1. Process

Penetration Testing Overview

Penetration Test: Authorized targeted, attack on infrastructure

Red Team Assessment: May be scenario based: Focuses on leveraging vulns for certain goals

Risk Management: Evaluate, mitigate, risks that could be damaging Reduce risk: Implementing appropriate controls, policies, measures Inherent risk: Level of risk present even with appropriate controls Vulnerability Assessments: Term for penetration tests

Automated tools Nessus, Qualys, OpenVAS:

  • Automated: Can't adapt: Manual testing has to also be done

  • Data Protection Act: Keep info private


External-facing hosts, obtain and gain access to data, internal network

  • Done with a VPN/VPS to avoid ISP blocking

Types of Testing

Essential info: Only like IP's, domains given



Computer Fraud/Abuse Act Federal: Criminal to access computer w/out auth

Hacking, id theft, malware


  • Provisions too far-reaching: Could criminalize research

  • Definitions can present on things without intent

Precautionary Measures

  • Written consent? Owner, auth representative

  • Stay in scope of consent obtained: Follow limitations

  • Take measures to prevent damage

  • Don't access, use, disclose, personal data, info obtained during test without permission

  • Don't intercept electronic comms without consent

  • Don't conduct testing on networks covered by HIPAA without authorization


Questions asked, contracts made: Clients tell us what they want

3 components: Scoping questionnaire, Pre-engagement meeting, Kick-off meeting

NDA: Non-Disclosure Agreement: must be signed by all parties

Types of NDA's

Only 1 party maintains confidentiality: Other can share info with 3rd parties

Computer Misuse Act Documents

  1. NDA: After initial contact

  2. Scoping Questionnaire: Before pre-engagement

  3. Scoping Document: During pre-engagement

  4. SoW: Scope of Work: During pre-engagement

  5. Roe: Before kick-off

  6. Contracts Agreement (physical): Before kick-off

  7. Reports: During/After test

  1. CC info - PCI (Payment Card Industry)

  2. Electronic PHI - HIPAA

  3. Private Banking Info - GLBA

  4. Gov info - FISMA

Test how far we can move in the network: What vulns we can find from internal

Last updated