Red Team Test

Red Team Testing is used by organizations primarily to measure how strong/ prepared the applications/ networks/ security controls or measures/ systems, and even the company’s resources/ people are; in the event of a real-life cyber-attack. Red Team Testing is very important as it helps to enhance or improve the effectiveness of the organization’s ability to handle adverse, potentially harmful attacks from outsiders.

 

The Red Team Testing effectively exposes vulnerabilities or weak points that may be present, not just in the software (applications/ software/ technology), but also the hardware (systems/ IP). It helps identify vulnerabilities that may be physical (data centers/ servers/ infrastructure) and even human (staff/ employees/ partners/ departments/ consultants)

 

Thus, in all the above and many more ways, Red Team Testing is the most effective approach towards building a more effective defense against malicious entities, and helps one address threats efficiently.

Red Team Penetration Testing Approach

Su InfoTech’s Red Team Penetration Testing includes a unique approach which involves 4 separate phases, to ensure a set process, with streamlined tactics to optimize the testing process.
Because it also involves Penetration Testing, the testing methodology for Penetration Testing remains the same. The Red Team Penetration Test methodology is divided into 4 phases as follows:

In the first phase, reconnaissance; details of resources of Target Company are taken. This includes number of applications, domains, sub-domains, assets, IP’s, ports and other information that are determined to gauge the scope of the project.

(In Penetration Testing Methodology, this would be the “Pre-qualification” stage)

In the next phase of testing, out of all aspects that are identified, some are handpicked and categorized into separate groups or categories.

These categories are taken for approval to determine which group should be prioritized and what approach to be taken for each.

(In Penetration Testing Methodology, this is the “Threat Modeling” stage)

The plan of action is executed in a set systematic approach, beginning from the first prioritized group, slowly moving on to the next group.

The approaches taken for each group may vary. For example, one approach taken is to scout for existing data present online, and use this info to form targeted attacks.

  • The goal of a Red Team Testing is to extract information from the target without being detected or prevented access by the blue team of the target company.

    This requires stealth, and a focused and targeted approach.

    Once this goal is accomplished, a detailed report is given explaining the approach and findings.

    (Phase 3 and 4 involve extensive exploitation and thus involve the complete Penetration Testing methodology that is outlined in the Penetration Testing Methodology Document)

Pen Test Coverage Description

Phase 3 and 4 involve extensive exploitation and thus involve the complete Penetration Testing methodology, Hence the following are also covered in our Red Team Tests.

100% False Positive Removal

100% WASC II Coverage (49 Classes)

  • OWASP stands for Open Web Application Security Project
  • It is an online community which enables the availability of information such as documents, methodology, techniques, articles, and even technology in Web Application Security
  • e Top 10 are regularly updated and the goal is to identify and raise awareness about the most critical risks that an organization face

     

    OWASP Top 10 – 2017 (RC1)

    • Injection
    • Broken Authentication & Session management
    • Cross Site Scripting (XSS)
    • Broken Access Control
    • Security Misconfiguration
    • Sensitive Data Exposure
    • Insufficient Attack Protection
    • Cross-Site Request Forgery (CSRF)
    • Using Components with Known Vulnerabilities
    • Underprotected APIs
  • While conducting Security Assessment on an Information System, there are Security Threats that are identified which are ranked based on their criticality, occurrence, ease of exploit and significance
  • CWE stands for Common Weakness Enumeration and it compiles the Top 25 Most Dangerous and Critical Software Errors which can lead to serious vulnerabilities in Software
  • The Top 25 is a result of collaboration between SANS Institute, MITRE, and several Top Security Experts in the US and Europe
  • Top 25 are prioritized based on inputs from over 20 organizations, and each weakness was assessed based on its importance, ease of exploit and occurrence
  • Business Logic is the part of the application/program/software which encodes for different Business Rules
  • Such encoding ensures the determination of data creation, storage and data change
  • Flaws or irregularities in such encoding may result in certain Business Critical Vulnerabilities that remain undetected by Automated Scanners and require In-Depth Manual Exploitation

 

Business Logic Flaws

  • Price Tampering
  • Bypass Validation
  • Coupon Reuse
  • CAPTCHA Bypass
  • Negative amount transfer
  • Email Spoofing
  • Keys/Tokens Reuse
  • Order Out of Stock Item
  • Payment Gateway Bypass
  • Misuse Forget Password

Business Critical Vulnerability Detection

  • XSS, CSRF, SQL Injection, HTML Injection, etc

Role Based Testing (Horizontal and Vertical Privilege Escalation Test)

Close Menu