Network-pentest timing is critical. Pen testers are generally given two weeks to analyze. Appropriate scoping is needed to meet the deadline and provide a high-quality test.
With that in mind, here are three ways to enhance the scope of your pentests:
1. Focus on what’s most important to the client.
No network pentest is complete. A detailed evaluation of each port is impractical when several must be evaluated quickly.
Instead, consider your priorities and why you’re taking this test. SOC 2 testing? Should you attempt something new? Include all essential assets in SOC 2 testing. During pentesting cycles, it’s crucial to focus on new features or programs.
Prioritize the IP addresses, ports, and services to inspect. The pentester may take a more extensive approach to testing these “crown jewels,” looking at alternative payloads, evaluating all the services being run on them, conducting edge case tests, testing additional endpoints, enumerating the target, etc.
Scope simplifies goal-setting. You may desire a pen tester’s completion guarantee. Without scoping, they can’t offer you a solid answer. Even if all relevant IP addresses are included, a pentester may not have time to test each one. You and the pentester will agree on what to test with a well-defined scope.
2. Figure out how many IP addresses you’ll provide each penetration tester.
After determining what to test, assign testers. How many? 100 IP addresses per pentester seem sufficient. However, you won’t need 8 testers if the pentester checks 800 IP addresses.
Not all 800 IP addresses have a large attack surface, hence not all require testing. Certain IP addresses may only host a few ports or services susceptible to a zero-day attack. In most situations, only half of the ports require any examination, while the other half need more in-depth research. To manually test 800 IP addresses would take four pen testers.
Security penetration testing services can cover more ports with fewer people by automating elements of the initial reconnaissance and overall scope discovery. Safety issues remain. Automated technology may not understand custom protocols and online services. When faced with aberrant data, such technologies may provide erroneous or null results.
3. You should think about if your pentest is internal or external.
Internal or external-facing resources impact the testing and number of testers needed.
In most situations, pentesters must assign each tester to fewer hosts since internal resources must be thoroughly examined. Why? Almost every private network uses Active Directory. Active Directory compromises the complete network, including communications, IP addresses, servers, and connected networks. Evaluating internal networks requires a wider vision and greater subtlety.
Internal pentests tend to be more challenging, therefore involve pentesters in the scope design process, so they can ask you questions about your vision and testing methodology. Pentesters may ask if a simple vulnerability scan or a more complex, covert approach is appropriate for assessing whether they’ll be noticed by your network’s monitoring tools.
External pentests take less time and have fewer testers. External IP addresses are safer. External hosts are simpler to test than internal hosts due to their limited offerings. You’ve probably done pentests that hit certain targets.
Caution: If many previously examined IP addresses are in scope, the pentester will need backup. The pentester must do an extra test to find vulnerabilities in these entry points.