SlideShare una empresa de Scribd logo

Pentester's Mindset! - Ravikumar Paghdal

NSConclave
NSConclave

I will represent multiple case studies to convey the message that if you think limited, you will be limited. Bug bounty approach has degraded the quality of penetration testing, for both the customers as well as the practitioners. It is hard for the customer to differentiate between a good penetration testing and a quick and dirty top-10 or top-25 approach. https://nsconclave.net-square.com/pentesters-mindset.html

Tecnología
1 de 52
Pentester’s Mindset! Get out of the limited OWASP top 10 / SANS top 25 / Bug Bounty mindset Ravikumar Paghdal – Net Square 25th January 2020
# Whoami – Ravikumar Paghdal • Sr. Manager at Net Square • Hacker • Trainer • Bounty Hunter [2012-17] - Google [ Top 50 hacker list ] - Apple , Microsoft , Oracle .. • LinkedIn : /in/raviramesh • Twitter : @_RaviRamesh
Caution This talk can and will change the mindset and habit of typical pen tester.
I'll discusses multiple case studies to convey the message that if you think limited, you will be limited. The Same Old Thinking The Same Old Results
The survey and statistic of the ethical hacker community - hackerone 2019
The 2019 Edition of the Inside the Mind of a Hacker Report - bugcrowd 2019
The survey and statistic of the ethical hacker community - hackerone 2019
According to the 2019 Edition of the Inside the Mind of a Hacker Report [ largest attack surface ] - bugcrowd
According to a survey conducted by Hacker One in 2019 "The survey and statistic of the ethical hacker community", more than 50% of Bug Bounty hunters are focusing on XSS and SQL Injection only. https://www.hackerone.com/sites/default/files/2019-02/the-2019-hacker-report_3.pdf
When asked about their favourite attack vector, technique or method, over 38% of hackers surveyed said they prefer searching for cross-site scripting (XSS) vulnerabilities. That’s up from just 28% last year, and puts XSS significantly ahead of all other attack vector preferences. SQL injection placed second at 13.5%, while fuzzing, business logic, and information gathering rounded out the top five. In 2017, neither business logic nor information gathering placed in the top 10 last year. https://www.hackerone.com/sites/default/files/2019-02/the-2019-hacker-report_3.pdf
What happened with PenTester’s Mindset ? Choose your organization’s random web/mobile app VAPT report and you will find one common thing in the report. Guess what ? "The most common thing is the well-known vulnerabilities." SQL Injection, XSS, CSRF, IDOR, Missing Security Headers …
Most of the analyst's testing mechanism or mindset towards testing, the basic strategy is to intercept HTTP request and inject single quotes (‘), double quotes (“), greater than sign (>) and less than sign (<) to identify vulnerabilities. While injecting those special characters, the mind of an analyst has a thought process that eventually leads to finding such as XSS and SQL Injection only ;)
backtick (`) pipe (|) Null character (%00) Zalgo text ( N̯̱ ̣͇̖̦̦ ̣ ͥͮͩͪ̐͑͂̈̅ ͦ͋̆̔͆̀̆̀̚̚ ̕ ) multibyte character ( ﷽#$%&, ) Zero Width Space U+200B (ZWSP) Carriage Return (ASCII 13), Line Feed (ASCII 10) or different varied characters .. Why not !!
According to Common Weakness Enumeration (CWE List version 3.4) the total number of software weaknesses is 808. Why not !!
HTTP Request 1.Which part of the request is vulnerable? 2.Which vulnerability will affect the application and on which part?
Behind scenes.. Architecture
1. Server to Server communication parameter -> XML
2. Log Entry XML -> LOG (SQL, OS Command)
3. Authentication XML -> LDAP -> JWT
4. Data Access XML -> NoSQL DB
1. Server to Server communication parameter -> XML
