Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- -No specific worries about security atm – they’re just looking for some confirmation of security
- -CTO Stanley Jobson – Not in the office currently, is on holiday. Will get in contact with us regarding some of the more technical questions.
- -No risk of cross contamination with other companies; data not hosted on same servers as partners
- -Social engineering – not interested in it at this time, looking for more just a technical pen test.
- -No self hosted email (they use gmail, not sure whether accounts are company provided or personal)
- -Not much off limits – only access within IP range, don’t change any info if you access databases
- -Self hosted web server for auctions. Not sure about hosting regarding promo site
- -Test the back end as well (databases, system info etc)
- -Don’t know if front end/back end are on same network, ask CTO
- -Servers on site, not sure where they are located
- -Regular backups every working day, again on weekends
- -Taking NDA with them to check over it (not final version)
- -No specific reason for pen test; not aware of any vulnerabilities
- -Stanley has server access as well as two owners
- -Clear box testing (both in the middle regarding known info)
- -Systems developed in house by CTO only
- -Employee data is company owned so employees wouldve known when they signed contract
- -Looking for all vulnerabilities available, make sure to test multiple entries to the same endpoint
- -All operations within the UK + all networks within the UK
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement