Jul 12th 2021
After receiving your penetration testing report, you should pay close attention to the remediation guidance provided. Your penetration testing provider has given these recommendations with the effectiveness of your security strategy in mind.
Here are some activities that will help you get the most value after receiving your penetration testing report from Sentrium.
Our consultants are trained to perform a thorough clean-up of environments that have been assessed, such as removing any files or software we use during the penetration test.
Any accounts that have been created for the purpose of your assessment should be deactivated and removed. Firewall rules and any other network or system changes should be reverted to their original state.
We will communicate which accounts or environment changes we have requested at the end of our penetration testing process.
Where test data is provided, for example, a populated table within a database to support web application testing, test data should be removed before the application leaves development and enters production.
In cases where files have been written to systems through applications, you’ll be consulted to:
A crucial part of a security assessment, particularly infrastructure and web application assessments, is monitoring activity and reviewing system or application logs once the assessment has been completed.
This shows how your security solutions are performing, and what to look out for if you suspect suspicious activity or compromise.
Device and application logs can contain an overwhelming volume of information. We recommend that you review them frequently to identify attacks that may have bypassed any security solutions. This will allow you to improve your security posture by creating new or modifying existing rules and configurations to prevent attacks in the future.
By reviewing activities performed by us during an assessment, you can increase your awareness of advanced techniques and potentially identify previously unknown breaches.
Comparing the testing IP addresses and domains used by our consultants will allow you to quickly identify the log entries created by our activity and those that aren’t. This can indicate whether you’re actively being targeted, or if users are visiting malicious websites.
Many large organisations operate a Security Operations Centre (SOC), either internally or as a service provided by an external partner. The SOC monitors and analyses activity to detect malicious patterns and react to incidents quickly. A security assessment can help you to identify whether aSOC is operating effectively, and any areas that require improvement if any activity is missed.
Once a security assessment is complete, you’ll receive a detailed report of any findings which will be categorised by a severity rating. A remediation plan should be created to implement fixes for any vulnerabilities we may have discovered, where priority should be given to issues of higher severity.
This doesn’t mean that less severe issues should be ignored. You may consider deadlines for remediation of issues to ensure that all issues are dealt with in a timely manner.
Security assessments can reveal issues that may impact business operations when controls are implemented to remediate them. It’s important to consider the environment in which these controls are implemented, and to establish whether they might have an impact that should be addressed before a change can be made.
For example, during a web application assessment, we may discover that the web service is provided by an old or vulnerable version of Microsoft Internet Information Services (IIS). The likely recommendation would be to upgrade to the latest stable version of the affected software.
This may have unintended conflicts with other software packages that cause stability or performance issues. It’s important to consider whether recommendations are appropriate and achievable in the context of your environment, and to fully test any changes before they’re deployed.
Some issues in the penetration testing report can be remediated either partially or in full by implementing small changes that don’t require significant effort or cost.
For example, if we discovered a Cross-Site Scripting vulnerability within a web application, Web Application Firewall (WAF) rules may be implemented that block requests based on their content or origin while a more robust fix is implemented in the application code. Careful consideration should be taken if this is the route you intend to take, as filters may be bypassed if not implemented correctly.
Issues such as outdated or vulnerable operating system versions may be mitigated by restricting network access to the system, which will reduce its attack surface whilst efforts are made to upgrade the software.
Sentrium will provide recommendations for quick fixes (where appropriate), to support remediation activities that are sometimes complex and require significant effort.
You have to evolve with the changing threat landscape to stay ahead and maintain a strong security posture. You should implement policies that set out requirements, processes, and timescales for patch management.
Consider all systems within your organisation. We frequently see these examples of systems that are not effectively patched:
We will make recommendations towards security best practice for your specific environment and issues. Use this knowledge to ensure that any future projects are built with security in mind and security best practices are adhered to.
Where penetration tests frequently highlight similar issues across different environments, it may be appropriate to consider an underlying cause. This could be reliance on a software version or a lack of appropriate training for IT staff who are unfamiliar with a certain technology.
Finally, we advise you to perform retesting once issues have been resolved. This process will confirm whether remediation has been effective, or if further work is required. We often suggest regular (bi-annual or annual) testing of critical or frequently changing environments, to detect issues that arise because of new vulnerabilities or changes.Sentrium is a CREST-approved penetration testing provider. We can provide you with gold standard penetration testing services that address your unique requirements. Get in touch with us if you have any further questions about penetration testing.