What should you do after your penetration testing report ?

What to do after your penetration testing report

Jul 12th 2021

What should you do after your penetration testing report?

After receiving your penetration testing report, you should pay close attention to the remediation guidance provided. Your penetration testing provider has given these recommendations with the effectiveness of your security strategy in mind.

Here are some activities that will help you get the most value after receiving your penetration testing report from Sentrium.

Cleaning up your environment

Our consultants are trained to perform a thorough clean-up of environments that have been assessed, such as removing any files or software we use during the penetration test.

Any accounts that have been created for the purpose of your assessment should be deactivated and removed. Firewall rules and any other network or system changes should be reverted to their original state.

We will communicate which accounts or environment changes we have requested at the end of our penetration testing process.

Where test data is provided, for example, a populated table within a database to support web application testing, test data should be removed before the application leaves development and enters production. 

In cases where files have been written to systems through applications, you’ll be consulted to:

  • Verify the files exist on the device 
  • Confirm the presence of unrestricted file upload vulnerabilities
  • Decide if further investigation should take place to establish if the vulnerability has been exploited maliciously.

Monitoring activity and reviewing logs

A crucial part of a security assessment, particularly infrastructure and web application assessments, is monitoring activity and reviewing system or application logs once the assessment has been completed.

This shows how your security solutions are performing, and what to look out for if you suspect suspicious activity or compromise.

Device and application logs can contain an overwhelming volume of information. We recommend that you review them frequently to identify attacks that may have bypassed any security solutions. This will allow you to improve your security posture by creating new or modifying existing rules and configurations to prevent attacks in the future.

By reviewing activities performed by us during an assessment, you can increase your awareness of advanced techniques and potentially identify previously unknown breaches. 

Comparing the testing IP addresses and domains used by our consultants will allow you to quickly identify the log entries created by our activity and those that aren’t. This can indicate whether you’re actively being targeted, or if users are visiting malicious websites.

Many large organisations operate a Security Operations Centre (SOC), either internally or as a service provided by an external partner. The SOC monitors and analyses activity to detect malicious patterns and react to incidents quickly. A security assessment can help you to identify whether aSOC is operating effectively, and any areas that require improvement if any activity is missed.

Remediation plan

Once a security assessment is complete, you’ll receive a detailed report of any findings which will be categorised by a severity rating. A remediation plan should be created to implement fixes for any vulnerabilities we may have discovered, where priority should be given to issues of higher severity.

This doesn’t mean that less severe issues should be ignored. You may consider deadlines for remediation of issues to ensure that all issues are dealt with in a timely manner.

Considerations

Security assessments can reveal issues that may impact business operations when controls are implemented to remediate them. It’s important to consider the environment in which these controls are implemented, and to establish whether they might have an impact that should be addressed before a change can be made.

For example, during a web application assessment, we may discover that the web service is provided by an old or vulnerable version of Microsoft Internet Information Services (IIS). The likely recommendation would be to upgrade to the latest stable version of the affected software.

This may have unintended conflicts with other software packages that cause stability or performance issues. It’s important to consider whether recommendations are appropriate and achievable in the context of your environment, and to fully test any changes before they’re deployed.

Quick fixes

Some issues in the penetration testing report can be remediated either partially or in full by implementing small changes that don’t require significant effort or cost.

For example, if we discovered a Cross-Site Scripting vulnerability within a web application, Web Application Firewall (WAF) rules may be implemented that block requests based on their content or origin while a more robust fix is implemented in the application code. Careful consideration should be taken if this is the route you intend to take, as filters may be bypassed if not implemented correctly.

Issues such as outdated or vulnerable operating system versions may be mitigated by restricting network access to the system, which will reduce its attack surface whilst efforts are made to upgrade the software.

Sentrium will provide recommendations for quick fixes (where appropriate), to support remediation activities that are sometimes complex and require significant effort.

Continuous improvement

You have to evolve with the changing threat landscape to stay ahead and maintain a strong security posture. You should implement policies that set out requirements, processes, and timescales for patch management.

Consider all systems within your organisation. We frequently see these examples of systems that are not effectively patched:

  • Network devices, such as switches and routers 
  • Infrastructure management systems, such as network-connected backup solutions, storage controllers and remote server management controllers (HP iLO / DELL iDRAC)
  • Web application libraries and service software 
  • Third-party software packages on End User Devices (EUDs) and servers 

We will make recommendations towards security best practice for your specific environment and issues. Use this knowledge to ensure that any future projects are built with security in mind and security best practices are adhered to.

Where penetration tests frequently highlight similar issues across different environments, it may be appropriate to consider an underlying cause. This could be reliance on a software version or a lack of appropriate training for IT staff who are unfamiliar with a certain technology.

Finally, we advise you to perform retesting once issues have been resolved. This process will confirm whether remediation has been effective, or if further work is required. We often suggest regular (bi-annual or annual) testing of critical or frequently changing environments, to detect issues that arise because of new vulnerabilities or changes.Sentrium is a CREST-approved penetration testing provider. We can provide you with gold standard penetration testing services that address your unique requirements. Get in touch with us if you have any further questions about penetration testing.

Introduction to Windows 11 (Beta) Security

Introduction to Windows 11 (Beta) Security

HTTP/3 and QUIC: A new era of speed and security

HTTP/3 and QUIC: A new era of speed and security?

Microsoft reports open redirection phishing tactic

Microsoft reports open redirection phishing tactics

Fortinet WAF allows remote code execution

Fortinet WAF allows remote code execution

Microsoft Exchange Bugs

Microsoft Exchange Proxy Vulnerabilities

PetitPotam: Windows AD CS NTLM Relay Attack

PetitPotam: Windows AD CS NTLM Relay Attack

What is penetration testing and why is it important to use a CREST-approved provider?

What is penetration testing and why is it importa...

How to prepare your business for secure cloud migration

How to prepare your business for secure cloud mig...

How secure use of the cloud can transform your business

How secure use of the cloud can digitally transfo...

What is crest and how does it benefit you?

What is CREST and what are the benefits of using ...

How can the 10 steps to cyber security help to protect your organisation?

How can the 10 steps to cyber security help to pr...

The importance of cyber security

Celebrating Sentrium’s contribution to cyber secu...

What is OWASP Application Security

What is OWASP application security?

Pentration testing report

What should you do after your penetration testing...

Protect against a phishing attack

How to protect against a phishing attack

Secure data in cloud computing

How to secure data in cloud computing

The Security risks of cloud computing

What are the security risks of cloud computing?

Maintain security when employees work remotely

How to maintain security when employees work remo...

Identify and avoid phishing attacks

How to identify and avoid phishing attacks

Penetration testing

What is penetration testing and why is it important?
  • Left Arrow Icon
  • Right Arrow Icon