Remerciez-le!

Remerciez @Admin pour avoir partagé cet document gratuitement, de la manière la plus simple, en partageant sur les réseaux sociaux.

Reporting guide 1 eLearnSecurity - Reporting guide ?? V Armando Romeo eLearnSecurity ? CIT Security Training Solutions www elearnsecurity com contactus elearnsecurity com Summary Summary Introduction Contracts and legal issues Non disclosure and no compet

eLearnSecurity - Reporting guide ?? V Armando Romeo eLearnSecurity ? CIT Security Training Solutions www elearnsecurity com contactus elearnsecurity com Summary Summary Introduction Contracts and legal issues Non disclosure and no compete Memorandum of Understanding Data retention Rules of engagement Reporting Introduction Structure of a report Executive Summary Vulnerability report Remediation plan Logs Conclusions Reporting guide v eLearnSecurity ? CIT Security Training Solutions www elearnsecurity com contactus elearnsecurity com Introduction When you are hired to test the security of networks and applications you are asked to provide x A comprehensive overview of the client ? s state of the security x An exhaustive and detailed survey of the security issues you encountered x The best possible solutions to the above Your client and sometimes even your boss are not aware of penetration testing techniques exploitation schemes or tools Whether you are employed as a penetration tester or you are a freelance you should be able to understand what your counterpart is asking you and what is expecting from you A good understanding of the client ? s expectations at the moment of signing the contract is a milestone that you cannot miss Contracts and legal issues The client may begin your business relationship with giving you a contract for what their expectations and requirements are for you to do business with them It is very important to review this contract in detail with Legal Counsel in order to fully understand what is acceptable to the company you will be working with and any limitations they may put on you Non disclosure and no compete These contracts generally contain Non- Disclosure agreements which protect the client the organization contracting you from you making any information regarding the company information public or using their name in any press releases without their consent You have to understand that non disclosure agreements pertain not only data included in the report but also any data that you as a penetration tester will have access to during your engagement Employing a strict policy on data leakage on your penetration testing environment is critical in these cases full disk encryption physical access control to your machines patched and up to date software and so on Another thing to look for in any contract is a No Compete clause No Compete clauses are generally used to ensure you do not do work with any competitor to an organization While normal contracts may not carry a No Compete clause some consulting engagements have them as standard language Reporting guide v eLearnSecurity ? CIT Security Training Solutions www elearnsecurity com contactus elearnsecurity com If there is a No Compete clause be sure to get your legal counsel to assist you and ensure that this clause does not preclude you from being able to gain employment at other organizations for which your business may actively solicit Also understand that this conduct by your client is very common in certain environment and it is not a mistrust act against you Memorandum of