Virtual Penetration Testing

Overview

Welcome to the Virtual Penetration Testing module. In this section, you'll be guided through the process of using our virtual penetration testing tool. You'll learn how to:

Navigate through the module interface.
Create and initiate a penetration test scan.
Understand and utilize the dashboard and its components.

Virtual penetration testing is a remote security assessment method designed to evaluate the vulnerabilities and weaknesses within digital environments, including web applications, networks, and systems. By simulating potential attacks using various tools and techniques, this method helps identify security flaws and assesses the effectiveness of current defenses. Unlike traditional in-person testing, virtual penetration testing is conducted over the internet, offering flexibility in testing locations and often reducing costs. The primary aim is to detect and address vulnerabilities before they can be exploited, providing valuable insights to enhance your organization’s security measures.

Navigate to the module

~~Under~~After redirected, it will show you the ~~Cyber~~modules ~~Assessment~~under ~~module,~~risk management then click on Penetration ~~Testing~~Testing.

~~(PT)~~

Create a Penetration Test Scan

To create a penetration test you ~~must~~will ~~first~~be goalready redirected to the ~~scans~~scan ~~dashboard~~page when you click the Penetration Testing, as shown ~~in the picture~~

~~Then~~below you ~~click~~just ~~on the Penetration Test icon~~need to ~~start~~click aNew ~~Penetration Test~~scan.

AAfter ~~modal~~clicking scan it will show you all the type or testing categories you can do and every category it will show you the tools you can use for your testing.
- for example, the image shows that the user chooses Network penetration testing, the tool he/she can use are Nmap & NmapUDP are for (port scan), then ~~pops~~OpenVAS upis ~~where~~for (Network Vulnerability Scan). After you pick/choose click Next.

~~Once~~If the ~~information~~target ~~for~~you ~~the~~need ~~penetration~~to test is ~~filled~~already ~~out,~~exist just click ~~save~~the ~~scan.~~check Itbox beside the targets name, then ~~starts~~if it doesn`t exist yet you can click the ~~scan~~" ~~and~~Add ~~will~~Target be" ~~shown~~in the upper right to all new target.

If ever your target doesn`t exist on the ~~Scans~~list, ~~Dashboard.~~you can just simply click +Add Target then a modal will show for you to input the target then click add target to submit the target credential, then it will automatically show the added target on the dashboard and you can proceed on clicking next for step 3.

Penetration Test Scans Dashboard:

In the Penetration Test Scans dashboard, it shows all Penetration Tests that were conducted. It shows the completion of the test, whether it has finished the scan or not. It also shows the website where it has conducted the test as well as the different types of severity for the vulnerabilities & risks the penetration has scanned.

Virtual Penetration Testing Dashboard:

Offers a comprehensive overview of the organization's risk profile and vulnerabilities.

Total Vulnerabilities Detected & Severity:

This section displays the total number of vulnerabilities detected during penetration tests, categorized by severity: informational, low, medium, high, and critical.

Penetration Activity:

The Penetration Activity section shows the amount of all the penetration tests that were conducted for an organization, all the web assets scanned, during penetration testing, as well as all the currently running penetration tests.

Clicking on one of the sections of the penetration activity reveals a modal, which shows detailed information of the penetration tests conducted. For example, the modal for Total Penetration Test shows the target of the test, type, date, and the status of the penetration test conducted.

Penetration Graph:

In this section, a penetration graph is a visual tool that summarizes the results of security assessments. It typically displays various metrics, such as the distribution of vulnerabilities across different severity levels such as informational, low, medium, high, and critical. This provides a clear picture of the organization's risk profile. The graph may also track trends over time, showing changes in vulnerability counts and test status, and highlight which assets were scanned and the vulnerabilities detected per asset. This visualization aids in understanding the effectiveness of security measures, identifying areas needing improvement, and prioritizing remediation efforts based on severity and impact.

Clicking on a severity type in the penetration graph triggers a modal that provides comprehensive details about the penetration test for the selected task source. This modal displays key information, including the total number of vulnerabilities detected and any critical assets identified. It also offers insights into the scan itself, such as the task source, vulnerability type, host, path, insertion point, and severity level.

Top Vulnerabilities Detected:

Top Vulnerabilities Detected provides a visual summary of the most critical vulnerabilities identified during the test. It typically ranks these vulnerabilities by severity or impact, highlighting which ones pose the greatest risk. The graph often categorizes vulnerabilities by type or affected system areas, such as web applications or network services, and may show their frequency of occurrence. This helps prioritize which vulnerabilities need immediate attention and provides insight into the overall risk landscape. Additionally, if the graph includes data over time or across different test phases, it can help track trends and assess whether security improvements are being made. Overall, this graph is an essential tool for understanding and addressing the most significant security threats uncovered in the penetration test.

Clicking on any section of the graph triggers the display of a modal that provides detailed information about scans that have identified a top vulnerability. This modal presents a comprehensive overview, including the target of the scan, the type of vulnerability detected, the date of the penetration testing, and the current status of the vulnerability. This detailed view helps users understand the context and specifics of each detected vulnerability, facilitating more informed decision-making and prioritization.

Recent Penetration Test:

Recent Penetration Test refers to the latest assessments performed to evaluate the current security status of your system. These tests identify and analyze vulnerabilities, helping you understand recent threats and improvements. Reviewing recent tests ensures your defenses are up-to-date and aligned with the latest security risks.

Top Exploitable Assets:

Top Exploitable Assets refer to the most vulnerable components of your system identified as having the highest potential for exploitation by attackers. These assets are prioritized based on their risk level and ease of exploitation, helping you focus on addressing the most critical weaknesses to enhance your overall security.

To access detailed information about vulnerabilities from a penetration test, click on any item in the "Top Exploitable Assets" list. This action reveals a comprehensive view of the scan, including the types of vulnerabilities detected and their severity levels. The modal also displays scan details such as the start and end times, duration, and sources of the test. Additionally, it provides specifics on vulnerability types, affected hosts, paths, insertion points, and overall severity, offering a thorough understanding of the identified security issues.

If you need further assistance, kindly contact our support at info@cytechint.com for prompt assistance and guidance.