1.2 Planning & Scoping Flashcards

Explain the importance of scoping and organizational/customer requirements.

1
Q

What should be tested in a company’s network and why?

A

The local are network (LAN) should be tested, as well as the wireless local area networks (WLANs), because they have become more pervasive.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What guidelines should be defined prior to testing a company’s applications?

A

-The client will need to either provide a percentage or discrete value of total number of web pages or forms that require user interaction.
-Depending on the application, the team should obtain a variety of roles and permissions so each role can be tested.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Why can mobile applications be targets?

A

Because they house sensitive data, such as credit card numbers. Also they have many vulnerabilities such as insecure communications and weak cryptography and they represent an additional attack vector.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is important prior to testing in the cloud?

A

The team will need to obtain proper permissions from the provider and determine what type of testing is allowed. In addition, they need to get a complete understanding of what is hosted and how the cloud is used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Name 5 assets that can be included in the scope of a PenTest.

A

-Internet Protocol (IP) addresses
-Domains and/or subdomains
-Application programming interfaces (APIs): either public facing applications, or those that allow access to the details of a specific user.
-Users: susceptible to social engineering and are generally considered the easiest attack vector.
-Service Set Identifiers (SSID): this can be a target when an attacker is attempting to access a wireless network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Describe what an on-site location is in terms of an in-scope asset.

A

An asset that is physically located where an attack is being carried out. On-site testing can include attempting to compromise a business’s physical barriers to gain access to systems, server rooms, infrastructure and employees.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Describe what an off-site location is in terms of an in-scope asset.

A

An asset that provides a service for a company but is not necessarily located at the same place, such as remote offices and/or satellite locations. These locations can be a softer target as they are less likely to have many security controls as headquarters.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are external assets?

A

These are assets that are visible on the internet, such as a web site, web application, email or DNS server. These are not good for attacks that require direct access to the network segement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are internal assets?

A

These can be accessed from within the organization. If direct access to the internal network can be established, this asset is an excellent candidate for all attack types.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the difference between first-party hosted- and third-party hosted assets?

A

First-party hosted assets are hosted by the client organization, whereas third-party hosted assets are hosted by a vendor or partner of the client organization. The former is more likely to be an easier attack target, because they tend to have less stringent security controls than service providers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What can be the rules of engagement?

A

-Time of day: there may be time of day restrictions when no testing is allowed, as it may impact potential services and cause an outage. Alternatively it is also possible to test during normal business hours to assess the organization’s reaction to attacks.
-Allowable test: the team needs to determine what type of tests are allowed and what is not.
Other restrictions: there can also be other restrictions such as technical or location constraints.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is an Unknown Environment Testing strategy?

A

Also known as a Black-Box test, this is when the PenTesting team is completely in the dark; no information is presented to the team prior to testing. This mimic’s what an actual threat actor will need to do before launching any attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a Partially Known Environment Testing strategy?

A

Also known as a Grey-Box test, this is commonly used to test web applications for security vulnerabilities. The team is given some information, so they can focus on specific issues related to system defects or improper usage of applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a Known Environment Testing strategy?

A

Also known as a White-Box test, this is when the team is given all details of the network and applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the most important elements to review with the client prior to starting the PenTest?

A

-Scope and in-scope assets
-What is excluded
-Strategy
-Timeline to complete testing and any constraints
-Any restrictions or applicable laws
-Third-party providers, services or off-site locations
-Communication and updates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is OWASP?

A

The Open Web Application Security Project (OWASP) is an organization aimed at increasing awareness of web security and provides a framework for testing during each phase of the software development process.

17
Q

What is NIST?

A

The National Institute of Standards and Technology (NIST) is an organization that develops computer security standards used by U.S. federal agencies and publishes cybersecurity best practice guides and research, such as the Special Publication (SP) 800 series, which deals with cybersecurity policies, procedures and guidelines.

18
Q

What is OSSTMM?

A

The Open-Source Security Testing Methodology Manual (OSSTMM) is a detailed manual on security testing that provides a holistic structured approach to PenTesting. It stresses auditing, validation and verification.

19
Q

What is ISSAF?

A

The Information Systems Security Assessment Framework (ISSAF) is an open-source resource, containing multiple documents related to PenTesting, such as guidelines on business coninuity and disaster recovery along with legal and regulatory compliance.

20
Q

What is PTES?

A

The Penetration Testing Execution Standard (PTES) is a best practice guide to PenTesting, providing a comprehensive overview of the proper structure of a complete PenTest.

21
Q

What is MITRE ATT&CK?

A

MITRE conducts vulnerability research and then shares it with the general public and coordinating agencies. It’s Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) framework provides tools and techniques specific to PenTesting.