101 lines
2.7 KiB
Markdown
Executable File
101 lines
2.7 KiB
Markdown
Executable File
# Requirements
|
|
Scope
|
|
- What will be tested
|
|
- Start and End dates
|
|
- Customer Objectives
|
|
- Strategic and Operational goals
|
|
- Ensure requirements and expectations of customers being met
|
|
|
|
Rules of Engagement
|
|
- Detailed stages
|
|
- Who is authorised
|
|
- On or off site
|
|
- Formal "permission to test" authorised
|
|
|
|
Legal Signoff
|
|
|
|
## Scope
|
|
|
|
- Identify type of tests
|
|
- Network, web, wireless, physical, social engineering
|
|
- Capabilities of target organisation to be tested. Detect and respond to:
|
|
- Info gathering
|
|
- Footprinting
|
|
- Scanning and vulnerability analysis
|
|
- Infiltration
|
|
- Data aggregation
|
|
- Data exfil
|
|
- Immature (NIST T1) would benefit from a vulnerability analysis than a full pentest
|
|
|
|
- Identify outsourced services
|
|
- In scope?
|
|
- Permission?
|
|
- Procedures and requirements?
|
|
- What to do if vulnerability found?
|
|
- Identify policies of any ISP or MSSP
|
|
- In scope?
|
|
- Need to be notified?
|
|
- Identify existing controls (firewall, IDS/IPS, web application firewall, load balancer)
|
|
- In scope?
|
|
|
|
# Types of Test
|
|
|
|
- Why customer has pentest performed against env?
|
|
- Required for compliance?
|
|
- When does customer want active testing conducted?
|
|
- During business hours or out?
|
|
- How many IPs tested (internal/external)
|
|
- How should testing team proceed if vulnerability found?
|
|
|
|
## Web Application Pentest
|
|
|
|
- How many applications being assessed?
|
|
- How many login systems being assessed?
|
|
- How many static pages being assessed?
|
|
- How many dynamic pages being assessed?
|
|
- Static analysis?
|
|
- Source code available?
|
|
- Documentation?
|
|
|
|
## Wireless Network Pentest
|
|
|
|
- How many wireless networks?
|
|
- Guest network? Authentication?
|
|
- Encryption used and type?
|
|
- Square footage of coverage?
|
|
- Enumeration of rogue devices?
|
|
- Assessing wireless attacks against clients?
|
|
- How many clients on network?
|
|
|
|
## Physical Pentest
|
|
|
|
- How many locations?
|
|
- Physical or shared facility? If so, floors in scope.
|
|
- Need permission?
|
|
- Security guards? Who do they work for? What are terms of reference?
|
|
- Reasonable force? Armed?
|
|
- How many entrances to building
|
|
- Local laws?
|
|
- Square footage?
|
|
- Physical security documented?
|
|
- Video surveillance?
|
|
- Alarm system? Silent? How triggered?
|
|
|
|
## Social Engineering
|
|
|
|
- List of email addresses client wants attacked
|
|
- List of phone numbers?
|
|
- Approved? How many targeted
|
|
- Chosen pretexts approved in writing beforehand.
|
|
|
|
# Questions
|
|
|
|
## For company
|
|
|
|
- Manage aware?
|
|
- Main datum that would create greatest risk to organisation if exposed, corrupted or deleted?
|
|
- If ISMS, will have risk register.
|
|
- If no ISMS, lack maturity for test to be meaningful.
|
|
- Testing and validations procedures to verify applications functioning in place?
|
|
- Testers have access to QA testing procedures from when application developed?
|
|
- Disaster Recovery Procedures in place for application data. |