SlideShare a Scribd company logo

Experience Sharing on School Pentest Project

E
eLearning Consortium 電子學習聯盟

By Mr. Eric Fan & Mr. Chris Chan UDomain

Education
1 of 46
Download to read offline
Experience Sharing on School Pentest Project Eric Fan & Chris Chan UDomain
Agenda • Our objective & how we did • Our findings & suggestions • Demonstration • About UDomain • Q & A
Our Objective As an independent consultant in providing a series of vulnerabilities scanning, penetration tests and reviews for ten K12 school’s website security. Identifying potential areas for further improvement to protect school’s sensitive data and good will.
What we do? Automated Scan Manuel Review Debriefing Meeting Verify the can result, eliminate false- positives and then execute manual business logic test. Application walkthrough and threat analysis will also be conducted during this stage. Report and analysis for the automated scan and manual scanning result with recommendations. Step 3Step 2Step 1 Configure and execute automated scan, followed by test plan development. Risk assessment will take place during the test plan development.
Seven phrases to perform testing Penetration Test Methodologies Information Gathering Threat Modeling Vulnerability Analysis Exploitation Post Exploitation Reporting Rescan Support Reference: OWASP TOP 10 The Penetration Testing Execution Standard Common Vulnerability Scoring System (CVSS)
Main Testing Tools *More testing tools may be used depending on the scope of work OWASP-ZAP Nikto Dirsearch
Tester Qualification Certified Ethical Hacker Offensive Security Certified Expert GIAC Web Application Penetration Tester Certified Information Systems Security Professional Offensive Security Certified Professional
Our Findings 20,000+PERSONAL DATA RECORD Including public, intranet, internal applications of ten schools 29WEBSITES By using more than one scanning tools and manual penetration test 99HOURS OF SCANNING 170+CRITICAL VULNERABILITIES Including email, name, HKID etc
Critical 8% High 16% Medium 35% Low 41% 1,700+ Vulnerabilities Vulnerability
Overall Findings 0 100 200 300 400 500 600 700 A B C D E F G H J K No.ofVulnerability School Low Medium High Critical
Critical Vulnerabilities 16 Password in plaintext 65 XSS 105 SQL Injection 13 sslv2 &v3
Top Security Impact Vulnerabilities We found plain text database login credential in the back up file that may lead to unauthorize login. Back Up File Impact Allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. SQL Injection These outdated software or operation systems cannot no longer update to the latest patch that is vulnerable to exploit Unsupported Software / OS Version Allows anyone who can read the file access to the password- protected resource. Password In Plaintext
SQL Injection 9* Vendor Solutions 12 School’s Own Applications 7 Unsupported Operation Systems * Same SQL Injection vulnerability appears in all 8 school from one vendor solution. * 5 Schools using on premises/3 Schools on Cloud
SSL Cert Website with SSL Cert 21% Website without SSL Cert 79%
Our Suggestions Reliable Vendor Solutions Software and application vendors should offer OS or patch update for use to fix their software and application vulnerabilities. Regular Scanning Yearly or half-year vulnerability scanning and penetration test is recommended Regular Patch Operation Systems Regular review and update the hardware and application operation systems to the latest patch, in order to avoid vulnerable malware and exploits. More info: Information Security in Schools - Recommended Practice (Jan 2019) https://www.edb.gov.hk/en/edu-system/primary-secondary/applicable-to-primary-secondary/it-in-edu/Information-Security/information-security-in-school.html
Demonstrations
Live Demo – Sql Injection
Type of Sql Injection • UNION(ex:join other result in current result) • Time-Based(ex:wait 5 second if the result is correct) • Error-Based(ex:display error page When the result is not correct) • Boolean-Based(ex:print 1 if the result is correct)
