DeforaNetworks/pentext
DeforaNetworks/pentext
3
0
Fork 0
Code Releases Activity
pentext/xml/target/intermediate.fo
Peter Mosmans 30c1ad0f7a Added radicallyopensecurity/templates/xml 
This version has been tagged 'templates' in the original repository
2016-07-25 22:49:31 -07:00

146 lines
30 KiB
XML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?><fo:root xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:fo="http://www.w3.org/1999/XSL/Format" line-height-shift-adjustment="disregard-shifts"><fo:layout-master-set><fo:simple-page-master margin-top="2cm" margin-bottom="1.8cm" margin-left="2cm" margin-right="2cm" page-height="29.7cm" page-width="21.0cm" master-name="Cover"><fo:region-body margin-top="1cm" margin-bottom="1cm" region-name="region-body"/><fo:region-before precedence="true" extent="0.6cm" region-name="region-before"/><fo:region-after precedence="true" extent="0.6cm" padding="0" region-name="region-after"/></fo:simple-page-master><fo:simple-page-master margin-top="2cm" margin-bottom="1.8cm" margin-left="2cm" margin-right="2cm" page-height="29.7cm" page-width="21.0cm" master-name="Content"><fo:region-body margin-top="1cm" margin-bottom="1cm" region-name="region-body"/><fo:region-before precedence="true" extent="0.6cm" region-name="region-before"/><fo:region-after precedence="true" extent="0.6cm" padding="0" region-name="region-after"/></fo:simple-page-master><fo:page-sequence-master master-name="Report"><fo:repeatable-page-master-alternatives><fo:conditional-page-master-reference master-reference="Cover" blank-or-not-blank="not-blank" page-position="first"/><fo:conditional-page-master-reference master-reference="Content" blank-or-not-blank="not-blank"/></fo:repeatable-page-master-alternatives></fo:page-sequence-master></fo:layout-master-set><fo:page-sequence master-reference="Report"><fo:static-content font-family="LiberationSansNarrow" font-size="12pt" color="black" flow-name="region-before"><fo:block text-align="right" font-weight="bold">Confidential</fo:block></fo:static-content><fo:static-content font-family="LiberationSansNarrow" font-size="12pt" color="black" flow-name="region-after"><fo:block text-align-last="justify"><fo:page-number/>/<fo:page-number-citation ref-id="EndOfDoc"/><fo:leader leader-pattern="space"/><fo:inline font-family="LiberationSansNarrow" font-size="8pt" color="black">Chamber of Commerce
60628081</fo:inline></fo:block></fo:static-content><fo:flow font-family="LiberationSansNarrow" font-size="12pt" color="black" flow-name="region-body"><fo:block>
<fo:block text-align="center" margin-bottom="5pt"><fo:external-graphic padding-top="2cm" padding-bottom="3cm" src="url(./graphics/logo.png)" width="70mm" content-width="scale-to-fit" content-height="scale-to-fit" scaling="uniform"/></fo:block><fo:block keep-with-next.within-page="always" font-weight="bold" text-align="center" font-size="16pt" margin-bottom="1cm" background-color="orange">PENETRATION TEST REPORT</fo:block><fo:block text-align="center" margin-bottom="1cm">for</fo:block><fo:block keep-with-next.within-page="always" font-weight="bold" text-align="center" font-size="16pt" margin-bottom="6cm" background-color="silver">Full Client Name</fo:block><fo:block break-after="page"><fo:table width="100%" table-layout="fixed"><fo:table-column column-width="proportional-column-width(66)"/><fo:table-column column-width="proportional-column-width(33)"/><fo:table-body><fo:table-row><fo:table-cell><fo:block/></fo:table-cell><fo:table-cell text-align="left"><fo:block> V 0.1</fo:block><fo:block>Amsterdam</fo:block><fo:block>January 1st, 2015</fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block><fo:block keep-with-next.within-page="always" font-weight="bold" margin-bottom="5pt">Document Properties</fo:block><fo:block margin-bottom="1.5cm"><fo:table border-width="1pt" border-style="solid" border-color="black" width="100%" table-layout="fixed"><fo:table-column background-color="orange" border-width="1pt" border-style="solid" border-color="black" column-width="proportional-column-width(25)"/><fo:table-column column-width="proportional-column-width(75)"/><fo:table-body><fo:table-row border-width="1pt" border-style="solid" border-color="black"><fo:table-cell padding="2pt"><fo:block>Client</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block>Full Client Name</fo:block></fo:table-cell></fo:table-row><fo:table-row border-width="1pt" border-style="solid" border-color="black"><fo:table-cell padding="2pt"><fo:block>Title</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block>Penetration Test Report</fo:block></fo:table-cell></fo:table-row><fo:table-row border-width="1pt" border-style="solid" border-color="black"><fo:table-cell padding="2pt"><fo:block>Target</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block>Target</fo:block></fo:table-cell></fo:table-row><fo:table-row border-width="1pt" border-style="solid" border-color="black"><fo:table-cell