All Questions
Tagged with audit penetration-test
24
questions
0
votes
2
answers
237
views
Difference between Web App Pentesting and Web App Security Audit
I'm having a hard time drawing the line between Web App pentesting vs a Web App Security Audit.
For instance, OWASP Testing Guide could be used for both of those cases.
Let's say the pentester and ...
0
votes
1
answer
196
views
Security test within a staging environment. Is SOAPUI sufficient as a test tool?
Currently I am working on a project in which I am supposed to define the following aspects as a test manager:
Conception of a penetration test for a test staging environment
Planning security ...
0
votes
2
answers
1k
views
How to perform a security test/review/penetration testing of Ethernet ports?
I have been engaged by a client who wants its Ethernet ports checked to determine whether port security is functioning effectively.
What can be the approach or steps to do check Ethernet port ...
1
vote
1
answer
197
views
Are there technical framework for IT sec audit just like there are management frameworks?
TL;DR
Are there technical frameworks (processes with checklists ruled by international standards like COBIT, ISO 27000) for IT security analysis/auditing ?
Hello,
Let's say you're a software ...
0
votes
2
answers
216
views
Securing Home Network using 3rd Party Firmware / Access Points
I've been having some trouble on my home network and thought that having a router as an AP would help fix these attacks. At first it did, but now it seems the attackers have gotten through. For all I ...
2
votes
1
answer
220
views
What information should I provide to third party pen testers - (black box penetration)
I am going to hire a third party security company for Penetration testing in our company network. I have already selected a pen testing and black box testing company to do them, but they have ...
306
votes
7
answers
45k
views
Is it normal for auditors to require all company passwords?
My company is currently engaged in a security audit framed as a pentest. They've requested all admin passwords for every one of our services and all source code of our software. They want logins for ...
1
vote
2
answers
286
views
Is it common to be audited for security, but not be given access to the audit results?
When does it make sense, or is it common to not be given access
to security audit resuts/reports when dealing with large companies
who use your software?
How can a case be made for the benefits of ...
5
votes
1
answer
195
views
Would generic exception messasges be considered a security risk?
For example, if visiting a webpage you get the response:
Error in exception handler.
This has a high chance the website is using Laravel. Would this class as information disclosure?
I'm guessing ...
0
votes
1
answer
125
views
Are There Any Measurements for Web-Application Complexity That Positively Correlates to Num. Vulnerabilities?
Web-applications have vulnerabilities. Generally, a more complex web-application has more vulnerabilities, compared with a simpler and smaller web-application. For example, white hat hackers have ...
2
votes
2
answers
605
views
Will hacking (pentesting) a live website from a VM improve or hinder my hacker anonymity?
Would a pentest initiated from a VM mounted on hard drive be more or less anonymous to IDS attack or forensically traceable?
Please note: I will be browsing via tor and kproxy and have all that ...
1
vote
2
answers
628
views
Precauations for web application security audit
We have planned to give our web application to a third party vendor,what were the precautionary measures which we need to take care before giving our application to third party vendor?
As the vendor ...
1
vote
2
answers
681
views
Determining a version of SSH from penetration testing?
I am a software developer -- but not a security specialist. A (legitimate) company that does security scans sent my company a notice that we are running an older version of SSH on our hosting server. ...
1
vote
1
answer
160
views
Questions to confirm a good standpoint on web app security?
What should be the questions asked to assess a company on web app security?
Our company is in process of partnering with another company in order to outsource web app security work to them. For us ...
1
vote
1
answer
452
views
what is an internal iso 27001 technical auditor? [closed]
i have been recently hired by an ISO 27001 certified company as an " internal ISO technical auditor".
My employer told me that my job is described as follow:
this job is created because of the need ...