What is CloudFlare • A commercial content delivery network with integrated distributed denial of service (DDoS) defence • Web Application Firewall with signature Based rules – “Union ALL select …” – “DATABASE()”
Is it Enough? And 3732=IF(ORD(MID(IFNULL(CAST(DATABASE () AS CHAR),0x20)),1,1))<60 Show result If the 1st character of current database name ascii code smaller than 11 If false And 3732=IF(ORD(MID(IFNULL(CAST(DATABASE () AS CHAR),0x20)),1,1))>60 Show result If the 1st character of current database name ascii code greater than 60 3732=IF(ORD(MID(IFNULL(CAST(DATABASE () AS CHAR),0x20)),1,1))>90 Show result If the 1st character of current database name ascii code greater than 90
Example • Database name:udcms • The 1st character of udcms is u,ord() result, 75 • If 75<60?no • If 75>60?yes • if 75<90?yes • if 75<75?No • if 75>75?No • If 75=75?yes
Live Demo
About UDomain
UDomain Group UDomain Founded in 1998 UDomain.hk Web Host Founded in 1998 Webhost.hk New Sky Founded in 1997 Newsky.net
Our Services Cybersecurity Internet Service Hosting Domain DDoS protection Penetration test Firewall SSL-Certificate CDN VPN Live-streaming Email marketing Web, email and app Cloud server Dedicated server Colocation Hosting 40,000 webs .hk registrar Domain advisor Brand alert 1000+ domain types DNS Panel
Our Qualification Registrar of .hk Domain One of the first HKIRC-recognized Registrars HK Government Public Cloud Services Provider First HK web hosting company recognized by the Office of the Government Chief Information Officer (OGCIO) OFCA Services-based Operator Licensee Permitted to provide Authorized International Value- Added Network Services (IVANS)
Awards
Events Corporate Cyber Security Conference HK Cyber Security Drill
Summary People ProcessTechnology • Multiple machine scanning tools • Over 20 years Domain and Web Knowledge • Project Experience in Different Sectors • Training and Certification • OWASP TOP 10 • The Penetration Testing Execution Standard • AgilePM
Your Managed Security Service Partner Penetration Test Firewall & DDoS Protection 7x24 Technical Support Dedicated Security Specialists High Availability Ring Network
Thank you!
Appendix
Proposed Assessment Plan
Proposed Project Plan Week 1 Automated Scan • We will configure and execute automated scan, followed by test plan development. Risk assessment will take place during the test plan development. Week 2-3 Manual Review • We will verify the can result, eliminate false-positives and then execute manual business logic test. Application walkthrough and threat analysis will also be conducted during this stage. • Search for potential sensitive information related to you through various search engines
Machine Scanning Manual Penetration Test Review and Recommendat ion Hybrid Testing (Machine & Manual)
Security Assessment Lifecycle Automated Scan
Automated Scan • Tools scanning for potential security issue • Combine multiple tools to gather more information • Include fuzzing in scanning
Security Assessment Lifecycle Automated Scan Manual Review
Manual Review (Penetration Test) • Enrich the information in machine scanning • Verify the findings in machine scanning • Look through each page to find security issue • Look for logical flaws
Security Assessment Lifecycle Automated Scan Manual Review Report and Recommendations
Report & Recommendations Executive Summary Testing Methodologies Proof of Concept Impact and Severity Findings Details Recommendations Debriefing meeting
Sample Report
Retest Compiling a Retest checklist Scanning for previously found vulnerabilities after fixing Producing final retest report
Case References
Case Reference I • An NGO partnering with the Hong Kong Government, provides quality social welfare service through their 3,000 operating units in Hong Kong. • Engagement in Penetration Test:  a Website before launch in Hong Kong  Re-tested several times
Case Reference II • A 20-year-old Secondary School in Hong Kong • Engagement in Penetration Test:  an Internal CMS system with email function  a public-facing website

