Overview of Security Testing in Management Processes

Exploring the importance of security testing in management processes, the Payment Card Industry Data Security Standard (PCI DSS) requirements, and practical demonstrations using tools like VirtualBox and wpscan for testing and securing websites.

• Security Testing
• Management Processes
• PCI DSS
• VirtualBox
• wpscan

mkhu Follow

Uploaded on Sep 20, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. Security Testing Outside Looking In Nigel Pentland @nigelpentland

3. Testing what and why Security is part of a management process https://www.nist.gov/cyberframework Motoring / MOT analogy

4. Payment Card Industry Data Security Standard What is PCI DSS The payment standard has 12 high level requirements which fall into the six categories below: 1.) Build and Maintain a Secure Network Install and maintain a firewall configuration to protect data Do not use vendor-supplied defaults for system passwords and other security parameters 2.) Protect Cardholder Data Protect stored data (use encryption) Encrypt transmission of cardholder data and sensitive information across public net 3.) Maintain a Vulnerability Management Program Use and regularly update anti-virus software Develop and maintain secure systems and applications 4.) Implement Strong Access Control Measures Restrict access to data by business need-to-know Assign a unique ID to each person with computer access Restrict physical access to cardholder data 5.) Regularly Monitor and Test Networks Track and monitor all access to network resources and cardholder data Regularly test security systems and processes 6.) Maintain an Information Security Policy Maintain a policy that addresses Information Security

5. https://www.virtualbox.org/wiki/Downloads

6. https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/ Be sure to get .ova file! Cute command: kali-undercover

7. Demo local website DNS configuration: Kali Windows sudo nano /etc/hosts As administrator c: cd \windows\system32\drivers\etc notepad++ hosts Add following entry to hosts file 192.168.0.15 local.apache

8. Using some wpscan commands wpscan --url local.apache/wordpress/ wpscan --url local.apache/wordpress/ --enumerate u cd /usr/share/wordlists sudo gunzip rockyou.txt.gz wpscan --url local.apache/wordpress/ --passwords rockyou.txt

9. Image for demo time!

10. Any questions?

11. Some additional content follows, i.e. some other useful Kali programs

12. nikto -host local.apache -port 443 -root wordpress -ssl

13. Nmap certificate scanning nmap -sV --script ssl-cert -p 443 local.apache nmap -sV --script ssl-enum-ciphers -p 443 local.apache

14. openssl s_client local.apache:443