Penetration Testing

 Every pen testing engagement differs from each other & no customers are the same. It is very important, to have a clear understanding of the customer's objective, to prepare a plan that is executed during the engagement. Plan needs to be prepared with a scope to manage the schedule while maintaining the customer's expectation. Prevent scope creep - when assets are added to target list in the last minute, trying to save money & time. 

Since this assets are not part of the penetration testing engagement that is not part of the written authorization been given permission by the Senior Management scope creep is very dangerous for penetration testing engagement. 
Penetration testing is usually not trivial task, as organizations are often hesitant to allow such activities on their network until organizations has improved their security model. In all cases specific factors must be addressed during the planning phase for understanding the requirements of the engagement. 

Who are the target audience? 
It is important to understand the business purpose or function to identify the reporting levels and the responsible parties who are stakeholders for the engagement. Usually this group is made up of executive managementcontracting officer or legal representativesecurity personnelIT departmentpentesters.

A written authorization by the Executive management or Senior Management are required for any type of pentest engagement. Senior managers are responsible for an organization's overall goal and success. The contracting officer or legal representative maybe necessary to ensure legal and contractual commitments are upheld by all parties involved in the engagement. Both security personal and IT department are essential in the engagement as the organization security policy can be communicated effectively and to remediate incidental outages. Pentester vital to the success on the engagement - responsible for identifying weakness within the security structure of the organization and by simulating attacks that are applicable to organizations threat profile. Knowing all responsible parties helps establish an effective communication strategy and escalation part for remediating issues that may arise during the engagement. 

*Note: Stakeholders are information consumers. Each group will have a different understanding and expectation of the process. For instance, executive management

Labels: 

Comments

Post a Comment

Popular posts from this blog

Data Types - SQL

  SQL Data Types Data types and ranges for Microsoft Access, MySQL and SQL Server. Microsoft Access Data Types Data type Description Storage Text Use for text or combinations of text and numbers. 255 characters maximum Memo Memo is used for larger amounts of text. Stores up to 65,536 characters. Note:  You cannot sort a memo field. However, they are searchable Byte Allows whole numbers from 0 to 255 1 byte Integer Allows whole numbers between -32,768 and 32,767 2 bytes Long Allows whole numbers between -2,147,483,648 and 2,147,483,647 4 bytes Single Single precision floating-point. Will handle most decimals 4 bytes Double Double precision floating-point. Will handle most decimals 8 bytes Currency Use for currency. Holds up to 15 digits of whole dollars, plus 4 decimal places. Tip:  You can choose which country's currency to use 8 bytes AutoNumber AutoNumber fields automatically give each record its own number, usually starting at 1 4 bytes Data/Time Use for dates and ti...
Read more

Smart Monitor

A smart monitor is essentially a computer monitor with built-in features commonly found in smart TVs, like internet connectivity, apps, and multimedia functionality. Here are some of its uses: 1. Standalone Media Hub: Smart monitors come with built-in streaming apps, like Netflix, YouTube, and Hulu, allowing you to watch shows, movies, and videos directly on the monitor without needing a computer. 2. Productivity Without a PC: Many smart monitors come with office apps, cloud access (like OneDrive or Google Workspace), and even remote desktop capabilities. You can edit documents, check emails, or attend video calls without connecting to a traditional computer. 3. Wireless Connectivity: Smart monitors support wireless connectivity options, like screen mirroring and AirPlay, making it easy to cast content from your phone, tablet, or laptop. This is especially useful for presentations or collaborative work. 4. Built-in Voice Assistants: Some smart monitors integrate voice assistants (like ...
Read more

Windows 10 Hotkeys

Keypress {When these keys are pressed} Action {Results in this} Alt + Enter Display properties for the selected item. Alt + Esc Cycle through items in the order in which they were opened. Alt + F4 Close the active item, or exit the active app. Alt + F8 Show your password on the sign-in screen. Alt + Left arrow Go back. Alt + Page Down Move down one screen. Alt + Page Up Move up one screen. Alt + Right arrow Go forward. Alt + Shift + arrow keys When a group or tile is in focus on the Start menu, move it in the direction specified. Alt + Spacebar Open the shortcut menu for the active window. Alt + Tab Switch between open apps. Alt + underlined letter Perform the command for that letter. Ctrl + A Select all items in a document or window. Ctrl + Alt + Tab Use the arrow keys to switch between all open apps. Ctrl + arrow key (to move to an item) + Spacebar Select multiple individual items in a window or on the desktop. Ctrl + arrow keys Resize the Start menu when it's open. Ctrl + C (or ...
Read more