Pruebas de Penetración

Seguridad

Definición

Un ciberataque simulado autorizado sobre un sistema para evaluar su postura de seguridad e identificar vulnerabilidades antes de que lo hagan atacantes reales. Las pruebas de penetración van desde escaneos automáticos de vulnerabilidades hasta compromisos completos de equipos rojos.

Phases of a Penetration Test

A penetration test (pentest) simulates a real-world attack under controlled conditions. The standard methodology follows five phases: reconnaissance (passive WHOISA query-and-response protocol for looking up registration information about domain names, IP addresses, and autonomous systems. WHOIS records include the registrant, registrar, name servers, and expiration dates. lookups, DNS enumeration, OSINT), scanning (port scanning, service fingerprinting via Open Port Checker), exploitation (attempting to compromise discovered vulnerabilities), post-exploitation (privilege escalation, lateral movement), and reporting (findings, evidence, remediation guidance).

Black Box vs. White Box vs. Gray Box

Type Tester Knowledge Resembles
Black box Zero internal info External attacker
White box Full source + architecture Insider threat audit
Gray box Partial (e.g., user creds) Compromised employee

Gray box testing is most common — it balances realism with efficiency. Red team engagements extend gray box testing with physical access, social engineering, and multi-week persistence simulations.

Tools and Scope Considerations

Common tools include Nmap (port scanning), Metasploit (exploitation), Burp Suite (WAFWeb Application Firewall. A security layer that filters, monitors, and blocks HTTP/HTTPS traffic to and from a web application, protecting against attacks like SQL injection, XSS, and CSRF at the application layer. bypass, SQL InjectionA code injection attack that inserts malicious SQL statements into application input fields to manipulate or extract data from a backend database. Prevented by parameterized queries and input validation., XSS), and BloodHound (Active Directory path analysis). Scope definition is critical — out-of-scope systems must be documented and respected. A CVECommon Vulnerabilities and Exposures. A standardized system of unique identifiers (e.g., CVE-2024-12345) for publicly known cybersecurity vulnerabilities, maintained by MITRE and used globally for vulnerability tracking and patching. scanner (Nessus, OpenVAS) complements manual testing by systematically checking known vulnerability signatures across the target surface.

Términos relacionados

Más en Seguridad