Recommended

Penetration testing services
Penetration testing servicesPenetration testing services
Penetration testing servicesAlisha Henderson
 
Best Practises In Test Automation
Best Practises In Test AutomationBest Practises In Test Automation
Best Practises In Test Automation99tests
 
Avc fd mar2012_intl_en
Avc fd mar2012_intl_enAvc fd mar2012_intl_en
Avc fd mar2012_intl_enКомсс Файквэе
 
The Impact of Mislabelling on the Performance and Interpretation of Defect Pr...
The Impact of Mislabelling on the Performance and Interpretation of Defect Pr...The Impact of Mislabelling on the Performance and Interpretation of Defect Pr...
The Impact of Mislabelling on the Performance and Interpretation of Defect Pr...Chakkrit (Kla) Tantithamthavorn
 
Avc fd mar2012_intl_en
Avc fd mar2012_intl_enAvc fd mar2012_intl_en
Avc fd mar2012_intl_enAnatoliy Tkachev
 
Best Practices In Exploratory Testing
Best Practices In Exploratory TestingBest Practices In Exploratory Testing
Best Practices In Exploratory Testing99tests
 
What Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityWhat Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityAnne Oikarinen
 
Make the Most of Your Time: How Should the Analyst Work with Automated Tracea...
Make the Most of Your Time: How Should the Analyst Work with Automated Tracea...Make the Most of Your Time: How Should the Analyst Work with Automated Tracea...
Make the Most of Your Time: How Should the Analyst Work with Automated Tracea...Tim Menzies
 

Recommended

Penetration testing services
Penetration testing servicesPenetration testing services
Penetration testing servicesAlisha Henderson
 
Best Practises In Test Automation
Best Practises In Test AutomationBest Practises In Test Automation
Best Practises In Test Automation99tests
 
Avc fd mar2012_intl_en
Avc fd mar2012_intl_enAvc fd mar2012_intl_en
Avc fd mar2012_intl_enКомсс Файквэе
 
The Impact of Mislabelling on the Performance and Interpretation of Defect Pr...
The Impact of Mislabelling on the Performance and Interpretation of Defect Pr...The Impact of Mislabelling on the Performance and Interpretation of Defect Pr...
The Impact of Mislabelling on the Performance and Interpretation of Defect Pr...Chakkrit (Kla) Tantithamthavorn
 
Avc fd mar2012_intl_en
Avc fd mar2012_intl_enAvc fd mar2012_intl_en
Avc fd mar2012_intl_enAnatoliy Tkachev
 
Best Practices In Exploratory Testing
Best Practices In Exploratory TestingBest Practices In Exploratory Testing
Best Practices In Exploratory Testing99tests
 
What Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityWhat Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityAnne Oikarinen
 
Make the Most of Your Time: How Should the Analyst Work with Automated Tracea...
Make the Most of Your Time: How Should the Analyst Work with Automated Tracea...Make the Most of Your Time: How Should the Analyst Work with Automated Tracea...
Make the Most of Your Time: How Should the Analyst Work with Automated Tracea...Tim Menzies
 
Itis pentest slides hyd
Itis pentest slides hydItis pentest slides hyd
Itis pentest slides hydRama krishna
 
50120140501001
5012014050100150120140501001
50120140501001IAEME Publication
 
How Crowd Testing Works
How Crowd Testing WorksHow Crowd Testing Works
How Crowd Testing Works99tests
 
Testing 2 - Thinking Like A Tester
Testing 2 - Thinking Like A TesterTesting 2 - Thinking Like A Tester
Testing 2 - Thinking Like A TesterArleneAndrews2
 
Odin2018_Minh_ML_Risk_Prediction
Odin2018_Minh_ML_Risk_PredictionOdin2018_Minh_ML_Risk_Prediction
Odin2018_Minh_ML_Risk_PredictionMinh Nguyen
 
Best Effort Security Testing for Mobile Applications - 2015 #ISC2CONGRESS
Best Effort Security Testing for Mobile Applications - 2015 #ISC2CONGRESSBest Effort Security Testing for Mobile Applications - 2015 #ISC2CONGRESS
Best Effort Security Testing for Mobile Applications - 2015 #ISC2CONGRESSLostar
 
Avc beh 201207_en
Avc beh 201207_enAvc beh 201207_en
Avc beh 201207_enAnatoliy Tkachev
 
Fundamentals of testing
Fundamentals of testingFundamentals of testing
Fundamentals of testingTaufik hidayat
 
Fundamentals of testing 2
Fundamentals of testing 2Fundamentals of testing 2
Fundamentals of testing 2seli purnianda
 
Accuracy and time_costs_of_web_app_scanners
Accuracy and time_costs_of_web_app_scannersAccuracy and time_costs_of_web_app_scanners
Accuracy and time_costs_of_web_app_scannersLarry Suto
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingAmine SAIGHI
 
Web Browser Security - 2016 Comparative Test Results
Web Browser Security - 2016 Comparative Test ResultsWeb Browser Security - 2016 Comparative Test Results
Web Browser Security - 2016 Comparative Test ResultsNSS Labs
 
Fundamental of testing (what is testing)
Fundamental of testing (what is testing)Fundamental of testing (what is testing)
Fundamental of testing (what is testing)helfa safitri
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comchrysanthemu49
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comVSNaipaul15
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comagathachristie113
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comagathachristie266
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comKeatonJennings104
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comkopiko147
 
