when the test is an important consideration as well. For when your pen testing this should be placed in the agreement that was made prior to testing. Because when the test is just a CZ important
for a few reasons, testing that place is a large later on, a system should be done at night. If the system goes down, it gives a customer time to bring it back up before normal operating hours. This helps reduce the risk of the individual or or customer who you're testing for
If you take down a system
or a website that is used to generate revenue for what application has developed correctly, it could take a beating. However, not all Web applications were developed. A handle large amounts of malicious traffic. However, there are certain types of test that should be done during normal operating hours,
and this can be used to identify if the customers can catch the attack itself.
So if they don't have a lockout policy, for example, for passwords, the time that you would want to do a brute force attack would be during operating hours. It's not gonna place a large load on the system. This is something you will want to know if they can identify with their intrusion detection system
that they should have in place for their Web application.
Setting up times to reduce the load and to help prevent a system from going down makes a customer view you as somebody who is going to be very careful in their network.
One of the things that you're gonna come across when you were working with individuals is
their lack of understanding of exactly what you will be doing on their network,
and this will cause them to be very apprehensive. However, if you place things like specific testing times for different forms of tests
it causes people to view you as someone who is going to be safe
Many times you will have to work with systems there utilized and maintained by multiple departments
is important to develop relations with all departments that you're testing will effect
if you fail to do so and something happens, such as the Web application, crashing departments they're unsure of. You may become aggressive and tried to blame you, even if you haven't
begun testing yet. So this is something I've seen myself when going in to perform a Web application test.
You will go to the organization and start performing your tests,
and you'll start getting individuals from other departments whose
systems interact with the Web application who start becoming very aggressive and watching everything you d'oh
developing relationships weeks prior or in some cases you may not have weeks, days or a week prior with these other departments is very critical to your success and very critical
organize some kind of conference, call with them all, or call a person or two from the different departments who you may be affecting. Give them an understanding of exactly what you will be doing.
Tell them what your tests will d'oh to that network or to that system and ask them if they have any concerns. Answer any questions that they may want answered. Put their minds at ease because when you go into that network, if you don't have
good relationships with all of the departments that you may be affecting,
it's going to be a very aggressive environment When you go in there, then we may be very hard for you to get access to an area
that you may need access to. So if you need to get into a certain part of the building that houses a server
initially hired you isn't
available at that moment,
but there is somebody who was able to get you into that area. If you don't have a good relationship with them,
you're testing is effectively, effectively going to be on hold at that point.
And for the customer, you sitting around and doing nothing is just gonna look really bad on you.
So developing those relationships is going to make things very easy for you when you go to test somewhere
what was covered, we discussed gaining permission and the kind of stuff that you're gonna need to put into the agreement. We also discussed building reports.
the items that are critical for the customer to know. We also discussed window test and talked about how you want
put less of a load on the network as possible, and we also discuss working with other departments and establishing good relationships with them prior to going in testing
this portion of Web pen testing can keep you safe and make things go very easy for you to remember this stuff prior to young in testing,
happy acting, everyone.