padding="2pt"><fo:block>Version</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block> 0.1</fo:block></fo:table-cell></fo:table-row><fo:table-row border-width="1pt" border-style="solid" border-color="black"><fo:table-cell padding="2pt"><fo:block>Pentester</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block><fo:inline>FirstName LastName</fo:inline></fo:block></fo:table-cell></fo:table-row><fo:table-row border-width="1pt" border-style="solid" border-color="black"><fo:table-cell padding="2pt"><fo:block>Author</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block><fo:inline>YourName</fo:inline></fo:block></fo:table-cell></fo:table-row><fo:table-row border-width="1pt" border-style="solid" border-color="black"><fo:table-cell padding="2pt"><fo:block>Reviewed by</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block><fo:block>FirstName LastName</fo:block></fo:block></fo:table-cell></fo:table-row><fo:table-row border-width="1pt" border-style="solid" border-color="black"><fo:table-cell padding="2pt"><fo:block>Approved by</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block>Melanie Rieback</fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block><fo:block keep-with-next.within-page="always" font-weight="bold" margin-bottom="5pt">Version control</fo:block><fo:block margin-bottom="1.5cm"><fo:table border-width="1pt" border-style="solid" border-color="black" width="100%" table-layout="fixed"><fo:table-column border-width="1pt" border-style="solid" border-color="black" column-width="proportional-column-width(25)"/><fo:table-column border-width="1pt" border-style="solid" border-color="black" column-width="proportional-column-width(25)"/><fo:table-column border-width="1pt" border-style="solid" border-color="black" column-width="proportional-column-width(25)"/><fo:table-column border-width="1pt" border-style="solid" border-color="black" column-width="proportional-column-width(25)"/><fo:table-body><fo:table-row background-color="orange" border-width="1pt" border-style="solid" border-color="black"><fo:table-cell padding="2pt"><fo:block>Version</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block>Date</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block>Author</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block>Description</fo:block></fo:table-cell></fo:table-row><fo:table-row border-width="1pt" border-style="solid" border-color="black"><fo:table-cell padding="2pt"><fo:block> 0.1</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block>January 1st, 2015</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block><fo:inline>YourName</fo:inline></fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block>Initial draft</fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block><fo:block keep-with-next.within-page="always" font-weight="bold" margin-bottom="5pt">Contact</fo:block><fo:block margin-bottom="5pt">For more information about this Document and its
contents please contact Radically Open Security B.V.</fo:block><fo:block break-after="page"><fo:table border-width="1pt" border-style="solid" border-color="black" width="100%" table-layout="fixed"><fo:table-column background-color="orange" border-width="1pt" border-style="solid" border-color="black" column-width="proportional-column-width(25)"/><fo:table-column column-width="proportional-column-width(75)"/><fo:table-body border-width="1pt" border-style="solid" border-color="black"><fo:table-row><fo:table-cell padding="2pt"><fo:block>Name</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block>Melanie Rieback</fo:block></fo:table-cell></fo:table-row><fo:table-row border-width="1pt" border-style="solid" border-color="black"><fo:table-cell padding="2pt"><fo:block>Address</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block>Overdiemerweg 28</fo:block><fo:block>1111 PP Diemen</fo:block><fo:block>The Netherlands</fo:block></fo:table-cell></fo:table-row><fo:table-row border-width="1pt" border-style="solid" border-color="black"><fo:table-cell padding="2pt"><fo:block>Phone</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block>+31 6 10 21 32 40</fo:block></fo:table-cell></fo:table-row><fo:table-row border-width="1pt" border-style="solid" border-color="black"><fo:table-cell padding="2pt"><fo:block>Email</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block>melanie@radicallyopensecurity.com</fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block>
<fo:block keep-with-next.within-page="always" font-weight="bold" font-size="16pt" margin-bottom="0cm" background-color="orange" padding-right="3pt">Table of Contents</fo:block><fo:block break-after="page">