High volume test automation in practice
High volume test automation in practiceHigh volume test automation in practice
High volume test automation in practiceandytinkham
 
Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)eLearning Consortium 電子學習聯盟
 
03 學校網絡安全與防衛
03 學校網絡安全與防衛03 學校網絡安全與防衛
03 學校網絡安全與防衛eLearning Consortium 電子學習聯盟
 

More Related Content

What's hot

Itis pentest slides hyd
Itis pentest slides hydItis pentest slides hyd
Itis pentest slides hydRama krishna
 
How Crowd Testing Works
How Crowd Testing WorksHow Crowd Testing Works
How Crowd Testing Works99tests
 
Testing 2 - Thinking Like A Tester
Testing 2 - Thinking Like A TesterTesting 2 - Thinking Like A Tester
Testing 2 - Thinking Like A TesterArleneAndrews2
 
Odin2018_Minh_ML_Risk_Prediction
Odin2018_Minh_ML_Risk_PredictionOdin2018_Minh_ML_Risk_Prediction
Odin2018_Minh_ML_Risk_PredictionMinh Nguyen
 
Best Effort Security Testing for Mobile Applications - 2015 #ISC2CONGRESS
Best Effort Security Testing for Mobile Applications - 2015 #ISC2CONGRESSBest Effort Security Testing for Mobile Applications - 2015 #ISC2CONGRESS
Best Effort Security Testing for Mobile Applications - 2015 #ISC2CONGRESSLostar
 
Fundamentals of testing
Fundamentals of testingFundamentals of testing
Fundamentals of testingTaufik hidayat
 
Fundamentals of testing 2
Fundamentals of testing 2Fundamentals of testing 2
Fundamentals of testing 2seli purnianda
 
Accuracy and time_costs_of_web_app_scanners
Accuracy and time_costs_of_web_app_scannersAccuracy and time_costs_of_web_app_scanners
Accuracy and time_costs_of_web_app_scannersLarry Suto
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingAmine SAIGHI
 
Web Browser Security - 2016 Comparative Test Results
Web Browser Security - 2016 Comparative Test ResultsWeb Browser Security - 2016 Comparative Test Results
Web Browser Security - 2016 Comparative Test ResultsNSS Labs
 
Fundamental of testing (what is testing)
Fundamental of testing (what is testing)Fundamental of testing (what is testing)
Fundamental of testing (what is testing)helfa safitri
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comchrysanthemu49
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comVSNaipaul15
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comagathachristie113
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comagathachristie266
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comKeatonJennings104
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comkopiko147
 
High volume test automation in practice
High volume test automation in practiceHigh volume test automation in practice
High volume test automation in practiceandytinkham
 

What's hot (20)

Itis pentest slides hyd
Itis pentest slides hydItis pentest slides hyd
Itis pentest slides hyd
 
50120140501001
5012014050100150120140501001
50120140501001
 
How Crowd Testing Works
How Crowd Testing WorksHow Crowd Testing Works
How Crowd Testing Works
 
Testing 2 - Thinking Like A Tester
Testing 2 - Thinking Like A TesterTesting 2 - Thinking Like A Tester
Testing 2 - Thinking Like A Tester
 
Odin2018_Minh_ML_Risk_Prediction
Odin2018_Minh_ML_Risk_PredictionOdin2018_Minh_ML_Risk_Prediction
Odin2018_Minh_ML_Risk_Prediction
 
Best Effort Security Testing for Mobile Applications - 2015 #ISC2CONGRESS
Best Effort Security Testing for Mobile Applications - 2015 #ISC2CONGRESSBest Effort Security Testing for Mobile Applications - 2015 #ISC2CONGRESS
Best Effort Security Testing for Mobile Applications - 2015 #ISC2CONGRESS
 
Avc beh 201207_en
Avc beh 201207_enAvc beh 201207_en
Avc beh 201207_en
 
Fundamentals of testing
Fundamentals of testingFundamentals of testing
Fundamentals of testing
 
Fundamentals of testing 2
Fundamentals of testing 2Fundamentals of testing 2
Fundamentals of testing 2
 