Possible Vulnerability 1.XML Attacks à XML Injection à XSLT Injection [ If XSLT involved ] à XInclude Attack à XXE à XPATH Injection [ If XPATH Query involved ] à XSS through <![CDATA[ ]]> à Billion laughs attack or XML Bomb [DoS] à Quadratic Blowup Attack à SSRF using XML processing à XML Schema Attacks example. XML Schema Poisoning attack
2. Log Entry XML -> LOG (SQL, OS Command)
Possible Vulnerability 1. Log Entry in SQL Database à Blind Out of Band SQL Injection 2. Log Entry in Linux OS à Blind Out of Band OS Command Injection
3. Authentication XML -> LDAP -> JWT
Possible Vulnerability 1. LDAP Authentication à LDAP Injection 2. JSON Web Token (JWT) à Weak Symmetric Keys à Incorrect Composition of Encryption and Signature à Plaintext Leakage through Analysis of Ciphertext Length à Insecure Use of Elliptic Curve Encryption à Multiplicity of JSON Encodings à Substitution Attacks à Cross-JWT Confusion
4. Data Access XML -> NoSQL DB
Possible Vulnerability 1. NoSQL Database à NoSQL Injection
HTTP Headers CVE-2019-5418 - File Content Disclosure on Rails CVE-2014-6271 - Shellshock, also known as Bashdoor
Same question Again 1.Which part of the request is vulnerable? 2.Which vulnerability will affect the application and on which part?
Root cause analysis Following factors are responsible … 1. Training Institutes 2. Our Old Mindset 3. Quality compromised by Security firms and App vendors
1. training institutes
Major movement in developing world in between 2000~2019
Major movement in server side architecture in between 2016~2019
In InfoSec, training course not update with the time... SQL Injection NoSQL Injection ORM Injection SSI Injection … XSS SSJI SSTI … CSRF SSRF …
2. OUR OLD Mindset
Which circle do you believe is larger ?
Just imagine: as a child, you were taught that the blue circle is larger than the red. 🧒 🔵 > 🔴 If you say it enough times, you convince yourself that is the truth. ⏱ 📢 If you're told the lie enough times, it becomes part of your reality. 💯
And if enough people are taught the lie that the blue circle is larger than the red, now, it becomes part of the culture. 🧑🤝🧑🧑🤝🧑🧑🤝🧑🧑🤝🧑 And if that culture then passes that misinformation along to the next generation , well now it becomes tradition. - James Wildman
alert(1). ≠ XSS ‘ or ‘1’=‘1 ≠ SQL Injection Taught in trainings, you convince yourself, you're told the lie enough times, enough people are taught the lie through blogs and writeups. Now you passes that misinformation along to the next generation.
sometimes Script kiddies be like ..
"security analyst or a penetration tester only focuses on well-known vulnerabilities.” Let us understand the habitual behaviors or patterns of practice.
After few days or months.. it will print in our unconscious mind. It will passively force you to take same action without your active observation.
3. Quality compromised by security FIRMS and APP vendors
Contrasting lifestyles Lotta Money Boundless fun Unlimited Time Zero Liability
Contrasting lifestyles It’s out of scopeDo a comprehensive PT…. But in 3 days time No commercial tools. Budget is limited It’s a Prod environment. Not Exploits allowed ! You can’t use Linux tool, we are using windows Vendor doesn’t support that configuration Nobody else could figure that out You can’t explain the risk to “The Business” It’s legacy system It’s “too critical to patch” Provide RCA, Why you not found in previous VAPT It’s managed by a third party It’s an internal system It’s handled in the Cloud It’s an interim solution It’s XYZ compliant It’s encrypted communication It’s behind the firewall It’s only a pilot/proof of concept
તમારો આભાર @_RaviRamesh http://raviramesh.info/mindset.html

Recomendados

Http request smuggling
Http request smugglingHttp request smuggling
Http request smugglingn|u - The Open Security Community
 
Secure Code Warrior - CRLF injection
Secure Code Warrior - CRLF injectionSecure Code Warrior - CRLF injection
Secure Code Warrior - CRLF injectionSecure Code Warrior
 
