Penetration Testing Phases (Coordination – 2)
We have examined the general structure of the coordination processes, which is the 1st Phase during the Penetration Test preparations, in our article in thislink. Now, we will examine in detail one of the issues that will be discussed during the meeting.
***During the determination of the Scope*** within the coordination processes we mentioned, the security company providing the service asks some questions in order to reveal the purpose of the company receiving the service. Below, we will explain the questions that may be asked depending on the type of test to be performed. The company that will receive the service should prepare for the answers to these questions before the coordination meeting, in order to avoid any uncertainties that may arise during the meeting.
Network Test
- Why will the company have its system personnel perform network testing?
- Is network testing done out of obligation to meet a standard?
- During which time periods does the company find it more appropriate to actively conduct the test?
- During business hours?
- After hours?
- On weekends?
- How many total IP addresses will be tested?
- How many internal network IP addresses will be tested?
- What is the number of external network IP addresses to test?
- Is there a Firewall, IPS / IDS or Load Balancer system in the Network topology to be tested?
- If the system can be logged in, how will the testing team act?
- Will a local vulnerability scan be performed on the logged-in system?
- Will efforts be made to become the most authorized user in the system to which access is provided?
- Will dictionary attacks be performed to obtain passwords on the system that is being accessed?
Web Application Testing
- How many applications will be tested?
- How many login systems will be tested?
- How many static pages will be tested?
- How many dynamic pages will be tested?
- Will the source codes of the application to be tested be provided?
- Will any documentation regarding the application be provided?
- If the answer is yes, what are these documents?
- Will static analyzes be performed on the application?
- What are the other topics requested?
Wireless Network Test
- How many wireless networks are in the system?
- Which of these will be tested?
- Is there a wireless network in the system for guest use?
- What are the encryption techniques of wireless networks?
- Will users connected to guest networks be tested?
- What are the broadcast distances of wireless networks?
- How many people on average use these wireless networks?
Physical Security Tests
- What are the number and locations of testing venues?
- Is the testing location shared with other units?
- How many floors are there in the venue?
- Which of the floors are included in the scope?
- Are there security guards at the venue that you have to pass through?
- What are the equipment status and powers of the officers?
- Is security service received from a 3rd party company?
- How many entrances does the venue have?
- Are there any video recording security measures?
- Will the testing team test access to video recorders?
- Is there an alarm system?
Social Engineering Test
- Will an email address list be provided for Social Engineering tests?
- Will a list of phone numbers be provided for Social Engineering tests?
- Is physical access to the system granted as a result of social engineering?
Questions related to the above mentioned tests can be expanded. It is also possible to differentiate based on experience.