How to achieve an optimal pentest result by using “flow control”

by | Nov 23, 2021 | Automated Pen Test Demo

This video demonstrates how the newly added “Flow Control” feature help you achieve a better penetration testing result.

Starting from the release of RidgeBot 3.7, when a new task is created, you can choose RidgeBot’s stealth level which is the attack speed from one of the four levels – Stealthy, Intermediate, Normal and Noisy.

There are tradeoffs among these four levels. We highly recommend that you choose a suitable level for your environment by either following the principles described in this video or simply run multiple tests to compare.

Being stealthy means RidgeBot will launch attacks in a slower speed, and with a longer time out in between attacks. In the “Stealthy” mode, the penetration test will have less impact on the target system. As a result, it might be able to avoid triggering security defenses, have deeper inspections and find more vulnerabilities and Risks. The tradeoff for these appealing benefits is obviously that it will take longer time to complete the task. For a large-scale network or network with a slow network connection, it might be not feasible. However, it might be the only choice in the situation that the target is fragile due to limited resources. For a sensitive production environment, the “Stealthy” mode is a good choice to start with.

Being normal means RidgeBot works in the same way as in the release prior to 3.7. It balances the number of vulnerability and risk findings and the test time. For a robust and regular test environment, we expect the same result from the “stealthy” and “normal” mode. The “normal” mode appears to be more superior while taking a lot less time.

“Noisy” is an effective choice in a lab environment where there are no security devices and you want to have a faster test result; or the goal is to test the robustness of your system under large volume attacks.

The “Intermediate” mode is used to fine tune the test result between “Stealthy” and “Normal” mode.

In our example, we created two tasks to test the same website. One task is configured with “Normal” mode, and the other task is configured with “Stealthy” mode. The test target is an open vulnerable system called Multillidae created by OWASP organization. This Mutillidae docker image is allocated with very limited resource such as 1 core CPU and 4 Gig memory and the response from this site is slower than most sites. For such site, there is a great difference in the result between the Stealthy mode and the Normal mode.

With the Stealthy mode, RidgeBot successfully found 4 risks, 47 high vulnerabilities and 129 medium vulnerabilities. For the 4 risks, RidgeBot shows the exploit proof for the SQLinjection vulnerabilities with data structures and data tables etc.

While in the Normal mode, RidgeBot discovered almost the same # of attack surfaces as in the Stealthy mode case, but there are fewer high vulnerabilities found, reduced from 47 to 19 and no Risk or successful exploitation.

The Stealthy mode test takes 10 hours 34 mins to complete, while the Normal mode takes only about 2 hours 21 mins.

For a website similar to Mutillidae, the Stealthy mode is a way to go as it presents more critical findings but requires a longer test time. However, please keep in mind, the “Stealthy” mode doesn’t always generate a better result. For example, in a situation that a cookie setting has timeout, using the “Stealthy” mode may trigger a wrong cookie therefore may cause less findings.

Hope this demo has given you some insight on how to configure the Flow Control with different options and helped you understand how to choose an appropriate setting for a given environment.