HTTP Request Smuggling
HTTP Request SmugglingHTTP Request Smuggling
HTTP Request SmugglingAkash Ashokan
 
HTTP Request Smuggling via higher HTTP versions
HTTP Request Smuggling via higher HTTP versionsHTTP Request Smuggling via higher HTTP versions
HTTP Request Smuggling via higher HTTP versionsneexemil
 
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0Cory Forsyth
 
Sql injection
Sql injectionSql injection
Sql injectionSasha-Leigh Garret
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan
 
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)Marco Balduzzi
 

Recomendados

Http request smuggling
Http request smugglingHttp request smuggling
Http request smugglingn|u - The Open Security Community
 
Secure Code Warrior - CRLF injection
Secure Code Warrior - CRLF injectionSecure Code Warrior - CRLF injection
Secure Code Warrior - CRLF injectionSecure Code Warrior
 
HTTP Request Smuggling
HTTP Request SmugglingHTTP Request Smuggling
HTTP Request SmugglingAkash Ashokan
 
HTTP Request Smuggling via higher HTTP versions
HTTP Request Smuggling via higher HTTP versionsHTTP Request Smuggling via higher HTTP versions
HTTP Request Smuggling via higher HTTP versionsneexemil
 
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0Cory Forsyth
 
Sql injection
Sql injectionSql injection
Sql injectionSasha-Leigh Garret
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan
 
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)Marco Balduzzi
 
Cache poisoning
Cache poisoningCache poisoning
Cache poisoningAlexandraLacatus
 
Web Cache Poisoning
Web Cache PoisoningWeb Cache Poisoning
Web Cache PoisoningKuldeepPandya5
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...Noppadol Songsakaew
 
CSRF Attack and Its Prevention technique in ASP.NET MVC
CSRF Attack and Its Prevention technique in ASP.NET MVCCSRF Attack and Its Prevention technique in ASP.NET MVC
CSRF Attack and Its Prevention technique in ASP.NET MVCSuvash Shah
 
Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016bugcrowd
 
Server-side template injection- Slides
Server-side template injection- Slides Server-side template injection- Slides
Server-side template injection- Slides Amit Dubey
 
Building Advanced XSS Vectors
Building Advanced XSS VectorsBuilding Advanced XSS Vectors
Building Advanced XSS VectorsRodolfo Assis (Brute)
 
XSS - Do you know EVERYTHING?
XSS - Do you know EVERYTHING?XSS - Do you know EVERYTHING?
XSS - Do you know EVERYTHING?Yurii Bilyk
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameAbhinav Mishra
 
Basics of Server Side Template Injection
Basics of Server Side Template InjectionBasics of Server Side Template Injection
Basics of Server Side Template InjectionVandana Verma
 
Deep dive into ssrf
Deep dive into ssrfDeep dive into ssrf
Deep dive into ssrfn|u - The Open Security Community
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLFn|u - The Open Security Community
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101Shahee Mirza
 
Pentesting jwt
Pentesting jwtPentesting jwt
Pentesting jwtJaya Kumar Kondapalli
 
Directory Traversal & File Inclusion Attacks
Directory Traversal & File Inclusion AttacksDirectory Traversal & File Inclusion Attacks
Directory Traversal & File Inclusion AttacksRaghav Bisht
 
Sql injection
Sql injectionSql injection
Sql injectionMehul Boghra
 
Introduction to path traversal attack
Introduction to path traversal attackIntroduction to path traversal attack
Introduction to path traversal attackPrashant Hegde
 
Secure Code Warrior - Os command injection
Secure Code Warrior - Os command injectionSecure Code Warrior - Os command injection
Secure Code Warrior - Os command injectionSecure Code Warrior
 
Rest API Security
Rest API SecurityRest API Security
Rest API SecurityStormpath
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
 
