Vulnerability Assessment and Penetration Testing
While Penetration Testing, as we discussed, is about finding security holes, and exploiting them in order to get access to the system and get more sensitive information about the organization networks, Vulnerability Assessment refers to finding out the security holes and reporting to the owner.
Breaking into someone else’s network is strictly illegal. However, a student may find himself with limited knowledge if he/she couldn’t practice in real, whatever they have learnt in this book.
A number of vulnerable targets exist which could be used to test this skill. The vulnerabilities are made intentionally into this application/Operating System, so that one may try using his knowledge to successfully break into it, and thus know, where the fault lies.
Some of the vulnerable targets for penetration testing are:
De-Ice: Thomas Wilhelm created Open Source De-Ice Pentest LiveCDs project in order to provide legal targets in which to practice and learn pentest skills. The live CDs contain real servers containing world level challenges.
Metasploitable: The Metasploit team came up with a virtual VMware machine, in order to set a target for the exploit framework, Metasploit. Metasploitable is an Ubuntu 8.04 server install on a VMware 6.5 image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older MySQL.
(Metasploitable: A vulnerable OS by the Offensive Security Team) (Image src : http://www.offensive-security.com/metasploit-unleashed/Metasploitable
Damn Vulnerable Web Application (DVWA): Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit. It could be used to practice the knowledge of Web Application security. Some of the vulnerabilities in DVWA are SQL Injection, Cross Site Scripting (XSS), LFI, RFI, Command Execution, Upload Script, Brute Force etc.