1.2 Planning & Scoping Flashcards
Explain the importance of scoping and organizational/customer requirements.
What should be tested in a company’s network and why?
The local are network (LAN) should be tested, as well as the wireless local area networks (WLANs), because they have become more pervasive.
What guidelines should be defined prior to testing a company’s applications?
-The client will need to either provide a percentage or discrete value of total number of web pages or forms that require user interaction.
-Depending on the application, the team should obtain a variety of roles and permissions so each role can be tested.
Why can mobile applications be targets?
Because they house sensitive data, such as credit card numbers. Also they have many vulnerabilities such as insecure communications and weak cryptography and they represent an additional attack vector.
What is important prior to testing in the cloud?
The team will need to obtain proper permissions from the provider and determine what type of testing is allowed. In addition, they need to get a complete understanding of what is hosted and how the cloud is used.
Name 5 assets that can be included in the scope of a PenTest.
-Internet Protocol (IP) addresses
-Domains and/or subdomains
-Application programming interfaces (APIs): either public facing applications, or those that allow access to the details of a specific user.
-Users: susceptible to social engineering and are generally considered the easiest attack vector.
-Service Set Identifiers (SSID): this can be a target when an attacker is attempting to access a wireless network.
Describe what an on-site location is in terms of an in-scope asset.
An asset that is physically located where an attack is being carried out. On-site testing can include attempting to compromise a business’s physical barriers to gain access to systems, server rooms, infrastructure and employees.
Describe what an off-site location is in terms of an in-scope asset.
An asset that provides a service for a company but is not necessarily located at the same place, such as remote offices and/or satellite locations. These locations can be a softer target as they are less likely to have many security controls as headquarters.
What are external assets?
These are assets that are visible on the internet, such as a web site, web application, email or DNS server. These are not good for attacks that require direct access to the network segement.
What are internal assets?
These can be accessed from within the organization. If direct access to the internal network can be established, this asset is an excellent candidate for all attack types.
What is the difference between first-party hosted- and third-party hosted assets?
First-party hosted assets are hosted by the client organization, whereas third-party hosted assets are hosted by a vendor or partner of the client organization. The former is more likely to be an easier attack target, because they tend to have less stringent security controls than service providers.
What can be the rules of engagement?
-Time of day: there may be time of day restrictions when no testing is allowed, as it may impact potential services and cause an outage. Alternatively it is also possible to test during normal business hours to assess the organization’s reaction to attacks.
-Allowable test: the team needs to determine what type of tests are allowed and what is not.
Other restrictions: there can also be other restrictions such as technical or location constraints.
What is an Unknown Environment Testing strategy?
Also known as a Black-Box test, this is when the PenTesting team is completely in the dark; no information is presented to the team prior to testing. This mimic’s what an actual threat actor will need to do before launching any attacks.
What is a Partially Known Environment Testing strategy?
Also known as a Grey-Box test, this is commonly used to test web applications for security vulnerabilities. The team is given some information, so they can focus on specific issues related to system defects or improper usage of applications.
What is a Known Environment Testing strategy?
Also known as a White-Box test, this is when the team is given all details of the network and applications.
What are the most important elements to review with the client prior to starting the PenTest?
-Scope and in-scope assets
-What is excluded
-Strategy
-Timeline to complete testing and any constraints
-Any restrictions or applicable laws
-Third-party providers, services or off-site locations
-Communication and updates.
