Tactics used for penetration tests
1. Web Application Audit
SQL Injection Test: Detailed tests of SQL vulnerabilities are performed. (For example: Blind Sql injection, Error Based Sql injection, Timebased sql injection). databases where tests are done MySQL, MsSQL, Oracle, Postgresql etc.
SQL Injection Test: Detailed tests of SQL vulnerabilities are performed. (For example: Blind Sql injection, Error Based Sql injection, Timebased sql injection). databases where tests are done MySQL, MsSQL, Oracle, Postgresql etc.
File Inclusion Test: Local and remote file inclusion test on the web application.
CSRF Test: Tests of post data that can create deficits in specific web applications. (For example: It is the control of the weakness by sending auto post data to the web pages, doing specific works such as admin user identification etc. by sending e-mail to the authorized personnel.)
Cookie Check and Hijacking (XSS): If there is a cookie used on the web application and the session data is manipulated with certain methods and attempts such as intrusion etc. are performed. It is tested and reported according to OWASP standards.
2. PCI Security Audit
It is the test of checking the deficiencies and adequacy of the security standards that companies that provide payment cards must carry and check the deficiencies, if any. Reported according to PCI-DSS standards.
3. Database Security Audit
Local Intranet Database Test: These are known or unknown security vulnerability tests on the database engine that are used within the organization. (For example: tests such as TNS poison etc. in Oracle databases.)
Local Intranet Database Test: These are known or unknown security vulnerability tests on the database engine that are used within the organization. (For example: tests such as TNS poison etc. in Oracle databases.)
4. Wireless Security Audit
WEP / WPA Cracking Test: It tests whether the passwords of Wireless networks or Access points in use in the institution can be broken.
Jaseger Beacon Test: Creates fake wireless networks with the Beacon flood method and checks whether the internal clients are connected to these networks.
Passive Hijacking Test: It tries to collect information and data on broken wireless networks without being included in the network.
Packet injection Test: It is the users of the wireless network collecting information by injecting customized packets into their data.
5. Social Engineering Test
Phone Test: The phone is a test whether or not information can be obtained from the personnel within the institution by imitating Callerid.
Email Test and Etc: It is a test whether it can be informed from the employees of the institution by email or other method.
6. Web Server Audit
It is a test of vulnerabilities on web servers used in the institution. (For example: Webservers like Apache, Nginx, IIS are the current known or unknown exploit tests.)
7. Network Security Audit
MITM Test: It is the control of whether line listening can be done on the local network with Arp Poison etc. methods.
DNS Spoofing Tests: Controls whether or not local network users can be directed to unreal sites by manipulating DNS packets.
SSL Trip Tests: It is the control whether the traffic to SSL sites can be listened to by changing the ssl certificate or port forwarding by MITM method while logging on the local network users.
Vlan Hopping Test: If there is a vlan structure in the local network, this is the control of whether the vlan structure can be circumvented by vlan hopping methods.
Network Devices Pen Test: These are the penetration tests of other devices such as printers etc. running on the local network.
WPAD Test: It is the control of whether the line can be listened with WPAD security weakness methods on the local network.
SMB Relay Test: Network sharing vulnerability tests in Microsoft systems. Firmware Exploiting Test: These are the checks whether the current firmwares of the network devices located in the local network are exploitable.
Default Password Check: These are the tests whether the passwords of the network devices located in the local network can be cracked.
It also covers vulnerability tests on the operating system and running applications on all computers included in the network.
8. Bluetooth Device Audit
These are open tests on bluetooth devices that users are using.
9. USB / Other Media Exploiting Check
It is the control of attacks on users' computers by using social engineering methods, such as media such as USB or CD.
10. DDOS
SYN Flood Test: Syn Spoofed Flood Load tests for Web Systems.
11. TDOS (Phone2Dos)
Load tests for phone systems.
It can be performed in different tests over many blackbox scenarios that vary according to the institution's need and strategic importance.
Translator: Secret Person
Subject source: https://www.turkhackteam.org/web-server-guvenligi/1069929-penetrasyon-testleri.html
Phone Test: The phone is a test whether or not information can be obtained from the personnel within the institution by imitating Callerid.
Email Test and Etc: It is a test whether it can be informed from the employees of the institution by email or other method.
6. Web Server Audit
It is a test of vulnerabilities on web servers used in the institution. (For example: Webservers like Apache, Nginx, IIS are the current known or unknown exploit tests.)
7. Network Security Audit
MITM Test: It is the control of whether line listening can be done on the local network with Arp Poison etc. methods.
DNS Spoofing Tests: Controls whether or not local network users can be directed to unreal sites by manipulating DNS packets.
SSL Trip Tests: It is the control whether the traffic to SSL sites can be listened to by changing the ssl certificate or port forwarding by MITM method while logging on the local network users.
Vlan Hopping Test: If there is a vlan structure in the local network, this is the control of whether the vlan structure can be circumvented by vlan hopping methods.
Network Devices Pen Test: These are the penetration tests of other devices such as printers etc. running on the local network.
WPAD Test: It is the control of whether the line can be listened with WPAD security weakness methods on the local network.
SMB Relay Test: Network sharing vulnerability tests in Microsoft systems. Firmware Exploiting Test: These are the checks whether the current firmwares of the network devices located in the local network are exploitable.
Default Password Check: These are the tests whether the passwords of the network devices located in the local network can be cracked.
It also covers vulnerability tests on the operating system and running applications on all computers included in the network.
8. Bluetooth Device Audit
These are open tests on bluetooth devices that users are using.
9. USB / Other Media Exploiting Check
It is the control of attacks on users' computers by using social engineering methods, such as media such as USB or CD.
10. DDOS
SYN Flood Test: Syn Spoofed Flood Load tests for Web Systems.
11. TDOS (Phone2Dos)
Load tests for phone systems.
It can be performed in different tests over many blackbox scenarios that vary according to the institution's need and strategic importance.
Translator: Secret Person
Subject source: https://www.turkhackteam.org/web-server-guvenligi/1069929-penetrasyon-testleri.html
