans
  • Performed by PT experts to find complicated vulnerabilities
• Automated Scans
  • Performed to locate simple and more obvious bugs
• It is recommended that you combine automated scans with occasional, dedicated manual scans.

Automated Scanning

• Used by expert penetration testers
• Enables detection of small, repetitive details
• Automated vulnerability scanners are not replacements for manual testing.

Automated Scanning Types

• Passive scanning is done by using a proxy that inspects pages to which the user navigates.
• Active scanning tries to investigate a page using the fuzzing technique.
• It is best practice to use both.

Vulnerability Scanners

Popular Vulnerability Scanners

• Burp Suite Professional
• Acunetix
• Netsparker
• OWASP ZAP
• Nikto

Nikto

• Nikto is an open-source web server scanner.
• It is pre-installed on some Linux operating systems.
• It performs web server testing relatively fast.

Burp Suite Scanner

• The Burp Suite scanner is considered a passive scanner.
• It detects vulnerabilities and displays related information.
• Selecting an identified vulnerability displays additional information.

Acunetix

• Acunetix can perform extensive, repetitive scans.
• It offers a variety of additional scanning features.
• Its features include crawling, auditing, authenticated logins, and report creation.

OWASP ZAP

• OWASP ZAP is an opensource web application security scanner.
• You can add many extensions to the tool.
• It is the official OWASP scanner.

PT Report Subjects

Writing a Report

• Summary of findings
• Extensive, detailed documentation
• Security-level assessment
• Suggestions for solutions
• A good report contains both findings and solutions.

Report Types

• Executive Report
  • Contains only general details about the audit and the main points of the findings
• Detailed Report
  • Contains all possible details, including an extensive explanation of the vulnerability
• A good PT report should be a combination of the two types.

Report Sections

• Introduction
• Executive Summary
• Findings
• Appendices

Executive Summary

• Contains a general description of the organization’s data security level
• The report includes a graph representing the vulnerability level.
• The report should also include identified vulnerabilities in a list format.

Vulnerability Documentation

• Each vulnerability is assigned a risk, severity, and probability value.
• The values are used to assess the company’s vulnerability level.
• Each vulnerability is listed as a separate entity.

Security-Level Assessment

• Calculation methods can be found on OWASP’s webpage.
• The calculations are based on availability, ease of exploitation, and other factors.
• The classifications become easier to work with over time.

Regulations

• GDPR
• HIPAA
• ISO 27001
• PCI DSS