Accuracy and time_costs_of_web_app_scanners
Accuracy and time_costs_of_web_app_scannersAccuracy and time_costs_of_web_app_scanners
Accuracy and time_costs_of_web_app_scanners
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Web Browser Security - 2016 Comparative Test Results
Web Browser Security - 2016 Comparative Test ResultsWeb Browser Security - 2016 Comparative Test Results
Web Browser Security - 2016 Comparative Test Results
 
Fundamental of testing (what is testing)
Fundamental of testing (what is testing)Fundamental of testing (what is testing)
Fundamental of testing (what is testing)
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.com
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.com
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.com
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.com
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.com
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.com
 
High volume test automation in practice
High volume test automation in practiceHigh volume test automation in practice
High volume test automation in practice
 

Similar to Experience Sharing on School Pentest Project

V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And Solutionsguest609a5ed
 
V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And SolutionsHannan Ahmed
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Mykhailo Antonishyn
 
Role+Of+Testing+In+Sdlc
Role+Of+Testing+In+SdlcRole+Of+Testing+In+Sdlc
Role+Of+Testing+In+Sdlcmahendra singh
 
The Automation Firehose: Be Strategic and Tactical by Thomas Haver
The Automation Firehose: Be Strategic and Tactical by Thomas HaverThe Automation Firehose: Be Strategic and Tactical by Thomas Haver
The Automation Firehose: Be Strategic and Tactical by Thomas HaverQA or the Highway
 
How to Actually DO High-volume Automated Testing
How to Actually DO High-volume Automated TestingHow to Actually DO High-volume Automated Testing
How to Actually DO High-volume Automated TestingTechWell
 
DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)Qualitest
 
What Good is this Tool? A Guide to Choosing the Right Application Security Te...
What Good is this Tool? A Guide to Choosing the Right Application Security Te...What Good is this Tool? A Guide to Choosing the Right Application Security Te...
What Good is this Tool? A Guide to Choosing the Right Application Security Te...Kevin Fealey
 
What does it take to be a performance tester?
What does it take to be a performance tester?What does it take to be a performance tester?
What does it take to be a performance tester?SQALab
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chanceDr. Anish Cheriyan (PhD)
 
AFITC 2018 - Using Process Maturity and Agile to Strengthen Cyber Security
AFITC 2018 - Using Process Maturity and Agile to Strengthen Cyber SecurityAFITC 2018 - Using Process Maturity and Agile to Strengthen Cyber Security
AFITC 2018 - Using Process Maturity and Agile to Strengthen Cyber SecurityDjindo Lee
 
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Denim Group
 
Open Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best PracticesOpen Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best PracticesBlack Duck by Synopsys
 
Best Practices In Load And Stress Testing Cmg Seminar[1]
Best Practices In Load And Stress Testing Cmg Seminar[1]Best Practices In Load And Stress Testing Cmg Seminar[1]
Best Practices In Load And Stress Testing Cmg Seminar[1]Munirathnam Naidu
 
Perforce on Tour 2015 - Grab Testing By the Horns and Move
Perforce on Tour 2015 - Grab Testing By the Horns and MovePerforce on Tour 2015 - Grab Testing By the Horns and Move
Perforce on Tour 2015 - Grab Testing By the Horns and MovePerforce
 
Security Testing.pptx
Security Testing.pptxSecurity Testing.pptx
Security Testing.pptxosandadeshan
 
Next generation software testing trends
Next generation software testing trendsNext generation software testing trends
Next generation software testing trendsArun Kulkarni
 

Similar to Experience Sharing on School Pentest Project (20)

Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)
 
03 學校網絡安全與防衛
03 學校網絡安全與防衛03 學校網絡安全與防衛
03 學校網絡安全與防衛
 
V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And Solutions
 
V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And Solutions
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.
 
Role+Of+Testing+In+Sdlc
Role+Of+Testing+In+SdlcRole+Of+Testing+In+Sdlc
Role+Of+Testing+In+Sdlc
 
Quality Assurance and Testing services
Quality Assurance and Testing servicesQuality Assurance and Testing services
Quality Assurance and Testing services
 
The Automation Firehose: Be Strategic and Tactical by Thomas Haver
The Automation Firehose: Be Strategic and Tactical by Thomas HaverThe Automation Firehose: Be Strategic and Tactical by Thomas Haver
The Automation Firehose: Be Strategic and Tactical by Thomas Haver
 
How to Actually DO High-volume Automated Testing
How to Actually DO High-volume Automated TestingHow to Actually DO High-volume Automated Testing
How to Actually DO High-volume Automated Testing
 
DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)
 
What Good is this Tool? A Guide to Choosing the Right Application Security Te...
What Good is this Tool? A Guide to Choosing the Right Application Security Te...What Good is this Tool? A Guide to Choosing the Right Application Security Te...
What Good is this Tool? A Guide to Choosing the Right Application Security Te...
 
