Hackers feed on the lack of penetration testing and security audits

Network and software security? Hacker’s feed on the lack of it. They live for the challenge of finding vulnerabilities, and they know when and how to accomplish their cyber intrusions just when you think your audits are trustworthy.

The legacy notion of companies hiring a computer wonk to test network and software weakness is just that: an old way of trying implementing the all-important ‘pentest’ (penetration testing), according to an overview on MSDN Magazine, “Penetration Testing,” by author James A. Whittaker.

“…you probably envision a lone genius performing arcane tests against some hapless piece of software. And before the renaissance in penetration testing, that was probably a realistic image.”

Today’s software, for the most part, is tougher to ‘penetrate’ simply because its development uses the Security Development Lifecycle (SDL), which is “front-loaded” in its design.

All the more reason to consider careful steps in planning your penetration scena rios; a summary of his guidelines include:

”ENVIRONMENT ATTACKS”

Whittaker offers a series of “trust questions” that takes into account the nature of any enterprise architecture: Software does not operate onto itself in “total isolation.” 

* Are your applications trusting their “local environment” as well as “remote resources”?
* Is your application dumping sensitive information areas readable by other applications?
* Is every loadable file trusted without “verifying content”?

“INPUT ATTACKS”

It’s all about “subsets” within the pentest: network protocols, sockets, Web services, data files, to name a few. A most vital component to penetration testing is determining which “input is properly controlled,” as well as identifying the gremlins and keeping them out.

Consider using our nationwide Boot Camp Training that covers Ethical Hacking and Penetration Testing; we teach skills in confined networks that give the much-needed hands-on to learn about network and software vulnerabilities.

Contact us to learn how you can put our cyber security experts to work for you.

This entry was posted in Ethical Hacking and tagged , , , , . Bookmark the permalink.

Comments are closed.