Target Considerations

Given a scenario, perform a vulnerability scan.

CONTRAINER

• Lightweight instance of a VM
• Runs on to of host OS
• Docker, Puppet, Vagrant

Applications

• Application scan
  • Dynamic Analysis
    • -target environment is running and responds to queries
  • Static Analysis
    • -scan input consists of post-execution data stores

SCANNING CONSIDERATIONS

• Time to run scans - approved schedule(planning)
• Protocols used - largely dependent on target selection
• Network topology - network layout(diagram) of test targets
• Bandwidth limitations - tolerance to impact (affects availability)
• Query throttling - slow down test iterations to avoid exceeding bandwidth
  • nmap -T
• Fragile systems/non-traditional assets
  • How to avoid impacting fragile mission critical systems?

ANALYZE SCAN RESULTS

• Asset categorization
  • Identify and rank assets by a relative value
  • Vulnerable assets with little value could be a waste of time
• Adjudication
  • Determine which results are valid
    • False positives
    • Filter out false positives
• Prioritization of vulnerabilities
  • Highest impact vulnerabilities - ease of exploit vs payoff
• Common themes
  • Vulnerabilities
  • Observations
  • Lack of best practices

QUICK REVIEW

• Know how to determine if targets are physical machines or are virtualized(i.e. footprinting)
• Be aware of client restrictions when running scans (i.e. bandwidth use, schedule, etc.)
• Don‘t waste time on results that have little value - focus on the most meaningful results
• Prioritize the highest impact vulnerabilities

Penetration Test - Survey the Target(7)

原文：https://www.cnblogs.com/keepmoving1113/p/13505548.html