Methodology cleanup

2019-08-21 11:50:29 +02:00 · 2019-08-21 11:50:29 +02:00 · 1d15497bee
commit 1d15497bee
parent 0756c72a64
1 changed files with 89 additions and 47 deletions
--- a/xml/source/snippets/report/methodology.xml
+++ b/xml/source/snippets/report/methodology.xml
@ -1,49 +1,91 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<section id="methodology" xml:base="methodology.xml" break="before" inexecsummary="yes">
-    <title>Methodology</title>
-    <section id="planning">
-        <title>Planning</title>
-        <p>Our general approach during this penetration test was as follows:</p>
-        <ol>
-            <li><b>Reconnaissance</b><br/>We attempted to gather as much information as possible about the
-                target. Reconnaissance can take two forms: active and passive. A
-                passive attack is always the best starting point as this would normally defeat
-                intrusion detection systems and other forms of protection, etc., afforded to the
-                network. This would usually involve trying to discover publicly available
-                information by utilizing a web browser and visiting newsgroups etc. An active form
-                would be more intrusive and may show up in audit logs and may take the form of a
-                social engineering type of attack.</li>
-            <li><b>Enumeration</b><br/>We used varied operating system fingerprinting tools to determine
-                what hosts are alive on the network and more importantly what services and operating
-                systems they are running. Research into these services would be carried out to
-                tailor the test to the discovered services.</li>
-            <li><b>Scanning</b><br/>Through the use of vulnerability scanners, all discovered hosts would be tested
-                for vulnerabilities. The result would be analyzed to determine if there are any
-                vulnerabilities that could be exploited to gain access to a target host on a
-                network.</li>
-            <li><b>Obtaining Access</b><br/>Through the use of published exploits or weaknesses found in
-                applications, operating system and services access would then be attempted. This may
-                be done surreptitiously or by more brute force methods.</li>
-        </ol>
-    </section>
-    <section id="riskClassification">
-        <title>Risk Classification</title>
-        <p>Throughout the document, vulnerabilities or risks are labeled and
-            categorized as:</p>
-        <ul>
-            <li><b>Extreme</b><br/>Extreme risk of security controls being compromised with the possibility
-                of catastrophic financial/reputational losses occurring as a result.</li>
-            <li><b>High</b><br/>High risk of security controls being compromised with the potential for
-                significant financial/reputational losses occurring as a result.</li>
-            <li><b>Elevated</b><br/>Elevated risk of security controls being compromised with the potential
-                for material financial/reputational losses occurring as a result.</li>
-            <li><b>Moderate</b><br/>Moderate risk of security controls being compromised with the potential
-                for limited financial/reputational losses occurring as a result.</li>
-            <li><b>Low</b><br/>Low risk of security controls being compromised with measurable negative
-                impacts as a result.</li>
-        </ul>
-        <p>Please note that this risk rating system was taken from the Penetration Testing Execution
-            Standard (PTES). For more information, see:
-            <a href="http://www.pentest-standard.org/index.php/Reporting">http://www.pentest-standard.org/index.php/Reporting</a>. </p>
-    </section>
+<section id="methodology" xml:base="methodology.xml" break="before"
+  inexecsummary="yes">
+  <title>Methodology</title>
+  <section id="planning">
+    <title>Planning</title>
+    <p>Our general approach during penetration tests is as follows:</p>
+    <ol>
+      <li>
+        <b>Reconnaissance</b>
+        <br/>
+        We attempt to gather as much information as possible about the target.
+        Reconnaissance can take two forms: active and passive. A passive attack
+        is always the best starting point as this would normally defeat
+        intrusion detection systems and other forms of protection, etc.,
+        afforded to the network. This usually involves trying to discover
+        publicly available information by utilizing a web browser, visiting
+        newsgroups, etc. An active form would be more intrusive and may show up
+        in audit logs and may take the form of a social engineering type of
+        attack.
+      </li>
+      <li>
+        <b>Enumeration</b>
+        <br/>
+        We use various fingerprinting tools to determine what hosts are visible
+        on the target network and, more importantly, try to ascertain what
+        services and operating systems they are running. Visible services are
+        researched further to tailor subsequent tests to match.
+      </li>
+      <li>
+        <b>Scanning</b>
+        <br/>
+        Vulnerability scanners are used to scan all discovered hosts for known
+        vulnerabilities or weaknesses. The results are analyzed to determine if
+        there are any vulnerabilities that could be exploited to gain access or
+        enhance privileges to target hosts.
+      </li>
+      <li>
+        <b>Obtaining Access</b>
+        <br/>
+        We use the results of the scans to assist in attempting to obtain access
+        to target systems and services, or to escalate privileges where access
+        has been obtained (either legitimately though provided credentials, or
+        via vulnerabilities). This may be done surreptitiously (for example to
+        try to evade intrusion detection systems or rate limits) or by more
+        aggressive brute-force methods.
+      </li>
+    </ol>
+  </section>
+  <section id="riskClassification">
+    <title>Risk Classification</title>
+    <p>Throughout the report, vulnerabilities or risks are labeled and
+      categorized according to the Penetration Testing Execution Standard
+      (PTES). For more information, see:
+      <a href="http://www.pentest-standard.org/index.php/Reporting">
+        http://www.pentest-standard.org/index.php/Reporting
+      </a>
+    </p>
+    <p>These categories are:</p>
+    <ul>
+      <li>
+        <b>Extreme</b>
+        <br/>Extreme risk of security controls being compromised with the
+        possibility of catastrophic financial/reputational losses occurring as a
+        result.
+      </li>
+      <li>
+        <b>High</b>
+        <br/>High risk of security controls being compromised with the potential
+        for significant financial/reputational losses occurring as a result.
+      </li>
+      <li>
+        <b>Elevated</b>
+        <br/>Elevated risk of security controls being compromised with the
+        potential for material financial/reputational losses occurring as a
+        result.
+      </li>
+      <li>
+        <b>Moderate</b>
+        <br/>Moderate risk of security controls being compromised with the
+        potential for limited financial/reputational losses occurring as a
+        result.
+      </li>
+      <li>
+        <b>Low</b>
+        <br/>Low risk of security controls being compromised with measurable
+        negative impacts as a result.
+      </li>
+    </ul>
+  </section>
 </section>