securityday2011_exposing_real_world_attacks(1).pdf

(1593 KB) Pobierz

HERVÉ SCHAUER CONSULTANTS

Cabinet de Consultants en Sécurité Informatique depuis 1989

Spécialisé sur Unix, Windows, TCP/IP et Internet

Security Day 2011

Pentests:

Exposing real world attacks

Renaud Dubourguais

<Renaud.Dubourguais@hsc.fr>

Jean-Baptiste Aviat

<Jean-Baptiste.Aviat@hsc.f>

Hervé Schauer Consultants

Information security consulting company since 1989

Fully independent intellectual expertise services

Free of any distribution, integration, outsourcing, staff delegation or third-

party investors biases

Services: consulting, research, audit, penetration tests,

training

Field of expertise

OS Security : Windows, Unix ,Linux and embedded components

Application security

Network security

Organizational security

Consultants certifications :

2/28

CISSP, ISO 20000-1 Lead Auditor, ISO 27001 Lead Auditor, ISO 27001 Lead

Implementor, ISO 27005 Risk Manager, ITIL, ProCSSI, GIAC GCFA

What is a pentest?

Simulation of a real attack on:

Infrastructure by exploiting badly designed firewall rules, exposed

services, ...

Exposed Web applications by testing user inputs, application bugs, …

Mainly from two point of view:

Blackbox, without information about the remote infrastructure, just a URL

Greybox, with a user account

Various purposes:

Security assessment

Decision makers awareness

Technical staff awareness

3/28

Security assessment (1/3)

Assess the global security level of your infrastructure:

Applications

Network

Websites...

Technical skills needed:

Dedicated to real hackers

Or accessible to script kiddies ?

4/28

Security assessment (2/3)

Pentest

should not to be mistaken with vulnerability

scanning

or vulnerability

assessment.

Vulnerability scanning (Qualys, Rapid7, Nessus...) is cheap and automated but :

Results are not

confirmed

by a

human

assessor

Does not necessarily

prove

that a vulnerability is there and actually

exploitable

(lots of 'might/could be vulnerable' in reports)

Can not look for for tricky vulnerabilities in

web applications

in an efficient

and useful way

Can not

bounce

(from a compromised system to a vulnerable one) to prove

that more systems are at risk

Has no notion of

business risk

(all vulnerabilities considered the same)

Are tools for regulatory and compliance, but not the ones used by hackers to

penetrate systems

This presentation is about

real pentests,

simulating

real-world attacks

5/28

Plik z chomika:

musli_com

Inne pliki z tego folderu:

3A(1).pdf (343 KB)
A Closer Look At Ethical Hacking And Hackers(1).pdf (83 KB)
A Practical Fault Attack on Square and Multiply(1).pdf (366 KB)
A Primer on Scientific Programming with Python (2009)(1).pdf (6983 KB)
A+(2).zip (9992 KB)

securityday2011_exposing_real_world_attacks(1).pdf

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: