The Internet provides great freedom, and we already got used to it. Now the teller is presenting the bill. Security costs money. Without security you may be blackmailed for ransom, your user's data may be stolen, or your Internet service may be blocked. So, whom would you prefer to pay, the hacker or the security expert?
I recently had the opportunity to attend a presentation about web security. This has become a big business. You pay a specialist to do a "pen test" - no, it's not about pencils, it's about penetration of your IT company. Here are some notes about this meeting. Lots of new acronyms to learn.
Hacker's Operating System
| Kali LINUX | A Debian LINUX already equipped with most tools that a hacker or penetration tester will want to use. Started 2012. |
Hacker's Tool Suite
| Burp Suite | A graphical user interface to work out a hack. Provides screenshots of all pages of a site, easy HTTP request manipulations and resends. You can do a lot of things with this tool, but you must study it. |
Penetration Test Tools
| Nmap | Open source, started 1998. Provides host discovery, service- and operating-system detection, .... |
| Nessus | Started 1998, commercial having version 8, but version 2 is still open source and maintained. Finds open ports, executes brute force password detection attacks, can launch Denial of Service attacks. |
| Metasploit | Open source, started 2003. Specializes on exploits through operating-system-specific vulnerabilities. |
Mitigation on Software Level
| OWASP | OWASP = Open Web Application Security Project. Online community that produces freely-available articles, methodologies, documentation, tools, and technologies. |
| CVE | CVE = Common Vulnerability Exposure. |
Mitigation on Network Level
| ZAP |
ZAP = Zed Attack Proxy. An OWASP tool. Used as a proxy server it allows to manipulate all of the HTTP/HTTPS traffic that passes through. Intended to be used by both those new to application security as well as professional penetration testers. |
| CDN |
CDN = Content Delivery Network. Cloudflare or MaxCDN are commercial caching- and security-services that may defend Distributed Denial of Service attacks. |
| IDS, IPS |
IDS = Intrusion Detection System,
IPS = Intrusion Prevention System. Sits behind the firewall and provides analysis about dangerous content (IDS), or filters it out (IPS). |
WAF |
WAF = Web Application Firewall. Can prevent attacks through SQL injection, cross-site-scripting (XSS), file inclusion, and security misconfigurations. |
Others
| haveibeenpwned | Has one of your e-mail accounts been hacked? |
| yasni | What the Internet knows about you. |
| aircrack-ng | WIFI (wireless network) security checks. |
| Open Bug Bounty | Cross-site-scripting (XSS) vulnerabilities. |
| Beef Project | Specializes on browser vulnerabilities. |
| Crackstation | Free password hash cracker. Uses massive pre-computed lookup tables to turn password hashes back into passwords. |
| Shodan | Commercial website, a search service for the "Internet of Things" (including all kinds of databases). Called "The Hacker's Google". |
| eyewitness | A headless browser producing screenshots. |
| SecurityTrails | The largest collection of IP addresses, domain names and WHOIS data. |
| NIST |
NIST = National Institute of Standards and Technology. Computer security on organisational level. |
Keine Kommentare:
Kommentar veröffentlichen