pentesting - owasp · pentesting what? servers, mobile devices, embedded devices, networks, rf,...
TRANSCRIPT
![Page 1: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/1.jpg)
Pentesting
Jacco van Tuijl
17 september 2015
1 Pentesting presentation
![Page 2: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/2.jpg)
Pentesting What? Servers, mobile devices, embedded devices,
networks, RF, (web) application security, physical security and the human.
Goal? Identify vulnerabilities and advice about risk
and possible solutions.
How?
Pentesting presentation 2
![Page 3: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/3.jpg)
Pentest phases
1. Preparation
2. Foot-printing
3. Finger-printing
4. Vulnerability assessment
5. Verification and exploitation
6. Post exploitation
7. Report
3 Pentesting presentation
![Page 4: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/4.jpg)
Preparation • Scope / goal / targets • Signed pentest waiver (also 3th party) • Date and time of execution • Black box / gray box / crystal box • Intrusive / non intrusive • Privileged / non privileged • Internet / LAN • With or without informing other
employees
4 Pentesting presentation
![Page 5: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/5.jpg)
Foot-printing
• Open sources
like Google, news paper, website,
www.code1000.com(dutch), social
media, etc
5 Pentesting presentation
![Page 6: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/6.jpg)
DNS
6 Pentesting presentation
![Page 7: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/7.jpg)
DNS Tools
• Whois
• Zone transfer
• Sub-domains
• DNSmap, DNSenum, DNSBrute,
DNSRecon
7 Pentesting presentation
![Page 8: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/8.jpg)
Whois
8 Pentesting presentation
![Page 9: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/9.jpg)
DNSMap
9 Pentesting presentation
Demo
![Page 10: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/10.jpg)
Robtex.com
10 Pentesting presentation
![Page 11: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/11.jpg)
Ripe
11 Pentesting presentation
![Page 12: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/12.jpg)
DNS Zone transfer
• Host -la voorbeelddomein.nl
• dig @8.8.8.8 voorbeelddomein.nl axfr
• Nslookup
12 Pentesting presentation
![Page 13: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/13.jpg)
Visual traceroute
Pentesting presentation 13
![Page 14: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/14.jpg)
Foca
Pentesting presentation 14
![Page 15: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/15.jpg)
Maltego
Pentesting presentation 15
![Page 16: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/16.jpg)
The harvester
Pentesting presentation 16
![Page 17: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/17.jpg)
Recon-ng
17 Pentesting presentation
![Page 18: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/18.jpg)
Finger-printing
• Portscan
• Crawlers
• Banner grabbing / service discovery
• Sniffing
• Enumeration (smb, ftp, snmp ….)
Pentesting presentation 18
![Page 19: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/19.jpg)
Poortscan
• Nmap
• Angry ip scanner
• Hping
Pentesting presentation 19
![Page 20: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/20.jpg)
HPing
Pentesting presentation 20
![Page 21: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/21.jpg)
NMAP (Demo)
Pentesting presentation 21
![Page 22: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/22.jpg)
Sniffing
• Wireshark / Tshark
• TCPdump
• USB, I2C, JTAG, CAN bus, RF,
ethernet, etc.
• Side channel
Pentesting presentation 22
![Page 23: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/23.jpg)
Wireshark
Pentesting presentation 23
![Page 24: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/24.jpg)
BusPirate, logic analyzer,
GoodFet, Shikra
Pentesting presentation 24
![Page 25: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/25.jpg)
RF
25
Ubertooth
RTL-SDR
HackRF One
Android device (NFCProxy)
Proxmark III
![Page 26: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/26.jpg)
Side channel • Timing attack
• Power / Acoustic / Electromagnetic
analysis
• Differential fault analysis (Poodle)
• Data remanence
• Row hammer
• File size, log size, memory consumption,
CPU utilization, etc.
