Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Vishwas Sharma
Vulnerability Testing
Approach
Outline
Structure of Technology
Why to test
What to test
When to test
How to test
Demo of a unix platform test
Hot topics
10
Definition
Penetration testing v Vulnerability testing ?
Wikepedia
Why testing
12
13
Defense in depth
Network
Operating
System
Database
Application
14
Tester
Nmap
Nessus
Network
elements
e.g
SGSNs,
HLRs
Sun
Solaris
Application
Server
HP-UX
Redhat
Oracle
DB
Apache Web
server
Windows File
server
15
Nmap
16
17
Tester
Network
elements
e.g
SGSNs,
HLRs
Sun
Solaris
Application
Server
HP-UX
Redhat
Oracle
DB
Apache Web
server
Windows File
server
18
Tester
Network
elements
e.g
SGSNs,
HLRs
Sun
Solaris
Application
Server
HP-UX
Redhat
Oracle
DB
Apache Web
server
Windows File
server
19
Backtrack
20
Tester
Network
elements
e.g
SGSNs,
HLRs
Assuria CLI Remote test (Data
Centre)
Sun
Solaris
Application
Server
HP-UX
Redhat
Oracle
DB
Apache Web
server
Windows File
server
21
Zero-Days
elimination
Can be employed both on node- and system level
Multi tiered effort is needed
Vendors to integrate systematic security testing in processes
End user organizations to do system level acceptance testing
Pentest Government mandated certification processes
Pentesting focuses on identifying individual vulnerability
from outside perimeter Fuzzing focuses on finding and
eliminating vulnerabilities holistically
Conclusions
We need to adopt security testing in SDLC
Pre-deployment security testing should be
carried out
We need to test security beyond
obvious(Known)
We need to secure Operational environment
of the applications
We need to bring awareness about secure
usage