We cant hack ourselves secure
We cant hack ourselves secureWe cant hack ourselves secure
We cant hack ourselves secureEoin Keary
 
Secureview 3
Secureview 3Secureview 3
Secureview 3Felipe Prado
 

Más contenido relacionado

La actualidad más candente

A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...Noppadol Songsakaew
 
CSRF Attack and Its Prevention technique in ASP.NET MVC
CSRF Attack and Its Prevention technique in ASP.NET MVCCSRF Attack and Its Prevention technique in ASP.NET MVC
CSRF Attack and Its Prevention technique in ASP.NET MVCSuvash Shah
 
Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016bugcrowd
 
Server-side template injection- Slides
Server-side template injection- Slides Server-side template injection- Slides
Server-side template injection- Slides Amit Dubey
 
XSS - Do you know EVERYTHING?
XSS - Do you know EVERYTHING?XSS - Do you know EVERYTHING?
XSS - Do you know EVERYTHING?Yurii Bilyk
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameAbhinav Mishra
 
Basics of Server Side Template Injection
Basics of Server Side Template InjectionBasics of Server Side Template Injection
Basics of Server Side Template InjectionVandana Verma
 
Directory Traversal & File Inclusion Attacks
Directory Traversal & File Inclusion AttacksDirectory Traversal & File Inclusion Attacks
Directory Traversal & File Inclusion AttacksRaghav Bisht
 
Introduction to path traversal attack
Introduction to path traversal attackIntroduction to path traversal attack
Introduction to path traversal attackPrashant Hegde
 
Secure Code Warrior - Os command injection
Secure Code Warrior - Os command injectionSecure Code Warrior - Os command injection
Secure Code Warrior - Os command injectionSecure Code Warrior
 
Rest API Security
Rest API SecurityRest API Security
Rest API SecurityStormpath
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
 

La actualidad más candente (20)

Cache poisoning
Cache poisoningCache poisoning
Cache poisoning
 
Web Cache Poisoning
Web Cache PoisoningWeb Cache Poisoning
Web Cache Poisoning
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...
 
CSRF Attack and Its Prevention technique in ASP.NET MVC
CSRF Attack and Its Prevention technique in ASP.NET MVCCSRF Attack and Its Prevention technique in ASP.NET MVC
CSRF Attack and Its Prevention technique in ASP.NET MVC
 
Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016
 
Server-side template injection- Slides
Server-side template injection- Slides Server-side template injection- Slides
Server-side template injection- Slides
 
Building Advanced XSS Vectors
Building Advanced XSS VectorsBuilding Advanced XSS Vectors
Building Advanced XSS Vectors
 
XSS - Do you know EVERYTHING?
XSS - Do you know EVERYTHING?XSS - Do you know EVERYTHING?
XSS - Do you know EVERYTHING?
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
 
Basics of Server Side Template Injection
Basics of Server Side Template InjectionBasics of Server Side Template Injection
Basics of Server Side Template Injection
 
Deep dive into ssrf
Deep dive into ssrfDeep dive into ssrf
Deep dive into ssrf
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101
 
Pentesting jwt
Pentesting jwtPentesting jwt
Pentesting jwt
 
Directory Traversal & File Inclusion Attacks
Directory Traversal & File Inclusion AttacksDirectory Traversal & File Inclusion Attacks
Directory Traversal & File Inclusion Attacks
 
Sql injection
Sql injectionSql injection
Sql injection
 
Introduction to path traversal attack
Introduction to path traversal attackIntroduction to path traversal attack
Introduction to path traversal attack
 
Secure Code Warrior - Os command injection
Secure Code Warrior - Os command injectionSecure Code Warrior - Os command injection
Secure Code Warrior - Os command injection
 
Rest API Security
Rest API SecurityRest API Security
Rest API Security
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
 

Similar a Pentester's Mindset! - Ravikumar Paghdal

We cant hack ourselves secure
We cant hack ourselves secureWe cant hack ourselves secure
We cant hack ourselves secureEoin Keary
 
Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq OWASP-Qatar Chapter
 
Security testing for web developers
Security testing for web developersSecurity testing for web developers
Security testing for web developersmatthewhughes
 
Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Kimberley Dray
 
Why do women love chasing down bad guys?
Why do women love chasing down bad guys? Why do women love chasing down bad guys?
Why do women love chasing down bad guys? SITA
 
The life of breached data and the attack lifecycle
The life of breached data and the attack lifecycleThe life of breached data and the attack lifecycle
The life of breached data and the attack lifecycleJarrod Overson
 
Hacking databases
Hacking databasesHacking databases
Hacking databasessunil kumar
 
Hacking databases
Hacking databasesHacking databases
Hacking databasessunil kumar
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & ArchitecturePriyanka Aash
 
Securing the “Weakest Link”
Securing the “Weakest Link”Securing the “Weakest Link”
Securing the “Weakest Link”Priyanka Aash
 
Beginning Ethical Hacking with Python.pdf
Beginning Ethical Hacking with Python.pdfBeginning Ethical Hacking with Python.pdf
Beginning Ethical Hacking with Python.pdfIndianArmy38
 
Beginning Ethical Hacking with Python.pdf
Beginning Ethical Hacking with Python.pdfBeginning Ethical Hacking with Python.pdf
Beginning Ethical Hacking with Python.pdfIndianArmy38
 
How to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security ChecklistHow to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security ChecklistPixel Crayons
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfShivamSharma909
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsRwik Kumar Dutta
 
Suppose that you are currently employed as an Information Security M.docx
Suppose that you are currently employed as an Information Security M.docxSuppose that you are currently employed as an Information Security M.docx
Suppose that you are currently employed as an Information Security M.docxsimba35
 
Splunk Discovery Day Hamburg - Security Session
Splunk Discovery Day Hamburg - Security SessionSplunk Discovery Day Hamburg - Security Session
Splunk Discovery Day Hamburg - Security SessionSplunk
 

Similar a Pentester's Mindset! - Ravikumar Paghdal (20)

We cant hack ourselves secure
We cant hack ourselves secureWe cant hack ourselves secure
We cant hack ourselves secure
 
Secureview 3
Secureview 3Secureview 3
Secureview 3
 
Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq
 
Security testing for web developers
Security testing for web developersSecurity testing for web developers
Security testing for web developers
 
Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019
 
Why do women love chasing down bad guys?
Why do women love chasing down bad guys? Why do women love chasing down bad guys?
Why do women love chasing down bad guys?
 
The life of breached data and the attack lifecycle
The life of breached data and the attack lifecycleThe life of breached data and the attack lifecycle
The life of breached data and the attack lifecycle
 
Hacking databases
Hacking databasesHacking databases
Hacking databases
 
Hacking databases
Hacking databasesHacking databases
Hacking databases
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture
 
Securing the “Weakest Link”
Securing the “Weakest Link”Securing the “Weakest Link”
Securing the “Weakest Link”
 
Beginning Ethical Hacking with Python.pdf
Beginning Ethical Hacking with Python.pdfBeginning Ethical Hacking with Python.pdf
Beginning Ethical Hacking with Python.pdf
 
Beginning Ethical Hacking with Python.pdf
Beginning Ethical Hacking with Python.pdfBeginning Ethical Hacking with Python.pdf
Beginning Ethical Hacking with Python.pdf
 
How to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security ChecklistHow to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security Checklist
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its Prospects
 
Is it good to be paranoid ?
Is it good to be paranoid ?Is it good to be paranoid ?
Is it good to be paranoid ?
 