Pentesting presentation 26
![Page 27: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/27.jpg)
Side channel - timing If (!userExists($USERNAME)
{UsernameOrPasswordIncorect();}
If(userBanned($USERNAME) {UsernameOrPasswordIncorect();} If(checkLogin($USERNAME,$PASSWORD)) {UsernameOrPasswordIncorect();}
Pentesting presentation 27
![Page 28: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/28.jpg)
Vulnerability assessment
• Vulnerability scanners / crawlers /
spiders
• Proxy
• Fuzzing
• Password attacks
• Cryptanalysis
• CVE , exploitDB(searchsploit), bugtraq
shodan
Pentesting presentation 28
![Page 29: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/29.jpg)
Vulnerability scanner / crawlers /
spiders • Vulnerability scanners Nessus, OpenVas, Nexpose, Core
Impact, Qualys • Web application security scanners Nikto, skipfish, arachni, acunetix,
appscan • Applicatie specifiek SAPScan, WPScan, Spscan, Joomscan • Simpel crawling script
Pentesting presentation 29
![Page 30: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/30.jpg)
Nessus
Pentesting presentation 30
![Page 31: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/31.jpg)
Proxy
• OWASP ZAP
• WebScarab
• Burp suit
• IronWasp
• DIY script
Pentesting presentation 31
![Page 32: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/32.jpg)
OWASP ZAP
Pentesting presentation 32
![Page 33: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/33.jpg)
IronWasp
Pentesting presentation 33
![Page 34: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/34.jpg)
Burp suit
demo
Sogeti PowerPoint Referentie 2014 34
![Page 35: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/35.jpg)
FuzzDB
Checkout fuzzdb
github.com/fuzzdb-project
Sogeti PowerPoint Referentie 2014 35
![Page 36: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/36.jpg)
Fuzzing
Sogeti PowerPoint Referentie 2014 36
demo
![Page 37: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/37.jpg)
Verification and exploitation
• Look at open services
• Exploits (metasploit/core
impact/searchsploit/DIY)
• Debuging/decomipling/disassembling/re
• Metasploit
• SQLMap
• Password and hash attacks
• Shell (root/administrator/system)
Pentesting presentation 37
![Page 38: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/38.jpg)
Look at open services
nc 192.124.102.88 1392
Ncat 192.124.102.88 443
telnet 192.124.102.88 1392
Pentesting presentation 38
![Page 39: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/39.jpg)
Debugging, decomipling,
disassembling and RE IDA PRO
OllyDBG
GDB
Dex2jar
SWF Decompiler
Binwalk
Pentesting presentation 39
![Page 40: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/40.jpg)
Searchsploit (demo)
Pentesting presentation 40
![Page 41: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/41.jpg)
Metasploit
Pentesting presentation 41
![Page 42: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/42.jpg)
Metasploit (demo)
Pentesting presentation 42
![Page 43: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/43.jpg)
Hashes (demo)
Pentesting presentation 43
![Page 44: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/44.jpg)
Password and hash attacks
Bruteforce / dictionary / wordlist
Hash cracking
Pass-the-hash
Pentesting presentation TALKS .NET 44
![Page 45: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/45.jpg)
Dictionary & Crunch FuzzDB Wiki.skullsecurity.org/Passwords
crunch 1 1 -t @ -u >wordlist-subdomains.txt crunch 2 2 -t @% -u >> wordlist-subdomains.txt crunch 2 2 -t @@ -u >> wordlist-subdomains.txt crunch 3 3 -t @@% -u >> wordlist-subdomains.txt crunch 3 3 -t @@@ -u >> wordlist-subdomains.txt crunch 4 4 -t @@@% -u >> wordlist-subdomains.txt crunch 4 4 -t @@@@ -u >> wordlist-subdomains.txt crunch 5 5 -t @@@@@ -u >> wordlist-subdomains.txt
Pentesting presentation TALKS .NET 45
![Page 46: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/46.jpg)
Bruteforce – THC Hydra
Pentesting presentation TALKS .NET 46
![Page 47: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/47.jpg)
Hash Cracking
• John the ripper
• CloudCracker.com
• oclHashcat
• ElcomSoft
• BarsWF
Pentesting presentation 47
![Page 48: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/48.jpg)
BarsWF
Pentesting presentation 48
![Page 49: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/49.jpg)
Pass-The-Hash
Pentesting presentation 49
Cracking hashes is not always needed:
Just pass-the-hash with:
Pass-the-hash toolkit
Mimikatz
Medusa
THC hydra Demo
FreeRDP
![Page 50: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/50.jpg)
Cryptanalysis
Known plain text
Brute force
Implementation
Replay, MIT, backdoors
Side channel
Rubber-hose
Pentesting presentation TALKS .NET 50
![Page 51: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/51.jpg)
Post exploitation
• Pivoting / tunneling
• Backdoors
• Privilege escalation
• Hardening & patching
• Erasing tracks
Pentesting presentation TALKS .NET 51
![Page 52: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/52.jpg)
Pivoting and tunneling
• Route add
• METERPRETER > run autoroute –h
• Plink, fport, nc, ncat, OpenVPN and
SSH
• iodine, httptunnel (covert channels)
Pentesting presentation TALKS .NET 52
![Page 53: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/53.jpg)
Erasing tracks
• history -c && exit
• zapper
• METERPRETER > clearrev
• clearlogs.exe
• Ccleaner.exe /AUTO /METHOD “0-3”
• Log flooding
Timestomp (MACE atributes NTFS)
Pentesting presentation 53
![Page 54: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/54.jpg)
Report
• What did you research and what was
the goal?
• What did you not research?
• What did you find?
• Finding, cause, impact and solutionS
• Risk estimation and prioritizing
Pentesting presentation 54
![Page 55: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/55.jpg)
Risk rating
• CVSS
• OWASP risk rating
Pentesting presentation 55
![Page 56: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/56.jpg)
OWASP risk rating
Pentesting presentation 56
![Page 57: Pentesting - OWASP · Pentesting What? Servers, mobile devices, embedded devices, networks, RF, (web) application security, physical security and the human. Goal? Identify vulnerabilities](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0a1d6a7e708231d42a1586/html5/thumbnails/57.jpg)
More info • Securitytube.net • ptes.org • OWASP • CEH & LPT / OSCP / OSCE • Hacker / security events:
Hardwear.io
Hack in The Box Amsterdam 2016
32c3 - Hamburg
OWASP Meetings & AppSec
Brucon
Pentesting presentation 57