What does it take to be a performance tester?
What does it take to be a performance tester?What does it take to be a performance tester?
What does it take to be a performance tester?
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
 
AFITC 2018 - Using Process Maturity and Agile to Strengthen Cyber Security
AFITC 2018 - Using Process Maturity and Agile to Strengthen Cyber SecurityAFITC 2018 - Using Process Maturity and Agile to Strengthen Cyber Security
AFITC 2018 - Using Process Maturity and Agile to Strengthen Cyber Security
 
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
 
Open Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best PracticesOpen Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best Practices
 
Best Practices In Load And Stress Testing Cmg Seminar[1]
Best Practices In Load And Stress Testing Cmg Seminar[1]Best Practices In Load And Stress Testing Cmg Seminar[1]
Best Practices In Load And Stress Testing Cmg Seminar[1]
 
Perforce on Tour 2015 - Grab Testing By the Horns and Move
Perforce on Tour 2015 - Grab Testing By the Horns and MovePerforce on Tour 2015 - Grab Testing By the Horns and Move
Perforce on Tour 2015 - Grab Testing By the Horns and Move
 
Security Testing.pptx
Security Testing.pptxSecurity Testing.pptx
Security Testing.pptx
 
Next generation software testing trends
Next generation software testing trendsNext generation software testing trends
Next generation software testing trends
 

More from eLearning Consortium 電子學習聯盟

AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位eLearning Consortium 電子學習聯盟
 
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?eLearning Consortium 電子學習聯盟
 
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and PrinterseLearning Consortium 電子學習聯盟
 

More from eLearning Consortium 電子學習聯盟 (20)

AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
 
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
 
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
 
1. How Data Analytics Transforming Digital Marketing - Saron Leung
1. How Data Analytics Transforming Digital Marketing - Saron Leung1. How Data Analytics Transforming Digital Marketing - Saron Leung
1. How Data Analytics Transforming Digital Marketing - Saron Leung
 
HKTVMall: Leading Technology Evolution for eCommerce Industry
HKTVMall: Leading Technology Evolution for eCommerce IndustryHKTVMall: Leading Technology Evolution for eCommerce Industry
HKTVMall: Leading Technology Evolution for eCommerce Industry
 
How Blockchain affecting us - Dr Sin.pdf
How Blockchain affecting us - Dr Sin.pdfHow Blockchain affecting us - Dr Sin.pdf
How Blockchain affecting us - Dr Sin.pdf
 
5-Hot-Chain Bento.pdf
5-Hot-Chain Bento.pdf5-Hot-Chain Bento.pdf
5-Hot-Chain Bento.pdf
 
4-Herbal ID.pdf
4-Herbal ID.pdf4-Herbal ID.pdf
4-Herbal ID.pdf
 
3-VisualSonic.pdf
3-VisualSonic.pdf3-VisualSonic.pdf
3-VisualSonic.pdf
 
2-kNOw Touch.pdf
2-kNOw Touch.pdf2-kNOw Touch.pdf
2-kNOw Touch.pdf
 
1-C-POLAR Air Filter.pdf
1-C-POLAR Air Filter.pdf1-C-POLAR Air Filter.pdf
1-C-POLAR Air Filter.pdf
 
3 - Interaction between Cyber Security and School IT Policy .pdf
3 - Interaction between Cyber Security and School IT Policy .pdf3 - Interaction between Cyber Security and School IT Policy .pdf
3 - Interaction between Cyber Security and School IT Policy .pdf
 
2 - ELC學校網絡安全與防護.pdf
2 - ELC學校網絡安全與防護.pdf2 - ELC學校網絡安全與防護.pdf
2 - ELC學校網絡安全與防護.pdf
 
1 - HKT Reporting.pdf
1 - HKT Reporting.pdf1 - HKT Reporting.pdf
1 - HKT Reporting.pdf
 
02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
 
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
 
07 2020 網絡安全趨勢和安全小貼士
07 2020 網絡安全趨勢和安全小貼士07 2020 網絡安全趨勢和安全小貼士
07 2020 網絡安全趨勢和安全小貼士
 
