- Web Penetration Testing with Kali Linux(Third Edition)
- Gilberto Najera Gutierrez Juned Ahmed Ansari
- 150字
- 2021-06-24 18:44:50
Status meeting and reports
Communication is key for a successful penetration test. Regular meetings should be scheduled between the testing team and the client organization and routine status reports issued by the testing team. The testing team should present how far they have reached and what vulnerabilities have been found up to that point. The client organization should also confirm whether their detection systems have triggered any alerts resulting from the penetration attempt. If a web server is being tested and a WAF was deployed, it should have logged and blocked attack attempts. As a best practice, the testing team should also document the time when the test was conducted. This will help the security team in correlating the logs with the penetration tests.
WAFs work by analyzing the HTTP/HTTPS traffic between clients and servers, and they are capable of detecting and blocking the most common attacks on web applications.
推薦閱讀
- Citrix XenApp Performance Essentials
- Modern Web Testing with TestCafe
- FreeRTOS實(shí)時(shí)內(nèi)核應(yīng)用指南
- Persistence in PHP with the Doctrine ORM
- 精解Windows 8
- 計(jì)算機(jī)系統(tǒng)開發(fā)與優(yōu)化實(shí)戰(zhàn)
- 嵌入式Linux應(yīng)用開發(fā)菜鳥進(jìn)階
- Windows 7案例教程
- OpenSolaris設(shè)備驅(qū)動(dòng)原理與開發(fā)
- 寫給架構(gòu)師的Linux實(shí)踐:設(shè)計(jì)并實(shí)現(xiàn)基于Linux的IT解決方案
- Heroku Cloud Application Development
- Learning Continuous Integration with Jenkins(Second Edition)
- Windows Server 2008組網(wǎng)技術(shù)與實(shí)訓(xùn)(第3版)
- Zabbix監(jiān)控系統(tǒng)之深度解析和實(shí)踐
- OpenHarmony開發(fā)與實(shí)踐:基于紅莓RK2206開發(fā)板