Download Material here
How does a Enterprise VAPT takes place ?
What is a report and its findings.
Detailed discussion on : False Positive, False Negative, True Positive, True Negative.
Two things for Penetration Testing:
1. Manual Penetration Testing ( No tooling, manual security test cases).
2. Automated scanning (Tools based)(Vulnerability Management).
5. Introduction to Zap proxy scanner.
6. A look at the website cookies, setting a cookie and cookie manipulation.
Detailed Notes down below:
### 1. How does Enterprise VAPT take place?
**Vulnerability Assessment and Penetration Testing (VAPT)** in an enterprise context is a comprehensive approach to securing a company's network and application infrastructure. The process typically involves the following steps:
1. **Scoping** - Identifying the boundaries and objectives of the assessment. This includes defining the systems, networks, and applications to be tested.
2. **Reconnaissance** - Gathering information about the target system to find ways to infiltrate it. It could involve identifying IP addresses, domain details, and network services.
3. **Vulnerability Assessment** - Utilizing various tools and techniques to identify vulnerabilities in the system. The vulnerabilities could be existing flaws, bugs, or misconfigurations.
4. **Penetration Testing** - Actively exploiting identified vulnerabilities to understand the extent of a potential breach. This step tests the defensive measures of the system.
5. **Reporting** - Documenting the findings, including vulnerabilities, data that was accessed, and recommendations for securing the system.
6. **Remediation** - Based on the report, fixing the identified vulnerabilities to prevent potential breaches.
7. **Retesting** - After remediation, retesting to ensure that the vulnerabilities are adequately addressed.
### 2. Report and Its Findings
A VAPT report usually comprises the following sections:
1. **Executive Summary**: Overview of the assessment, including objectives, scope, and methodology.
2. **Findings**:
- **Vulnerabilities**: Detailed information about identified vulnerabilities.
- **Impact**: The potential impact of each vulnerability.
- **Risk Level**: The risk level associated with each vulnerability.
- **Recommendations**: Suggestions for mitigating identified vulnerabilities.
3. **Technical Details**: Detailed technical information about the vulnerabilities, including proof of concept, if any.
4. **Conclusion**: A wrap-up of the assessment, emphasizing critical findings and next steps.
5. **Appendix**: Additional information and data supporting the report findings.
### 3. Detailed Discussion on False Positive, False Negative, True Positive, True Negative
These terms are commonly used to describe the results of security assessments:
1. **True Positive**: A real vulnerability or issue was detected, and the alert or finding is correct.
2. **True Negative**: No vulnerabilities were detected, and indeed no vulnerabilities exist.
3. **False Positive**: The assessment tool incorrectly identified a vulnerability or issue, which in fact, does not exist. This could lead to wasting resources on non-existing issues.
4. **False Negative**: The tool failed to identify an existing vulnerability, which means the system is at risk, but the assessment does not show it. This is a dangerous scenario as it provides a false sense of security.
### 4. Two Things for Penetration Testing
#### 1. Manual Penetration Testing
- **Approach**: Relies on the expertise of the tester to simulate a real-world attack.
- **Techniques**: Social engineering, manual code review, physical security tests.
- **Benefits**: Can identify logical flaws, provides a deeper understanding of the environment.
- **Limitations**: Time-consuming, relies heavily on the expertise of the tester.
#### 2. Automated Scanning
- **Approach**: Uses automated tools to identify vulnerabilities.
- **Tools**: Vulnerability scanners like Nessus, OpenVAS, etc.
- **Benefits**: Faster, can cover a large area in a shorter time, can identify known vulnerabilities quickly.
- **Limitations**: May generate false positives/negatives, may not identify logical flaws.
### 5. Introduction to Zap Proxy Scanner
The ZAP (Zed Attack Proxy) is an open-source web application security scanner. It helps you find vulnerabilities in web applications while you are developing and testing your applications. Its key features include:
1. **Automated Scanners**: Automated scanners to find various vulnerabilities.
2. **Manual Testing**: Allows manual testing of applications.
3. **Web Socket Support**: Supports WebSocket for assessing real-time applications.
4. **Scripting**: Allows the creation of scripts for automated tasks.
5. **API**: Comes with REST API to integrate with other tools and platforms.
### 6. A Look at Website Cookies, Setting a Cookie, and Cookie Manipulation
Website cookies are small pieces of data stored on the user's computer by the web browser while browsing a website. Cookies are used to remember stateful information like login status, shopping cart contents, and more. Here's how cookies can be manipulated:
1. **Setting a Cookie**: Usually, a server sets a cookie through HTTP headers (Set-Cookie header). A cookie can also be set using JavaScript (`document.cookie`).
2. **Cookie Manipulation**:
- **Viewing**: You can view cookies in the browser's developer tools under the Application/Storage tab.
- **Editing**: Cookies can be edited using browser developer tools or JavaScript.
- **Deleting**: Cookies can be deleted from the browser settings or using JavaScript.
3. **Security Concerns**:
- **Cookie Theft**: If cookies are not secured properly, attackers might steal them to impersonate a user.
- **Cross-Site Scripting (XSS)**: An attack where an attacker can manipulate cookies through scripts.
- **Cross-Site Request Forgery (CSRF)**: An attack where an attacker tricks a user's browser into making an unwanted request, potentially leveraging the user's cookies.
4. **Securing Cookies**:
- **HttpOnly**: Prevents JavaScript from accessing the cookie.
- **Secure**: Ensures the cookie is only sent over HTTPS connections.
- **SameSite**: Helps to protect against CSRF attacks by restricting when the cookie is sent.
I hope this information provides a comprehensive view of your requested topics! If you have further queries, feel free to ask.
Comments