Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Advanced Infrastructure Penetration Testing

You're reading from   Advanced Infrastructure Penetration Testing Defend your systems from methodized and proficient attackers

Arrow left icon
Product type Paperback
Published in Feb 2018
Publisher Packt
ISBN-13 9781788624480
Length 396 pages
Edition 1st Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
Chiheb Chebbi Chiheb Chebbi
Author Profile Icon Chiheb Chebbi
Chiheb Chebbi
Arrow right icon
View More author details
Toc

Table of Contents (14) Chapters Close

Preface 1. Introduction to Advanced Infrastructure Penetration Testing FREE CHAPTER 2. Advanced Linux Exploitation 3. Corporate Network and Database Exploitation 4. Active Directory Exploitation 5. Docker Exploitation 6. Exploiting Git and Continuous Integration Servers 7. Metasploit and PowerShell for Post-Exploitation 8. VLAN Exploitation 9. VoIP Exploitation 10. Insecure VPN Exploitation 11. Routing and Router Vulnerabilities 12. Internet of Things Exploitation 13. Other Books You May Enjoy

Pentesting maturity and scoring model

Penetration testing like any systemic methodology needs to be evaluated to provide useful insights about the reliability of the used methodology. A well-designed pentesting approach and a good evaluation strategy should be based on quantified approved criteria, to quickly determine the depth and the quality of testing. Industry leaders are aware of all well-known penetration testing methodologies, but due to some understanding difficulties, many of these companies are using their own methodologies. An effective penetration testing program assures that the objectives of your penetration testing program were met without creating misunderstandings, misconceptions, or false expectations. A maturity model is needed to assure that the pentesting methodology meets the organization needs; you can build the most suitable maturity model for your organization needs. You can get inspired by a penetration testing model made by voodoo security. It is built to give an idea about such models.

The penetration testing maturity model is based on three main criteria. Each criteria has five questions to answer by yes or no. If yes, the overall score will be added by one point, else, it will add nothing. Based on your responses to all the questions, the overall score will define the evaluation of your penetration test.

Realism

This metric is used to evaluate whether the penetration testing is realistic, and it is built to simulate real-world attacks. Answer the following questions in terms of yes or no:

  • Did you use the black box approach?
  • Did you avoid detection?
  • Did you use social engineering?
  • Did you use exfiltrated data?
  • Did you emulate a malware?

Methodology

This metric is based on the methodology itself, and the tools are used in every step when conducting the penetration testing. Answer the following questions in terms of yes or no:

  • Does the used methodology already exist or is it customized?
  • Are all the steps done in a connected way?
  • Did you use both manual and automated tools?
  • Did you actually exploit the target?
  • Is pivoting allowed?

Reporting

This metric evaluates the resulting report as it is an important step in penetration testing, whereas it is written for multiple audiences. Answer the following questions in terms of yes or no:

  • Did you remove false positives?
  • Are your steps repeatable?
  • Are the vulnerabilities assessed used in contextual risks?
  • Do the results align with the business needs?
  • Is the remediation plan suitable for the organization?

Based on the obtained score, you can evaluate your penetration testing and rank it using the following scale:

  • 0-5: Low maturity level
  • 6-10: Medium maturity level
  • 11-15: High maturity level

For better presentation, you can use graphical charts:

You have been reading a chapter from
Advanced Infrastructure Penetration Testing
Published in: Feb 2018
Publisher: Packt
ISBN-13: 9781788624480
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image