Computer systems that are connected to a computer network, such as the Internet, must employ security measures to prevent unauthorized users from accessing these systems. The security measures must be properly designed and implemented in order to prevent unauthorized access. However, it is difficult to evaluate the effectiveness of such security measures, particularly in view of the increasing sophistication of techniques used to gain unauthorized access to computer systems.
The effectiveness of the security measures of a computer system may be evaluated by performing a computer security audit in which various aspects of computer security are analyzed and evaluated. The security audit may include a penetration test, which is a process by which a security auditor attempts to gain unauthorized access to the computer system.
Conventionally, a penetration test is performed using a multitude of ad hoc methods and tools, rather than according to a formalized standard or procedure. A typical penetration test includes the following stages: 1. Information gathering: the security auditor gathers technical details about the target system and information regarding the owner of the target system. 2. Information analysis and planning: The auditor analyzes the information to plan an overall approach by which to perform the penetration testing. This tends to be a difficult and time consuming task and requires experienced and knowledgeable personnel having a highly specialized skill base. 3. Vulnerability detection: The auditor searches the target system for security vulnerabilities based on the top-level plan developed in the information analysis and planning stage. Security vulnerabilities include, for example, system misconfigurations that enable an unauthorized user to gain access using a known series of steps. The vulnerability search may be performed using an automated vulnerability scanner, which is a software package that determines whether certain known flaws may be used to gain unauthorized access to the target. Manual vulnerability scanning also may be performed to probe for common vulnerabilities that, for various reasons, may have been missed by an automated scanner. However, such vulnerability scanning techniques merely list the vulnerabilities, rather than actually attempt to exploit them. The automated and manual vulnerability searches may be supplemented by research performed by the security auditor to determine previously unknown vulnerabilities. Such research typically is performed using a copy (also called a mirror) of the software application being probed and/or the associated hardware.
Another stage in a typical penetration test includes: 4. Compromising and accessing the target system: The auditor attempts to compromise the target system based on the results of the vulnerability detection stage using publicly available or custom-developed programs. Publicly available programs designed to exploit system vulnerabilities tend to be unreliable and require testing and customization before use. In general, exploiting detected vulnerabilities, regardless of the tools being used, requires experienced and knowledgeable personnel having a highly specialized skill base. In addition, a considerable laboratory infrastructure may be required to develop and test vulnerability exploitation tools, particularly when the target system employs a number of different operating system platforms. 5. Analysis and reporting: This stage includes consolidating and presenting the information obtained during the previous stages and developing recommendations for remedying the security vulnerabilities identified during the penetration test. Manually maintaining a record of all of the actions taken and information gathered during testing is extremely time consuming and prone to error. Moreover, the preparation of complete and accurate records is subject to the discipline of the personnel conducting the test. 6. Clean up: The compromising and accessing stage typically results in significant changes being made to the target system. In the clean up stage, the auditor returns the system to its original configuration. To perform a successful clean up, a detailed and exact list of all actions performed during testing must be maintained, yet there are only rudimentary tools available for maintaining such information.
Client-side exploits constitute a special family of exploits that are used for attacking client applications. As an example, in the execution of many protocols, there are two entities that participate, namely, a client and a server where typically the server provides a centralized service to many clients (e.g., Web browsers are clients that connect to Web applications (hosted in web servers) for downloading content, mail clients connect to mail servers to download or send mails, etc.). Certain vulnerable client applications are exploitable, this means that one could develop some exploit code that is somehow uploaded to a server that provides service to these clients and can be used to successfully attack this application (e.g., to take control of the computer system running this application). For example, in the case of an email application exploit, the penetration tester typically finds out what email client is being used by an entity in the target organization, sends an email to this entity, this email containing some exploit code, and compromises the computer that receives this email.
Unfortunately, the process of executing steps 1-6 above in order to execute a penetration test as fast as possible, without disrupting services, and focusing on the objective of the test (as described by the contractor of the audit) requires great skill, and is very difficult. In view of the shortcomings discussed above, there is a need for a system and method for performing client side penetration testing employing a computer system compromise that takes an entirely fresh approach and overcomes the drawbacks of the conventional techniques.