Suppose that you are currently employed as an Information Security M.docx
Suppose that you are currently employed as an Information Security M.docxSuppose that you are currently employed as an Information Security M.docx
Suppose that you are currently employed as an Information Security M.docx
 
Xss talk, attack and defense
Xss talk, attack and defenseXss talk, attack and defense
Xss talk, attack and defense
 
Splunk Discovery Day Hamburg - Security Session
Splunk Discovery Day Hamburg - Security SessionSplunk Discovery Day Hamburg - Security Session
Splunk Discovery Day Hamburg - Security Session
 

Más de NSConclave

RED-TEAM_Conclave
RED-TEAM_ConclaveRED-TEAM_Conclave
RED-TEAM_ConclaveNSConclave
 
Create a Custom Plugin in Burp Suite using the Extension
Create a Custom Plugin in Burp Suite using the ExtensionCreate a Custom Plugin in Burp Suite using the Extension
Create a Custom Plugin in Burp Suite using the ExtensionNSConclave
 
IOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachIOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachNSConclave
 
Debugging Android Native Library
Debugging Android Native LibraryDebugging Android Native Library
Debugging Android Native LibraryNSConclave
 
Burp Suite Extension Development
Burp Suite Extension DevelopmentBurp Suite Extension Development
Burp Suite Extension DevelopmentNSConclave
 
Regular Expression Injection
Regular Expression InjectionRegular Expression Injection
Regular Expression InjectionNSConclave
 
HTML5 Messaging (Post Message)
HTML5 Messaging (Post Message)HTML5 Messaging (Post Message)
HTML5 Messaging (Post Message)NSConclave
 
Node.js Deserialization
Node.js DeserializationNode.js Deserialization
Node.js DeserializationNSConclave
 
RIA Cross Domain Policy
RIA Cross Domain PolicyRIA Cross Domain Policy
RIA Cross Domain PolicyNSConclave
 
LDAP Injection
LDAP InjectionLDAP Injection
LDAP InjectionNSConclave
 
Python Deserialization Attacks
Python Deserialization AttacksPython Deserialization Attacks
Python Deserialization AttacksNSConclave
 
NoSql Injection
NoSql InjectionNoSql Injection
NoSql InjectionNSConclave
 
Thick Client Testing Advanced
Thick Client Testing AdvancedThick Client Testing Advanced
Thick Client Testing AdvancedNSConclave
 
Thick Client Testing Basics
Thick Client Testing BasicsThick Client Testing Basics
Thick Client Testing BasicsNSConclave
 
Security Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren ShahSecurity Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren ShahNSConclave
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaNSConclave
 

Más de NSConclave (20)

RED-TEAM_Conclave
RED-TEAM_ConclaveRED-TEAM_Conclave
RED-TEAM_Conclave
 
Create a Custom Plugin in Burp Suite using the Extension
Create a Custom Plugin in Burp Suite using the ExtensionCreate a Custom Plugin in Burp Suite using the Extension
Create a Custom Plugin in Burp Suite using the Extension
 
IOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachIOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's Approach
 
Debugging Android Native Library
Debugging Android Native LibraryDebugging Android Native Library
Debugging Android Native Library
 
Burp Suite Extension Development
Burp Suite Extension DevelopmentBurp Suite Extension Development
Burp Suite Extension Development
 
Log Analysis
Log AnalysisLog Analysis
Log Analysis
 
Regular Expression Injection
Regular Expression InjectionRegular Expression Injection
Regular Expression Injection
 
HTML5 Messaging (Post Message)
HTML5 Messaging (Post Message)HTML5 Messaging (Post Message)
HTML5 Messaging (Post Message)
 
Node.js Deserialization
Node.js DeserializationNode.js Deserialization
Node.js Deserialization
 
RIA Cross Domain Policy
RIA Cross Domain PolicyRIA Cross Domain Policy
RIA Cross Domain Policy
 
LDAP Injection
LDAP InjectionLDAP Injection
LDAP Injection
 
Python Deserialization Attacks
Python Deserialization AttacksPython Deserialization Attacks
Python Deserialization Attacks
 
Sandboxing
SandboxingSandboxing
Sandboxing
 
NoSql Injection
NoSql InjectionNoSql Injection
NoSql Injection
 
Thick Client Testing Advanced
Thick Client Testing AdvancedThick Client Testing Advanced
Thick Client Testing Advanced
 