06 網絡安全挑戰與防衛
06 網絡安全挑戰與防衛06 網絡安全挑戰與防衛
06 網絡安全挑戰與防衛
 
04 提升網絡安全 - 為電子學習打造先決條件
04 提升網絡安全 - 為電子學習打造先決條件04 提升網絡安全 - 為電子學習打造先決條件
04 提升網絡安全 - 為電子學習打造先決條件
 
Security Incident Handling for Schools
Security Incident Handling for Schools Security Incident Handling for Schools
Security Incident Handling for Schools
 

Recently uploaded

Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...JojoEDelaCruz
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmOppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmStan Meyer
 
Dust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSEDust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSEaurabinda banchhor
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
TEACHER REFLECTION FORM (NEW SET........).docx
TEACHER REFLECTION FORM (NEW SET........).docxTEACHER REFLECTION FORM (NEW SET........).docx
TEACHER REFLECTION FORM (NEW SET........).docxruthvilladarez
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Seán Kennedy
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 

Recently uploaded (20)

Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmOppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and Film
 
Dust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSEDust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSE
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
TEACHER REFLECTION FORM (NEW SET........).docx
TEACHER REFLECTION FORM (NEW SET........).docxTEACHER REFLECTION FORM (NEW SET........).docx
TEACHER REFLECTION FORM (NEW SET........).docx
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdf
 

