Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

PenTest+ > Planning and Scooping > Flashcards

Planning and Scooping Flashcards

1
Q
  • An open-source framework for developing REST services
  • REST is a lightweight API
  • The document can provide internal info on REST services exposed to clients
A

Swagger document

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  • A set of standards used to define the content of an XML document
  • If an attacker knows the schema, they can replace some data to cause an exploit
A

XSD (XML Schema Definition)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  • Companies want to encourage developers to create applications for their platforms.
  • Doc provides info on tools (i.e., libraries, processes, code samples, etc.) used to develop software for a specific device or OS
A

SDK (Software Development Kit) documentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  • XML-based machine-readable description of HTTP-based web services.
  • Typically used with REST services
  • Can be publicly available
  • Developers put these files out there so the client can see how to use a particular service. As a pentester, this is very useful for determining services being used and the parameters they expect
A

Web Application Description Language (WADL) documentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  • XML-based machine-readable description of HTTP-based web services.
  • Typically used with SOAP services
  • Can be publicly available
  • Developers put these files out there so the client can see how to use a particular service. As a pentester, this is very useful for determining services being used and the parameters they expect
A

Web Services Description Language (WSDL) documentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  • This is the business agreement between the pentesting company and the client
  • Here all business details are specified
  • How the billing process is going to work
  • How any potential legal conflicts will be resolved (i.e. what state jurisdictions will be used)
A

Master Service Agreement (MSA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  • Here we define the work tasks we are going to accomplish for the client (what’s in scope)
  • Typically, this document is a part of the MSA
A

Statement of Work (SOW)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  • During the assessment, we the pen tester will probably be exposed to confidential or proprietary company info
  • This agreement defines restrictions as to what info can be shared publicly
  • It can also be bi-lateral
A

Non-Disclosure Agreement (NDA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  • Limits are put into place to control the pen tester’s activities.
  • This prevents the tester from having free reign in the environment.
  • Defines what targets are on and off-limits
  • Also defines the window of time we the pen tester are allowed to attack certain resources
A

Rules of engagement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

PenTest+ (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions