Hey everyone, I have a question regarding external infrastructure/network pen testing, or more accurately, I'd like to understand the definition of an external infrastructure/network pen test of a company.
Let's say there's a company who require an external infrastructure pen test, they have multiple branches each with computers, printers, various servers for file sharing, a web server etc. My understanding would be the scoped area would be all externally facing IP addresses of those servers, printers, networks etc. So if for example they have a server with files which was accessible externally, you'd scan the IP of that server and look into what software is installed, how it's configured and find potential ways into that server. Is that right?
My confusion lies with cloud based services. Let's say that same company no longer has a physical onsite server for their file sharing, but instead uses Amazon buckets for all their files, would this also be included in an external infrastructure pen test or would it fall under another category such as 'cloud pen testing?
Thank you
[link] [comments]
from hacking: security in practice https://ift.tt/JFQWAcD
Comments
Post a Comment