See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/303859587

VULNERABILITY ASSESSMENT AND PENETRATION TESTING

Article · January 2012

DOI: 10.47893/IJCCT.2016.1367

CITATIONS READS

16 13,382

3 authors, including:

Sachin Umrao Mandeep Kaur

University of California, San Francisco Krishna Institute Of Engineering And Technology
17 PUBLICATIONS 68 CITATIONS 2 PUBLICATIONS 17 CITATIONS

SEE PROFILE SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Wireless Sensor Network View project

AI in Healthcare View project

All content following this page was uploaded by Sachin Umrao on 09 June 2016.

The user has requested enhancement of the downloaded file.

 VULNERABILITY ASSESSMENT AND PENETRATION TESTING

SACHIN UMRAO1, MANDEEP KAUR2 & GOVIND KUMAR GUPTA3

1,2&3
Department of Computer Application, KIET, Ghaziabad, India
Email: sachin.umrao@rediffmail.com, deepan.mandeep@gmail.com, mastergvnd.378@gmail.com

Abstract-In this modern world, all of the persons are using the facility of internet. SECURITY is one of the major issue of
the internet. Everyday highly skilled hackers breach the security and take the advantage of vulnerabilities to access the
confidential data. To overcome this problem one solution was suggested named Vulnerability Assessment and Penetration
Testing (VAPT). Vulnerability Assessment is the art of finding an open door. Penetration Testing involves a series of
activities undertaken to identify and exploit security vulnerabilities. Penetration testing is widely used to help ensure the
security of the network. Traditional penetration testing were manually performed by tester according to scheme, the process
is usually complex resulting in that it is labor-intensive and requires tester to be familiar with all kind of tools. So it is very
desirable to use a unified method to describe the scheme which can be identified by computer, then the computer can be used
to substitute for tester to perform penetration testing. This paper gives the overview of VAPT and describes the process &
methodology of Vulnerability Assessment and Penetration Testing.

Keywords: Network security, Vulnerability assessment (VA), Penetration Testing (PT), Pen Tester.

I. INTRODUCTION This paper is organized as follows Section: II

describes the detail about VA include its process,
In information system, we repeatedly hear that strengths & weaknesses. Section III. Describe the
security is a journey and not a destination. That’s true detail about PT includes its process, strengths &
because when managing the security of network, we weaknesses, Section IV. Comparison between VA &.
always have to endeavour and stay one step ahead of PT, Section V. Conclusion & Future Scope.
our opponents – the criminals, malcontents, hackers,
spies and miscreants. They steal data and information II. VULNERABILITY ASSESSMENT
without breaking any glass. Keeping data confidential
is one core mission of network security. Opponents "Vulnerabilities are the doorways via which threats
are always honing their method and techniques each are revealed”. Vulnerabilities are actually weaknesses
day to exploit network security and access the in system. A system is any of the following: computer
confidential information. These exploits are attacks system, network system, network nodes, routers,
against: confidentiality, integrity and availability of switches and firewalls and network or computer
network resources. application. It is the inherit defects in systems, web
Confidentiality (being safe from unauthorized applications or even in networks design.
access) Confidentiality refers to limiting information Vulnerabilities are open a door to exploitation.
access and disclosure to authorized user and This generates the possibility for penetration into the
preventing access and disclosure from unauthorized systems that may consequence in unauthorized access
ones. and a compromise of confidentiality, integrity, and
Integrity (correctness and comprehensiveness of availability of network resources. Vulnerability
data) Integrity refers to the credibility of information testing is a process to probe system from known
resources. It ensures that data have not been changed vulnerabilities. Vulnerability Assessment is the
inappropriately either by deliberately or inadvertently process of pinpointing, computing and ranking the
malign activity. vulnerabilities in the system. In this process, such as
Availability (resources are always available to operating systems & application software and
authorized user) Availability refers to the network are scanned in order to identify the
accessibility of the information resources. It ensures occurrence of well-known and unknown
that information must be available to authorized user vulnerabilities. These vulnerabilities are occurs due to
when they accessed. inappropriate software design, insecure authentication
or even much vulnerabilities occurs as a result of
misconfiguration.

International Journal of Computer & Communication Technology ISSN (PRINT): 0975 - 7449, Volume-3, Issue-6, 7, 8, 2012
71
 Vulnerability Assessment and Penetration Testing

On the basis of vulnerabilities tool there are three

A. Process of Vulnerability Assessment board categories of vulnerabilities assessment: Host
Based, Network Based, and Database based.
1. Host Based: Host Based VA identify an issue
particular to an individual host or system. It is carried
out via a host based scanner and able to diagnose
system-level vulnerabilities. The host based tools
load mediator software onto the target system that
traces the events and reports it to the security analyst.
2. Network Based: Network Based VA detect open
ports, identify unknown services running on these
ports and disclose possible vulnerabilities associated
with these service. This is done via a network based
scanners, reside on the network to detect
vulnerabilities.
3. Database Based: Database Based VA identify
security exposures in database systems using tools
and techniques to prevent from SQL- Injections
exploit, can read sensitive data from the database and
provides patch & update the DBMS.
C. Benefits of Vulnerability Assessment
 Some freeware tools are available.
(Output of Vulnerability Analysis goes as input to penetration
testing process)
 Identifies almost all known vulnerabilities.
Fig.1: VA process  Extremely automated for scanning.
 Easy to run on a regular basis.
1. Goals & Objectives: Defines goals and D. Weaknesses of Vulnerabilities Assessment
objectives of Vulnerabilities analysis.  Have high false positive rate.
2. Scope: While performing assessments and tests,  Easily detect by Intrusion Detection System
the scope of the assignment needs to be clearly firewall.
defined. The scope is based on the assets to be  Cause a denial of services by generating bulk
tested. The following are the three possible of packets.
scopes that exist:
 Often fail to notice latest vulnerabilities.
 Black Box Testing: Testing from an external
network with no prior knowledge of the E. Tools for vulnerability assessment
internal networks and systems. TABLE I. Tools for VA
 Gray Box Testing: Testing from an external
or internal network, with knowledge of the
internal networks and systems. This is
usually a combination of black box testing
and white box testing.
 White Box Testing: Performing the test from
within the network with the knowledge of
the network architecture and the systems.
This is also referred to as internal testing.
3. Information Gathering: The process of
information gathering is to obtain as much
information as possible about the IT environment
such as networks, IP addresses, operating system
version, etc. This is applicable to all the three
types of scope as discussed earlier.
4. Vulnerability Detection: In this process, tools
such as vulnerability scanners are used, and
vulnerabilities are identified in the IT
environment by way of scanning.
5. Information Analysis and Planning: This process
is used to analyze the identified vulnerabilities,
combined with the information gathered about
the IT environment, to devise a plan for
penetrating into the network and system.
B. Types of Vulnerabilities Assessment

International Journal of Computer & Communication Technology ISSN (PRINT): 0975 - 7449, Volume-3, Issue-6, 7, 8, 2012
72
 Vulnerability Assessment and Penetration Testing

2. Attempt Vulnerability Exploitation: In this step,

III. PENETRATION TESTING we find out the greatest possible advantage that
we can take from vulnerabilities .The assigned
Penetration testing is more of an art than a science security analyst utilizes a set of tools to exploit
[8]. It is the process of trying to gain unauthorized and gain access to key systems (core servers,
access to authorized resources. Penetration testing is domain controllers, e-mail platforms, ERP, and
also known as an ethical hacking as “breaking into ERM systems, etc.)
your own system to see how hard it is to do.” It is a 3. Document Finding: While testing in-scope
main branch of network security evaluation, which systems, the analyst documents all test findings
aims at providing analysis to discover the within the Frontline Services Platform (FSP), a
vulnerabilities and security threats in systems and secure multi-function portal that allows clients
networks. The purpose of penetration testing is to to receive centralized and standardized
recognize technique of gaining access to a system by reporting functionality.
using common tools and techniques developed by 4. Provide Detailed and Remediation Steps: At
hackers. After vulnerability assessments, which is completion of previous step, the client is
are used to identify and inventory various exposures provided full executive and technical reporting
within the organization’s systems. Penetration testing via the FSP client portal, Frontline. Clients can
attempts to exploit any one of the vulnerabilities to optionally contract for access to a workflow
gain unauthorized access. management tool that is also available with
A. Methodology Frontline. This tool enables you to efficiently
Penetration testing methodology includes three types: manage and track remediation of the penetration
1. A zero-knowledge Test: Penetration test team has test findings.
no real information about the target environment. 5. Populate Workflow Management Portal: Now
2. A full knowledge test: The client organisation clients can take advantage of the integrated
provides full information to test team. workflow management tool to quickly and
3. A partial knowledge Test: Penetration test team effectively deal with discovered issues.
has partial information about the target C. Penetration Testing Strategies
environment. There are two types of Penetration Testing
B. Process of Penetration Testing Strategies: external and internal testing.
1. External Testing: It includes Internet and
Dial-in. In internet, attack on the target
network from outside the network. In Dial-
in, War dialing is the systematic calling of
each number in the number in the target rang
in search of listening modems.
2. Internal Testing: It is performed from
inside the network. The goal is to ascertain
the internal network topology which gives
the mapping of the critical access path.
D. Benefits of Penetration Testing
 Test network or system using the tools and
techniques that attackers use.
 Demonstrate at what depth vulnerabilities can
be exploited.
 Validate vulnerabilities.
 Can provide the realism and evidence needed
to address security issue.
E. Weaknesses of Penetration Testing
 Labor intensive, require great expertise.
 Dangerous when conducted by inexperienced
tester.
 Revel source code to third party.
Fig.2: PT process  Expensive.
1. Scope test Plan: In first step we narrow the  Some tools and methods may be banned by
scope of our test to what is meaningful to the agency regulation.
client.  Conducted in limited time period.
Identify Potential Vulnerabilities: In this step
 If a service is not tested then there will be no
potential vulnerabilities are identified by using
information about its security or insecurity.
some tools. As vulnerabilities are identified then
vulnerabilities are patched.

International Journal of Computer & Communication Technology ISSN (PRINT): 0975 - 7449, Volume-3, Issue-6, 7, 8, 2012
73
 Vulnerability Assessment and Penetration Testing

IV. VULNERABILITY ASSESSMENT Vs Penetration Testing by using tools such as NESSUS,

PENETRATION TESTING NMAP, WIRESHAPR, METASPLOIT, ETTERCAP,
TABLE II. Comparison of VA with PT and CAIN & ABEL.

REFERENCES

[1]. The Canadian Institute of Chartered Accountants Information

Technology Advisory Committee, (2003) “Using an Ethical
hacking Technique to Assess Information Security Risk”,
Toronto Canada.
[2]. http://www.cica.ca/research-and-guidance/documents/it-
advisory-committee/item12038.pdf, accessed on 11/ 23/
2011.
[3]. 2. Edith Cowan University-Research Online, International
Cyber Resilience conference Security Research Centre
Conferences 2010 on Penetration testing and Vulnerability
Assessment: A Professional Approach
[4]. McGraw, G. (2006). Software Security: Building Security In,
Addison Wesley Professional.
[5]. SANS GIAC Security Essentials Training Manual.
[6]. © 2003 by RMA. Joel Lenz leads a technology assurance and
advisory CPA practice; he is the leader of the New York
State Society of CPAs Technology Assurance Committee
Task Force on Security and Privacy; and he is an adjunct
faculty member at Pace University.
[7]. © Appin |Appin Knowledge Solutions
[8]. https://www.schell.com/Top_Ten_Database_Threads.pdf
[9]. K. Scarfone, M. Souppaya, A. Cody and A.Orebaugh,
“Technical Guide to Information Security Testing and
Assessment”, National Institute of Standards and
Technology, Sep. 2008, pp. 36-39.9.

V. CONCLUSION AND FUTURE WORK [10]. Hamisi, N.Y., Mvungi, N.H., Mfinanga, D.A. and
Mwinyiwiwa, B.M.M., “Intrusion detection by penetration
test in an organization network”, ICAST 2009.
In this article we focused on the vulnerability and
penetration tests that give security, an ethical way to [11]. G. J. William, Halfond, S. R. Choudhary and A. Orso,
identify and evaluate system weaknesses and then “Penetration Testing with Improved Input Vector
Identification”, International Conference on Software Testing
mitigate the risks based on the results of such tests. Verification and Validation, 2009, pp. 346-355,
Thus we have reached to a point that to prevent doi:10.1109/ICST.2009.26.
attacker from stealing our confidential data, [12]. Z.Q. XU, “Study on the Penetration Platforin of Network
Vulnerability Assessment & Penetration Testing is Information Security”, Guangdong University of Technology,
necessary. Through VA we can identify the May. 2008.
vulnerabilities and then by PT we can patch the [13]. L. Jehyun, L. Heejo and H. P. In, "Scalable attack graph for
vulnerabilities. risk assessment," in Information Networking, 2009. ICOIN
In future we will concentrate on practical 2009.International Conference on, 2009, pp. 1-5.
implementation of Vulnerability Analysis & [14]. A.Bechtsoudis and N.Sklavos “Aiming at Higher Network
Security Through Extensive Penetration Tests” IEEE latin
america transactions, vol. 10, no. 3, april 2012, p.p 1752-
1756.



International Journal of Computer & Communication Technology ISSN (PRINT): 0975 - 7449, Volume-3, Issue-6, 7, 8, 2012
74

View publication stats