Setup Idea Do yourself a favor and order a free Penetration Test

[Victor M]

You can do simple penetration tests on yourself. A pen test is more than a vulnerability scan. It uses hacking tools to simulate an attack. Penetration tests used to be an expensive endeavor requiring you to hire a pen test company and can span several days. However automation has caught up.

Much like testing your AV's detection capabilities with live malware, you want to detect what holes you have remaining after you have applied all your protections. It is termed 'offensive security'.

Intruder.io has a 7 day free trial allowing you do a test of your own ip and web presence. Just go to whatsmyip.org, copy the ip address and paste it into Intruder's site. And enter also your web page URL into the targets if you have any. If you want it to scan past your router/hardware firewall you have to install an agent onto your PCs. It gives you a PDF results download.

https://portal.intruder.io/free_trial

You need to provide a credit card to do the pen test. Just remember to delete the scheduled monthly test, and unsubscribe to their service when you have finished testing.

They also want a company email address, if you don't want to use yours, just use a free temporary email service and wait for the verification email.

 

[tofargone]

Penetration test?

This sounds risky, will it hurt?

Do I do this at home or do I have to go to the doctors office?

 

[Victor M]

This sounds risky, will it hurt?

Yes it does hurt, but it can detect colon cancer

 

[BSONE]

Humour aside, does anyone have an opinion on this service. I am comfortable using a credit card for the trial as one of my my credit providers has a one time use disposable card option.

 

[n8chavez]

<<<<<

Penatration test?

 

[cartaphilus]

Yeah I get that annually after I turned 45+.

 

[Victor M]

My opinion of intruder.io is that it is good.

The good thing is that it found up to date things, as I only did an upgrade a day before; and it found the missing update.

And it also prioritize the issues it finds into low, medium and high. So you will know which to fix first.

Also it found coding security omissions on our web presence, and explained why the fixes are necessary and gave attack methods that would exploit them.

It also detected our web application firewall and stopped the test, asking us to whitelist intruder.io.

 

[Acadia]

I practice safe hex.
Acadia

 

[simmerskool]

My opinion of intruder.io is that it is good.

It also detected our web application firewall and stopped the test, asking us to whitelist intruder.io.

?? please lower your defenses so we can penetrate your system to see if you're secure...??

 

[n8chavez]

I've had dates like that.

 

[mlnevese]

?? please lower your defenses so we can penetrate your system to see if you're secure...??

Reminds me of those tests where the tester disables almost all layers of protection before they can infect a system then say the product failed the test.

 

[Victor M]

?? please lower your defenses so we can penetrate your system to see if you're secure...??

I am jhst saying it detected our WAF, that's alll; not a problem.

 

[BSONE]

Tested on Joe Biden: Failed Swiss Emmental cheese stress test, with lots of holes and air bubbles reported.
Tested on Donald Trump: Unable to conclude test as behind Paywall. Likely to pass though as protected by Thomas the Tank Engine Uber advanced security secret sauce technology ™

 

[Victor M]

Well, what one white hat hacker knows is different from what another knows. So pen tests are subjective. But when we take all the white hats' public domain-ed and CVE'd and POC'd attacks and test them on ourselves we do gain some positive protection, do we not?