The Ethical Hacker Network - Questionnaire for Pen Test.

COm_BOY

Full Member

Offline

Posts: 129

LivinG DeaD

Questionnaire for Pen Test.

« on: May 26, 2011, 02:14:45 PM »

I require a formal questionnaire which would be provided to the client used for penetration test .

If no one is having it how about if some of you guys list up some of questions which you might ask considering the fact that pen test is of network + web app .


	Logged

It has become appallingly obvious that our technology has exceeded our humanity.

MaXe

Hero Member

Offline

Posts: 669

I've just upgraded myself to a cyborg muahahaa!!1

Re: Questionnaire for Pen Test.

« Reply #1 on: May 26, 2011, 03:41:04 PM »

Quote from: COm_BOY on May 26, 2011, 02:14:45 PM

Take a look at the OSSTMM pentest framework, or the PTES framework. If there's absolutely nothing within these..

These are some questions I might ask, to make my life easier as a Penetration Tester:
- Where is the Web App hosted? In-house or outsourced?
- Which operating system is hosting the Web App?
- What kind of possible virtualization is being used on the Web App server?
- Are you using any known CMS's and similar Web Apps, or are you using custom coded applications or a mix?
- What type of database are you using, if any?
- Which server-side language is used on the Web App server? (PHP? ASP?)
- Are you using a well known webserver, if yes, which? If not, coded in-house or via 3rd party?
- Any particular modules / add-ons you have installed on your webserver?
- Is it possible for me / us to obtain a copy of the code you host on your webserver, so we can review it for vulnerabilities?

These are of course technical questions. You might ask these questions as well:
- Are there any critical web applications, we should avoid using dangerous attacks on?
- Is there a mirrored backup server, for us to test the web application(s)?

Well, there's a lot more and these are just some of my contributions. About networks in short: Topology, Switches, Routers, Protocols, etc.

Good luck, I hope some of these questions were useful even though you should use those you believe are the right to use


	Logged

I'm an InterN0T'er

tturner

Sr. Member

Offline

Posts: 432

Re: Questionnaire for Pen Test.

« Reply #2 on: May 27, 2011, 07:42:55 AM »

That really depends, are you talking about questions for a scoping exercise?

MaXe's questions are good, but before you get to that point you need to have a clear understanding of what they are trying to protect and why. What vectors are the likeliest threats? You want to model what the customer is most likely to face and attack the assets most likely to be attacked. What is the purpose of the test? Are you testing the blue team response times and capabilities or is this test announced? Not all pentests are created equal, you really need to understand the objectives before you can even begin to structure your test.

Some questions I like to ask include:

What is my target?
What systems are in scope?
What systems are off limits?
When can I test?
When must I never test?
What tools and techniques can I use (or not use, e.g. DDOS, social engineering, physical, etc)
Who is my PoC for the test?
Is the test announced?
Where can I test from? (internal, DMZ port, internet remote site, etc)

If doing a physical test, I like to know if the security guards are armed *gulp*

Also, if possible get copies of network diagrams, application maps, past risk assessments, audits and pentests relevant to the scope of your test. It will give you a good starting point and help you understand what you need to be doing and where the customer has been. Afterall, you are another step on their security journey and you want to move them further down the road, not backwards.


	Logged

Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, OPSE, CSWAE, CSTP, VCP

WIP: OSWP, GSSP-JAVA, GXPN

Udacity on hold, again. I suck.

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org

MaXe

Hero Member

Offline

Posts: 669

I've just upgraded myself to a cyborg muahahaa!!1

Re: Questionnaire for Pen Test.

« Reply #3 on: May 28, 2011, 10:00:36 AM »

Quote from: tturner on May 27, 2011, 07:42:55 AM

Some questions I like to ask include:

What is my target?
What systems are in scope?
What systems are off limits?
When can I test?
When must I never test?
What tools and techniques can I use (or not use, e.g. DDOS, social engineering, physical, etc)
Who is my PoC for the test?
Is the test announced?
Where can I test from? (internal, DMZ port, internet remote site, etc)

I completely agree that you should ask these questions first, when defining the scope


	Logged

I'm an InterN0T'er

tturner

Sr. Member

Offline

Posts: 432

Re: Questionnaire for Pen Test.

« Reply #4 on: May 28, 2011, 08:20:32 PM »

I've seen some really badly defined scopes before. One I saw read something like "Exploit discovered vulnerabilities on organization machines" with no further clarification. Problem is target organizations often don't even understand why they are getting the test done, other than PCI or similar.


	Logged

MaXe

Hero Member

Offline

Posts: 669

I've just upgraded myself to a cyborg muahahaa!!1

Re: Questionnaire for Pen Test.

« Reply #5 on: May 29, 2011, 05:28:48 AM »

Quote from: tturner on May 28, 2011, 08:20:32 PM

Nice example

I agree that such a scope, is too vast and should be avoided. Even if it's a simulated black hat attack (with legal permission of course). A scope with no clearly defined targets, could be extremely large if it's a large enterprise corporation, that is undergoing a penetration test. (The 10'000 PC's example: If scanning all TCP ports is required, with one single machine, then it may take a very long time. Especially if all UDP ports has to be scanned too.)


« Last Edit: May 29, 2011, 05:31:23 AM by MaXe »	Logged

I'm an InterN0T'er

peta909

Newbie

Offline

Posts: 3

Re: Questionnaire for Pen Test.

« Reply #6 on: June 01, 2011, 09:23:27 PM »

I group the questions into PPT.

1. People
Know the various groups of users of the system and their roles.
E.g. Sys admins,Monitoring team

2. People
Backup processes,patch processes Incident response processes

3. Technologies
Have a system architecture diagram and data flow diagram to show how the various machines communicate with one another.


	Logged

sgt_mjc

Sr. Member

Offline

Posts: 294

Re: Questionnaire for Pen Test.

« Reply #7 on: June 04, 2011, 10:38:32 PM »

Find out what the overall objective is. Do they have a specific objective in mind or is it a free for all and just see what you can get? Oh and ask for a "Get out of jail free card".


	Logged

Mike Conway
CISSP
CompTia Security +
C|EH

Manu Zacharia (-M-)

Sr. Member

Offline

Posts: 393

c0c0n Hacking Conference - where hackers unite

Re: Questionnaire for Pen Test.

« Reply #8 on: December 15, 2011, 01:26:41 AM »

A sample questionnaire - this might help:

Penetration Testing - Scoping


	Logged

Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n

Pages: [1] Go Up

« previous next »