Thick Client Testing Basics
Thick Client Testing BasicsThick Client Testing Basics
Thick Client Testing Basics
 
Markdown
MarkdownMarkdown
Markdown
 
Docker 101
Docker 101Docker 101
Docker 101
 
Security Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren ShahSecurity Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren Shah
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan Braganza
 

Último

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Último (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Pentester's Mindset! - Ravikumar Paghdal

  • 1. Pentester’s Mindset! Get out of the limited OWASP top 10 / SANS top 25 / Bug Bounty mindset Ravikumar Paghdal – Net Square 25th January 2020
  • 2. # Whoami – Ravikumar Paghdal • Sr. Manager at Net Square • Hacker • Trainer • Bounty Hunter [2012-17] - Google [ Top 50 hacker list ] - Apple , Microsoft , Oracle .. • LinkedIn : /in/raviramesh • Twitter : @_RaviRamesh
  • 3. Caution This talk can and will change the mindset and habit of typical pen tester.
  • 4. I'll discusses multiple case studies to convey the message that if you think limited, you will be limited. The Same Old Thinking The Same Old Results
  • 5. The survey and statistic of the ethical hacker community - hackerone 2019
  • 6. The 2019 Edition of the Inside the Mind of a Hacker Report - bugcrowd 2019
  • 7. The survey and statistic of the ethical hacker community - hackerone 2019
  • 8. According to the 2019 Edition of the Inside the Mind of a Hacker Report [ largest attack surface ] - bugcrowd
  • 9. According to a survey conducted by Hacker One in 2019 "The survey and statistic of the ethical hacker community", more than 50% of Bug Bounty hunters are focusing on XSS and SQL Injection only. https://www.hackerone.com/sites/default/files/2019-02/the-2019-hacker-report_3.pdf
  • 10. When asked about their favourite attack vector, technique or method, over 38% of hackers surveyed said they prefer searching for cross-site scripting (XSS) vulnerabilities. That’s up from just 28% last year, and puts XSS significantly ahead of all other attack vector preferences. SQL injection placed second at 13.5%, while fuzzing, business logic, and information gathering rounded out the top five. In 2017, neither business logic nor information gathering placed in the top 10 last year. https://www.hackerone.com/sites/default/files/2019-02/the-2019-hacker-report_3.pdf
  • 11.
  • 12. What happened with PenTester’s Mindset ? Choose your organization’s random web/mobile app VAPT report and you will find one common thing in the report. Guess what ? "The most common thing is the well-known vulnerabilities." SQL Injection, XSS, CSRF, IDOR, Missing Security Headers …
  • 13. Most of the analyst's testing mechanism or mindset towards testing, the basic strategy is to intercept HTTP request and inject single quotes (‘), double quotes (“), greater than sign (>) and less than sign (<) to identify vulnerabilities. While injecting those special characters, the mind of an analyst has a thought process that eventually leads to finding such as XSS and SQL Injection only ;)
  • 14. backtick (`) pipe (|) Null character (%00) Zalgo text ( N̯̱ ̣͇̖̦̦ ̣ ͥͮͩͪ̐͑͂̈̅ ͦ͋̆̔͆̀̆̀̚̚ ̕ ) multibyte character ( ﷽#$%&, ) Zero Width Space U+200B (ZWSP) Carriage Return (ASCII 13), Line Feed (ASCII 10) or different varied characters .. Why not !!
  • 15. According to Common Weakness Enumeration (CWE List version 3.4) the total number of software weaknesses is 808. Why not !!
  • 16. HTTP Request 1.Which part of the request is vulnerable? 2.Which vulnerability will affect the application and on which part?
  • 18. 1. Server to Server communication parameter -> XML
  • 19. 2. Log Entry XML -> LOG (SQL, OS Command)
