zoukankan      html  css  js  c++  java
  • Penetration Test

    Communication

    IMPPORTANCE OF COMMUNICATION
    • Good communication is critical to the penetration test success
    • Most penetration tests should be conducted openly
      • Unless discretion is a stated goal
    • Cooperation is enhanced with communication
    • Who authorizes the project and provides funding?
    • Who should be contacted if unexpected consequences occur?
    • Who will resolve conflicts?
    • Who will provide required technical assistance?
    • How will you escalate issues that are not resolved in a timely manner?
    • Communication timing and frequency
    • Communication triggers
      • Critical findings - something that really can't wait
      • Stages - moving from one phase to another
      • Indicators of prior compromise - finding evidence that an attacker has already been here
      • Other defined milestones or events
        • Periodic reports
        • Critical tests started/completed
        • Obstacles put in place/removed(i.e. affect on operations)
    REASONS FOR COMMUNICATION
    • Situational awareness - most common recurring reason
    • De-escalation - information or action is needed to reduce critical risk
    • De-confliction - resolve conflict of any type
      • Pen test team vs operations/users
      • Pen test team vs service provider
      • Pen test team vs management
    • Goal reprioritization - changes to pen testing plan
      • Unexpected impact
      • Unexpected findings
      • Organizational changes - management change, merger, acquisition
      • Conflict with team, management, resources, etc.
    • All changes must follow change procedures
    QUICK REVIEW
    • Good communication is critical to pen test project success
    • Managing communication expectations, including frequency, reduces conflict
    • Define triggers that initiate communication
    相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
  • 相关阅读:
    socket
    IPv4 IPv6
    2变量与基本类型之const限定符
    15面向对象程序设计
    深度探索C++对象模型之第三章:数据语义学
    线段树(成段更新) 之 poj 3468 A Simple Problem with Integers
    USACO 之 Section 1.1 Ad Hoc Problems (已解决)
    构造字符串 之 hdu 4850 Wow! Such String!
    模拟 + 最短路 之 hdu 4849 Wow! Such City!
    简单题(需要注意一个细节) 之 hdu 4847 Wow! Such Doge!
  • 原文地址:https://www.cnblogs.com/keepmoving1113/p/14156931.html
Copyright © 2011-2022 走看看