Penetration Testing with Kali Linux OffSec
|
|
Listing 31 - Explaining a vulnerability
Several paragraphs of this type may be required, depending on the number and kind of vulnerabilities we found. Use as many as necessary to illustrate the trends, but try not to make up trends where they don’t exist. Finally the Executive Summary should conclude with an engagement wrap-up: "These vulnerabilities and their remediations are described in more detail below. Should any questions arise, OffSec is happy to provide further advice and remediation help." Listing 32 - Concise conclusion We should mention here that not all penetration testers will offer remediation advice, and not all clients will expect it. That said, we believe that the most effective relationships are those between clients and vendors that do work on that level together. 5.2.4 Testing Environment Considerations The first section of the full report should detail any issues that affected the testing. This is usually a fairly small section. At times, there are mistakes or extenuating circumstances that occur during an engagement. While those directly involved will already be aware of them, we should document them in the report to demonstrate that we’ve been transparent. It is our job as penetration testers and consultants to inform the client of all circumstances and limitations that affected the engagement. This is done so that they can improve on the next Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 106 iteration of testing and get the most value for the money they are paying. It is important to note that not every issue needs to be highlighted, and regardless of the circumstances of the test, we need to ensure the report is professional. We’ll consider three potential states with regard to extenuating circumstances: • Positive Outcome : “There were no limitations or extenuating circumstances in the engagement. The time allocated was sufficient to thoroughly test the environment.” • Neutral Outcome : “There were no credentials allocated to the tester in the first two days of the test. However, the attack surface was much smaller than anticipated. Therefore, this did not have an impact on the overall test. OffSec recommends that communication of credentials occurs immediately before the engagement begins for future contracts, so that we can provide as much testing as possible within the allotted time.” • Negative Outcome : “There was not enough time allocated to this engagement to conduct a thorough review of the application, and the scope became much larger than expected. It is recommended that more time is allocated to future engagements to provide more comprehensive coverage.” The considerations we raise in this section will allow both us and the client to learn from mistakes or successes on this test and apply them to future engagements. 5.2.5 Technical Summary The next section should be a list of all of the key findings in the report, written out with a summary and recommendation for a technical person, like a security architect, to learn at a glance what needs to be done. This section should group findings into common areas. For example, all weak account password issues that have been identified would be grouped, regardless of the testing timeline. An example of the structure of this section might be: • User and Privilege Management • Architecture • Authorization • Patch Management • Integrity and Signatures • Authentication • Access Control • Audit, Log Management and Monitoring • Traffic and Data Encryption • Security Misconfigurations Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 107 An example of a technical summary for Patch Management is as follows: 4. Patch Management Windows and Ubuntu operating systems that are not up to date were identified. These are shown to be vulnerable to publicly-available exploits and could result in malicious execution of code, theft of sensitive information, or cause denial of services which may impact the infrastructure. Using outdated applications increases the possibility of an intruder gaining unauthorized access by exploiting known vulnerabilities. Patch management ought to be improved and updates should be applied in conjunction with change management. Yüklə Dostları ilə paylaş:
|