  • 21. 4. Data Access XML -> NoSQL DB
  • 22. 1. Server to Server communication parameter -> XML
  • 23. Possible Vulnerability 1.XML Attacks à XML Injection à XSLT Injection [ If XSLT involved ] à XInclude Attack à XXE à XPATH Injection [ If XPATH Query involved ] à XSS through <![CDATA[ ]]> à Billion laughs attack or XML Bomb [DoS] à Quadratic Blowup Attack à SSRF using XML processing à XML Schema Attacks example. XML Schema Poisoning attack
  • 24. 2. Log Entry XML -> LOG (SQL, OS Command)
  • 25. Possible Vulnerability 1. Log Entry in SQL Database à Blind Out of Band SQL Injection 2. Log Entry in Linux OS à Blind Out of Band OS Command Injection
  • 27. Possible Vulnerability 1. LDAP Authentication à LDAP Injection 2. JSON Web Token (JWT) à Weak Symmetric Keys à Incorrect Composition of Encryption and Signature à Plaintext Leakage through Analysis of Ciphertext Length à Insecure Use of Elliptic Curve Encryption à Multiplicity of JSON Encodings à Substitution Attacks à Cross-JWT Confusion
  • 28. 4. Data Access XML -> NoSQL DB
  • 29. Possible Vulnerability 1. NoSQL Database à NoSQL Injection
  • 30. HTTP Headers CVE-2019-5418 - File Content Disclosure on Rails CVE-2014-6271 - Shellshock, also known as Bashdoor
  • 31. Same question Again 1.Which part of the request is vulnerable? 2.Which vulnerability will affect the application and on which part?
  • 32. Root cause analysis Following factors are responsible … 1. Training Institutes 2. Our Old Mindset 3. Quality compromised by Security firms and App vendors
  • 34. Major movement in developing world in between 2000~2019
  • 35. Major movement in server side architecture in between 2016~2019
  • 36.
  • 37. In InfoSec, training course not update with the time... SQL Injection NoSQL Injection ORM Injection SSI Injection … XSS SSJI SSTI … CSRF SSRF …
  • 38. 2. OUR OLD Mindset
  • 39. Which circle do you believe is larger ?
  • 40. Just imagine: as a child, you were taught that the blue circle is larger than the red. 🧒 🔵 > 🔴 If you say it enough times, you convince yourself that is the truth. ⏱ 📢 If you're told the lie enough times, it becomes part of your reality. 💯
  • 41. And if enough people are taught the lie that the blue circle is larger than the red, now, it becomes part of the culture. 🧑🤝🧑🧑🤝🧑🧑🤝🧑🧑🤝🧑 And if that culture then passes that misinformation along to the next generation , well now it becomes tradition. - James Wildman
  • 42. alert(1). ≠ XSS ‘ or ‘1’=‘1 ≠ SQL Injection Taught in trainings, you convince yourself, you're told the lie enough times, enough people are taught the lie through blogs and writeups. Now you passes that misinformation along to the next generation.
  • 44. "security analyst or a penetration tester only focuses on well-known vulnerabilities.” Let us understand the habitual behaviors or patterns of practice.
  • 45.
  • 46.
  • 47.
  • 48. After few days or months.. it will print in our unconscious mind. It will passively force you to take same action without your active observation.
  • 49. 3. Quality compromised by security FIRMS and APP vendors
  • 51. Contrasting lifestyles It’s out of scopeDo a comprehensive PT…. But in 3 days time No commercial tools. Budget is limited It’s a Prod environment. Not Exploits allowed ! You can’t use Linux tool, we are using windows Vendor doesn’t support that configuration Nobody else could figure that out You can’t explain the risk to “The Business” It’s legacy system It’s “too critical to patch” Provide RCA, Why you not found in previous VAPT It’s managed by a third party It’s an internal system It’s handled in the Cloud It’s an interim solution It’s XYZ compliant It’s encrypted communication It’s behind the firewall It’s only a pilot/proof of concept