Defense.com

A penetration test is a critical exercise for maintaining good standards of cyber security, so it’s important that you are aware of what’s required from you to ensure a smooth and successful engagement. Here’s what to expect before, during, and after your penetration test. 

Before your test begins, make sure you have a recent backup of key systems and data. You should also let the relevant departments within your organisation know when the pen test is being carried out. Depending on the type of test being conducted, we’ll require the following information.

VPN details, including gateway URL and login credentials

Login credentials for all user role levels (authenticated tests only)

Target Employee details, including name, email address, &amp; telephone numbers (if appropriate)

The following are required to carry out an AWS configuration review:

The AWS account number in scope/sign-in URL

An IAM account we can use for testing with access &amp; credentials to the following:

       AWS Web Console (username + password)

       AWS CLI/API (Access Key ID + Access Key Secret)

The IAM account needs to have read-only privileges and access to the credential report. These permissions can be assigned using the following AWS policies:

___________________________________________________________

During the test itself, we’ll need the contact details of someone we can quickly report critical security weaknesses to. We’ll also supply details of the lead penetration tester to ensure the smooth execution of the testing activities.

After the test, you’ll need to arrange for resources to be available in order to address the issues raised in the report. The report itself is split into a high-level executive summary and a technical breakdown and includes helpful remediation advice.

Will a test interfere with a customer's business operation?

Our vulnerability analysis and manual penetration tests do not interfere in a negative way, they are non-destructive to the users and won’t affect anyone in the company.

If you’d like any more information or if you have any questions about your penetration test, please get in touch with us.

1. Before your test
 
 Before your test begins, make sure you have a recent backup of key systems and data. You should also let the relevant departments within your organisation know when the pen test is being carried out. Depending on the type of test being conducted, we’ll require the following information.
 
 External Infrastructure
 External URLs &amp; IP addresses
 
 Wireless
 SSIDs/APs
 On-site address
 
 Internal Infrastructure
 Internal URLs &amp; IP addresses
 VPN details, including gateway URL and login credentials
 
 API
 API info such as endpoints or requests
 Relevant API documentation
 Sample API requests
 
 APP
 URL &amp; IP addresses
 Login credentials for all user role levels (authenticated tests only)
 
 Social Engineering Campaigns
 Target Employee details, including name, email address, &amp; telephone numbers (if appropriate)
 
 AWS Configuration Review
 The following are required to carry out an AWS configuration review:
 
 The AWS account number in scope/sign-in URL
 An IAM account we can use for testing with access &amp; credentials to the following:
 AWS Web Console (username + password)
 AWS CLI/API (Access Key ID + Access Key Secret)
 
 The IAM account needs to have read-only privileges and access to the credential report. These permissions can be assigned using the following AWS policies:
 ReadOnlyAccess
 SecurityAudit
 
 ___________________________________________________________
 
2. During the test
 
 During the test itself, we’ll need the contact details of someone we can quickly report critical security weaknesses to. We’ll also supply details of the lead penetration tester to ensure the smooth execution of the testing activities.
 
 ___________________________________________________________
 
3. After the test
 
 After the test, you’ll need to arrange for resources to be available in order to address the issues raised in the report. The report itself is split into a high-level executive summary and a technical breakdown and includes helpful remediation advice.
 
 ___________________________________________________________
 
4. Will a test interfere with a customer's business operation?
 
 Our vulnerability analysis and manual penetration tests do not interfere in a negative way, they are non-destructive to the users and won’t affect anyone in the company.
 
 ___________________________________________________________
 
 If you’d like any more information or if you have any questions about your penetration test, please get in touch with us.

This guide will detail what is required from you for a successful penetration test to take place.