Hi,
Slightly OT but there's a good overlap between the Linux community &
tools and security community & tools so I said I'd post here.
As part of a customer engagement, we have a requirement to undertake a
external penetration test on a website we operate for them. This would
involve a third-party, external to us performing a series of
vulnerability tests against the site, and returning a formal report on
the results.
The high-level requirements are as below:
The tester would ideally (but not necessarily) be:
· a network/security professional,
· who is familiar with familiar with common web application
vulnerabilities.
· If the tester is certified by any of the relevant security
organisations like CREST, ENSA, SANS, or equivalent, then so much the
better. But this is “nice to have” and not a definitive requirement.
The vulnerabilities the tester would probe for would be
“non-destructive” and based on their understanding of best practices
and most common vulnerabilities. (By “non-destructive” we mean
tests/attacks such as brute force DOS style attacks should not be
included in the test). Ideally the vulnerabilities probed would
include the some or all following:
· Cross Site Scripting
· Injection Flaws (EG: SQL, LDAP, CRLF or code injection)
· Malicious File Upload and/or Execution
· Insecure Direct Object Reference
· Cross Site Request Forgery
· Information Leakage and Improper Error Handling
· Broken Authentication and Session Management (EG: Session
ID exploits)
· Insecure Communications
· Failure to Restrict URL Access
· “Fuzzing” or Parameter Manipulation
The resulting report the tester would write would ideally be a
formal/professional document and presented in such a way that it could
be easily shared with our client. The report would include detail on:
· Methodologies used (in information gathering, port scanning,
testing, etc. Possibly with reference to appropriate standards.)
· Automated and other tools used (EG: Network discovery tools,
port scanning & service identification tools, firewall bypassing
tools, automated vulnerability scanning tools, automated exploit
tools, password cracking tools, etc)
· Tests and non-destructive attacks performed
· Categorised and prioritised “pass” or “failure” results
· Recommended remedies & workarounds
· Etc
If any of you are interested or know somebody that might be interested
please drop me a line with a brief bio, an estimate of when you think
you could start and ballpark rates.
Thanks,
Paschal.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
