1. Insecure setup or configuration of networks, hosts and devicesOpen ports, weak user credentials, unsafe user privileges and unpatched applications are types of vulnerabilities that a hacker could use to compromise your systems. Unsecure network configurations are usually relatively easy to remedy (as long as you are aware that they are unsecure). However, with an organization’s security posture changing so quickly, it can often only take the addition of new devices or the use of new services to introduce added risks. A good example of this is that more and more organizations are moving to the cloud and failing to check that their environments are secure. Authenticated vulnerability scans on on-premise and cloud networks are good at identifying basic issues, but human penetration testers spend extra time examining security from the outside. As criminals become more sophisticated in the techniques they use, it is human pen testers who are providing invaluable information to businesses about how to keep their infrastructure secure.
2. Flaws in encryption and authenticationEncrypting data, either at rest or in transit, is a common method that organizations use to ensure their communications are secure. SSH, SSL and TLS are common protocols that are used to convert plaintext data (which can be read by humans) into ciphertext data (which cannot be read without a key). In some instances, however, businesses have used less secure encryption methods, and often it is the case that these can be cracked by hackers. In October 2017, it was discovered that WPA2, a protocol used to protect the majority of Wi-Fi connections, was actually breakable. In some cases, hackers will attempt to intercept communications to circumvent authentication systems designed to verify the digital identity of senders. This can allow them to launch so-called man-in-the-middle (MiTM) attacks. Huge organizations such as HSBC, NatWest and Co-op Bank were all at risk for MiTM attacks for up to a year before getting a security flaw fixed. Carrying out penetration testing can help you to determine how secure your communications and data storage methods really are.
3. Code and command injectionIt is widely known and understood that one of the most effective ways for hackers to target web applications is through vulnerabilities in the software programming. By far the most common attack vector targeting web applications is known as SQL injection – this involves the execution of malicious commands designed to instruct or query backend databases for information. This is a common way for hackers to steal identifiable personal information and payment card details. SQL injections are very common and can affect operations of all sizes. A flaw in the Altima Telecom website meant that the Canadian internet provider could have easily been compromised by SQL injection. It was only through the skill of penetration testers that the company was able to address the vulnerability and avert possible disaster.
4. Session managementIn order to improve user-friendliness, web applications use session management controls such as identification tokens or cookies to avoid the need to continually log in an out as well as to store user preferences and record activity. However, these controls can be vulnerable to exploitation by hackers seeking to hijack sessions and obtain higher privileges. Session management testing can help you to assess whether tokens and cookies are created in a secure way that is protected against manipulation. A recent example saw Facebook breached due to a token harvesting attack. Businesses need to be aware, therefore, that similar types of attacks could easily target them. Penetration testing can be extremely valuable in testing for all of these issues, but it is also important to remember that every business will have distinct and different needs. There is no one-size-fits-all penetration test so it is advisable to talk through your requirements with cybersecurity professionals so that they can offer the kind of testing that will benefit you the most.
About the Author: Mike James is a Brighton based cybersecurity professional with over 20 years' experience working in different IT roles. An author for many online and print magazines, Mike has covered a range of different aspects within business and personal cybersecurity - including penetration testing, ethical hacking and other threat detection measures. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.