Experience Sharing on School Pentest Project

  • 1. Experience Sharing on School Pentest Project Eric Fan & Chris Chan UDomain
  • 2. Agenda • Our objective & how we did • Our findings & suggestions • Demonstration • About UDomain • Q & A
  • 3. Our Objective As an independent consultant in providing a series of vulnerabilities scanning, penetration tests and reviews for ten K12 school’s website security. Identifying potential areas for further improvement to protect school’s sensitive data and good will.
  • 4. What we do? Automated Scan Manuel Review Debriefing Meeting Verify the can result, eliminate false- positives and then execute manual business logic test. Application walkthrough and threat analysis will also be conducted during this stage. Report and analysis for the automated scan and manual scanning result with recommendations. Step 3Step 2Step 1 Configure and execute automated scan, followed by test plan development. Risk assessment will take place during the test plan development.
  • 5. Seven phrases to perform testing Penetration Test Methodologies Information Gathering Threat Modeling Vulnerability Analysis Exploitation Post Exploitation Reporting Rescan Support Reference: OWASP TOP 10 The Penetration Testing Execution Standard Common Vulnerability Scoring System (CVSS)
  • 6. Main Testing Tools *More testing tools may be used depending on the scope of work OWASP-ZAP Nikto Dirsearch
  • 7. Tester Qualification Certified Ethical Hacker Offensive Security Certified Expert GIAC Web Application Penetration Tester Certified Information Systems Security Professional Offensive Security Certified Professional
  • 8. Our Findings 20,000+PERSONAL DATA RECORD Including public, intranet, internal applications of ten schools 29WEBSITES By using more than one scanning tools and manual penetration test 99HOURS OF SCANNING 170+CRITICAL VULNERABILITIES Including email, name, HKID etc
  • 10. Overall Findings 0 100 200 300 400 500 600 700 A B C D E F G H J K No.ofVulnerability School Low Medium High Critical
  • 12. Top Security Impact Vulnerabilities We found plain text database login credential in the back up file that may lead to unauthorize login. Back Up File Impact Allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. SQL Injection These outdated software or operation systems cannot no longer update to the latest patch that is vulnerable to exploit Unsupported Software / OS Version Allows anyone who can read the file access to the password- protected resource. Password In Plaintext
  • 13. SQL Injection 9* Vendor Solutions 12 School’s Own Applications 7 Unsupported Operation Systems * Same SQL Injection vulnerability appears in all 8 school from one vendor solution. * 5 Schools using on premises/3 Schools on Cloud
  • 14. SSL Cert Website with SSL Cert 21% Website without SSL Cert 79%
  • 15. Our Suggestions Reliable Vendor Solutions Software and application vendors should offer OS or patch update for use to fix their software and application vulnerabilities. Regular Scanning Yearly or half-year vulnerability scanning and penetration test is recommended Regular Patch Operation Systems Regular review and update the hardware and application operation systems to the latest patch, in order to avoid vulnerable malware and exploits. More info: Information Security in Schools - Recommended Practice (Jan 2019) https://www.edb.gov.hk/en/edu-system/primary-secondary/applicable-to-primary-secondary/it-in-edu/Information-Security/information-security-in-school.html
  • 17. Live Demo – Sql Injection
  • 18. Type of Sql Injection • UNION(ex:join other result in current result) • Time-Based(ex:wait 5 second if the result is correct) • Error-Based(ex:display error page When the result is not correct) • Boolean-Based(ex:print 1 if the result is correct)
  • 19. What is CloudFlare • A commercial content delivery network with integrated distributed denial of service (DDoS) defence • Web Application Firewall with signature Based rules – “Union ALL select …” – “DATABASE()”
  • 20. Is it Enough? And 3732=IF(ORD(MID(IFNULL(CAST(DATABASE () AS CHAR),0x20)),1,1))<60 Show result If the 1st character of current database name ascii code smaller than 11 If false And 3732=IF(ORD(MID(IFNULL(CAST(DATABASE () AS CHAR),0x20)),1,1))>60 Show result If the 1st character of current database name ascii code greater than 60 3732=IF(ORD(MID(IFNULL(CAST(DATABASE () AS CHAR),0x20)),1,1))>90 Show result If the 1st character of current database name ascii code greater than 90
  • 21. Example • Database name:udcms • The 1st character of udcms is u,ord() result, 75 • If 75<60?no • If 75>60?yes • if 75<90?yes • if 75<75?No • if 75>75?No • If 75=75?yes
  • 24. UDomain Group UDomain Founded in 1998 UDomain.hk Web Host Founded in 1998 Webhost.hk New Sky Founded in 1997 Newsky.net
  • 25. Our Services Cybersecurity Internet Service Hosting Domain DDoS protection Penetration test Firewall SSL-Certificate CDN VPN Live-streaming Email marketing Web, email and app Cloud server Dedicated server Colocation Hosting 40,000 webs .hk registrar Domain advisor Brand alert 1000+ domain types DNS Panel
  • 26. Our Qualification Registrar of .hk Domain One of the first HKIRC-recognized Registrars HK Government Public Cloud Services Provider First HK web hosting company recognized by the Office of the Government Chief Information Officer (OGCIO) OFCA Services-based Operator Licensee Permitted to provide Authorized International Value- Added Network Services (IVANS)
  • 28. Events Corporate Cyber Security Conference HK Cyber Security Drill
  • 29. Summary People ProcessTechnology • Multiple machine scanning tools • Over 20 years Domain and Web Knowledge • Project Experience in Different Sectors • Training and Certification • OWASP TOP 10 • The Penetration Testing Execution Standard • AgilePM
  • 30. Your Managed Security Service Partner Penetration Test Firewall & DDoS Protection 7x24 Technical Support Dedicated Security Specialists High Availability Ring Network
  • 34. Proposed Project Plan Week 1 Automated Scan • We will configure and execute automated scan, followed by test plan development. Risk assessment will take place during the test plan development. Week 2-3 Manual Review • We will verify the can result, eliminate false-positives and then execute manual business logic test. Application walkthrough and threat analysis will also be conducted during this stage. • Search for potential sensitive information related to you through various search engines
  • 37. Automated Scan • Tools scanning for potential security issue • Combine multiple tools to gather more information • Include fuzzing in scanning
  • 39. Manual Review (Penetration Test) • Enrich the information in machine scanning • Verify the findings in machine scanning • Look through each page to find security issue • Look for logical flaws
  • 40. Security Assessment Lifecycle Automated Scan Manual Review Report and Recommendations
  • 41. Report & Recommendations Executive Summary Testing Methodologies Proof of Concept Impact and Severity Findings Details Recommendations Debriefing meeting
  • 43. Retest Compiling a Retest checklist Scanning for previously found vulnerabilities after fixing Producing final retest report
  • 45. Case Reference I • An NGO partnering with the Hong Kong Government, provides quality social welfare service through their 3,000 operating units in Hong Kong. • Engagement in Penetration Test:  a Website before launch in Hong Kong  Re-tested several times
  • 46. Case Reference II • A 20-year-old Secondary School in Hong Kong • Engagement in Penetration Test:  an Internal CMS system with email function  a public-facing website