Manual Controlled Penetration Testing (MCPT)
A true penetration test is performed by Senior Level Experts who find vulnerabilities in a system, network or application. The Sr. Level Engineer then takes the appropriate controlled steps to attempt to manually exploit those vulnerabilities by utilizing their experience with network systems, custom scripts and tools. Having additional knowledge and expertise within IT/OT environments is essential for performing a non-disruptive penetration test.
Modern day scanners and penetration testing as a service (PTaaS) providers are unable to truly hack their way into privileged information. A vulnerability scan should not take the place of a highly focused testing engagement , human knowledge and expertise. Many so called penetration tests (low cost) are just vulnerability scans decorated as a pen-test, spitting out 1000 page reports of false positives. Furthermore, junior level techs working 247 to monitor PTaaS cannot identify what is exploitable and what is a false positives and ultimately do not have the professional skills and system knowledge to safely attempt any type of real world exploit with controlled methods.
Manual Controlled Penetration Testing is vital when attempting exploits on any system/ device. However, when looking at critical infrastructure testing it becomes even more important that the testing team has controls in place for back-out procedures, daily meetings and a fine-tuned communication strategy. Without these controls in place an operator of these systems is risking potential catastrophe.
Manual Controlled Penetration Testing is essential for critical infrastructure. ICS/SCADA networks can be easily disrupted with traditional IT active scanning techniques. The potential consequences of disrupting critical systems:
* Reduction or loss of production at one site or multiple sites simultaneously.
* Injury or death of employees.
* Injury or death of persons in the community.
* Damage to equipment.
* Environmental damage.
* Violation of regulatory requirements.
* Product contamination.
* Loss of proprietary or confidential information.
* Loss of brand image or customer confidence
Redbot Security’s Manual Controlled Penetration Testing utilizes a comprehensive assessment methodology, providing results with the utmost accuracy and ensuring representational coverage of risks facing an application or information system.
This assessment methodology is based upon understanding of the
- business use cases,
- types of data stored, processed, or transmitted by a given system or system component.
This evaluation involves a form of threat modeling by which system components are broken into their constituent elements representing
- use cases,
- technologies and boundaries.
Once these elements are decomposed, potential risks affecting their interaction is evaluated by the assessment team as illustrated by the following process flow:
Manual Controlled Penetration or MCPT is thorough and in many projects will look for issues such as:
- Review of session management, focused on verifying that proper tracking of the user is performed throughout the application.
- Authentication/authorization and communication mechanisms, aimed at examining that proper authentication is in place and that authorization controls are applied to application user’s actions.
- Information leakage, intended at determining if confidential information or information that might otherwise aid an attacker is disclosed by the application or its environment.
- Input validation, verifies that all user input is correctly validated, and sanitized if necessary, to ensure that the application behaves as expected independently of the submitted input.
- Output encoding mechanisms, must be correctly enforced by the application to ensure a consistent interpretation of the application’s output.
- Filtering layers, focused on verifying that the necessary filtering mechanisms are in place to proactively defend against common web service attacks.
- SSL encryption analysis, examining the security levels of the encryption ciphers supported by the web server, as well as the proper use of certificates (both server-side, and client-side if supported).
- Parameter passing, testing that all parameter handling is performed in a secure manner. For example, looking for authorization information mishandled by the application, which instead of being stored server-side is sent by the user.
- Application logic flow, aimed at verifying that the intended application flow is enforced by the application (i.e. that an attacker is not able to control the application flow at will, for example, bypass controls).
- Cross-site scripting, aimed at identifying cross-site scripting vulnerabilities throughout the application due to improper encoding of user supplied input.
- SQL injections, focused on determining when user input is used to construct database queries and testing the possibility of specially crafting input to control the queries, beyond the programmer’s intention.
- Path traversals, aimed at identifying when user input is used to construct file paths and attempting to specially craft user input to escape the directory structure imposed by the application.
- XML and Xpath injections, determining user input used to construct XML or Xpath queries and verifying if it is possible to inject XMLtags or modify the Xpath query.
- Certificate testing, which consists of checking that the certificates used by the application are proper (i.e. have not expired, are issued by a trusted certificate authority and are issued to the correct domain name).
- Integer underflow/overflow problems, aimed at identifying such conditions when dealing with numeric user input.
- Buffer overflow causing conditions, verifying that proper bounds checking are performed when handling data.
- Others that could be present on the application reviewed.
Redbot Security tests not only cover but go beyond the scope of OWASP
Penetration Testing Can help your team find exploitable vulnerabilities before bad actors find them.
If you are looking to find exploitable vulnerabilities on your OT/IT networks, Manual Controlled Penetration Testing (MCPT) is an easy to execute cost effective solution.
With Redbot Security you get reports written by experts that highlight key data and exactly how targets were compromised as well as recommendations on best practices along with complete review of remediation recommendations.
Redbot Security’s MCPT is a complete service provided by our team of IT/OT network/system experts to ensure that vulnerabilities are minimized and that your defenses are running in top shape by offering the following:
- Penetration Testing (black-box, gray-box, white-box)
- Real-World Attacker Tactics and Techniques- Controlled Manual Penetration Testing without Interruption
- Actionable and easy-to-follow results – Risk Rating, Exploit Storyboard and Remediation Recommendations
- Retesting is included in our service model.
Learn more here