Planning and Scoping Flashcards
1
Q
Questions to understand the scope of the pentest?
A
- How many IPs will be tested?
- How many assets?
- How many URLs? How many pages per URL?
- Are there any Web Application Firewalls or next gen firewalls?
2
Q
Types of Pentest
A
- External network Pentest
- Internal Network Pentest
- Web Application Pentest
- Mobile App Pentest
- IoT/SCADA Pentest
- Red Team exercise
3
Q
Testing visibility
A
- Black Box
- Grey Box
- White Box
4
Q
Black box Testing
A
No information provided about the system.
Only IP addresses or URL
Simulates a hacker
5
Q
Grey box testing
A
- Some level access to the application
- Credentials to access parts of the application
- Simulate a hacker with an initial foothold
6
Q
ROE
A
Rules of Engagement:
- Attacking scopes
- Attacking rules
- Network limitations
- Testing time
- Emergency contacts
- Integrity/privacy requirement
7
Q
A