<fo:block text-align-last="justify" padding-right="3pt" background-color="orange"><fo:inline>1</fo:inline>  Executive Summary <fo:leader leader-pattern="dots" leader-alignment="reference-area" leader-length.maximum="21cm"/> <fo:page-number-citation ref-id="executiveSummary"/></fo:block><fo:block text-align-last="justify" padding-right="3pt" background-color="orange"><fo:inline>1.1</fo:inline>  Introduction <fo:leader leader-pattern="dots" leader-alignment="reference-area" leader-length.maximum="21cm"/> <fo:page-number-citation ref-id="introduction"/></fo:block><fo:block text-align-last="justify" padding-right="3pt" background-color="orange"><fo:inline>1.2</fo:inline>  Scope of work <fo:leader leader-pattern="dots" leader-alignment="reference-area" leader-length.maximum="21cm"/> <fo:page-number-citation ref-id="scope"/></fo:block><fo:block text-align-last="justify" padding-right="3pt" background-color="orange"><fo:inline>1.3</fo:inline>  Project objectives <fo:leader leader-pattern="dots" leader-alignment="reference-area" leader-length.maximum="21cm"/> <fo:page-number-citation ref-id="objectives"/></fo:block><fo:block text-align-last="justify" padding-right="3pt" background-color="orange"><fo:inline>1.4</fo:inline>  Timeline <fo:leader leader-pattern="dots" leader-alignment="reference-area" leader-length.maximum="21cm"/> <fo:page-number-citation ref-id="timeline"/></fo:block><fo:block text-align-last="justify" padding-right="3pt" background-color="orange"><fo:inline>1.5</fo:inline>  Results In A Nutshell <fo:leader leader-pattern="dots" leader-alignment="reference-area" leader-length.maximum="21cm"/> <fo:page-number-citation ref-id="resultsinanutshell"/></fo:block><fo:block text-align-last="justify" padding-right="3pt" background-color="orange"><fo:inline>1.6</fo:inline>  Summary of Findings <fo:leader leader-pattern="dots" leader-alignment="reference-area" leader-length.maximum="21cm"/> <fo:page-number-citation ref-id="findingSummary"/></fo:block><fo:block text-align-last="justify" padding-right="3pt" background-color="orange"><fo:inline>1.7</fo:inline>  Summary of Recommendations <fo:leader leader-pattern="dots" leader-alignment="reference-area" leader-length.maximum="21cm"/> <fo:page-number-citation ref-id="recommendationSummary"/></fo:block>
<fo:block text-align-last="justify" padding-right="3pt" background-color="orange"><fo:inline>2</fo:inline>  Methodology <fo:leader leader-pattern="dots" leader-alignment="reference-area" leader-length.maximum="21cm"/> <fo:page-number-citation ref-id="methodology"/></fo:block><fo:block text-align-last="justify" padding-right="3pt" background-color="orange"><fo:inline>2.1</fo:inline>  Planning <fo:leader leader-pattern="dots" leader-alignment="reference-area" leader-length.maximum="21cm"/> <fo:page-number-citation ref-id="planning"/></fo:block><fo:block text-align-last="justify" padding-right="3pt" background-color="orange"><fo:inline>2.2</fo:inline>  Risk Classification <fo:leader leader-pattern="dots" leader-alignment="reference-area" leader-length.maximum="21cm"/> <fo:page-number-citation ref-id="riskClassification"/></fo:block>
<fo:block text-align-last="justify" padding-right="3pt" background-color="orange"><fo:inline>3</fo:inline>  Reconnaissance and Fingerprinting <fo:leader leader-pattern="dots" leader-alignment="reference-area" leader-length.maximum="21cm"/> <fo:page-number-citation ref-id="recon"/></fo:block><fo:block text-align-last="justify" padding-right="3pt" background-color="orange"><fo:inline>3.1</fo:inline>  Automated Scans <fo:leader leader-pattern="dots" leader-alignment="reference-area" leader-length.maximum="21cm"/> <fo:page-number-citation ref-id="scans"/></fo:block>
<fo:block text-align-last="justify" padding-right="3pt" background-color="orange"><fo:inline>4</fo:inline>  Pentest Technical Summary <fo:leader leader-pattern="dots" leader-alignment="reference-area" leader-length.maximum="21cm"/> <fo:page-number-citation ref-id="techSummary"/></fo:block><fo:block text-align-last="justify" padding-right="3pt" background-color="orange"><fo:inline>4.1</fo:inline>  Findings <fo:leader leader-pattern="dots" leader-alignment="reference-area" leader-length.maximum="21cm"/> <fo:page-number-citation ref-id="findings"/></fo:block><fo:block text-align-last="justify" padding-right="3pt" background-color="orange"><fo:inline>4.2</fo:inline>  Non-Findings <fo:leader leader-pattern="dots" leader-alignment="reference-area" leader-length.maximum="21cm"/> <fo:page-number-citation ref-id="nonFindings"/></fo:block>
<fo:block text-align-last="justify" padding-right="3pt" background-color="orange"><fo:inline>5</fo:inline>  Future Work <fo:leader leader-pattern="dots" leader-alignment="reference-area" leader-length.maximum="21cm"/> <fo:page-number-citation ref-id="futurework"/></fo:block>
<fo:block text-align-last="justify" padding-right="3pt" background-color="orange"><fo:inline>6</fo:inline>  Conclusion <fo:leader leader-pattern="dots" leader-alignment="reference-area" leader-length.maximum="21cm"/> <fo:page-number-citation ref-id="conclusion"/></fo:block>
<fo:block text-align-last="justify" padding-right="3pt" background-color="orange"><fo:inline> Appendix 1</fo:inline>  Testing team <fo:leader leader-pattern="dots" leader-alignment="reference-area" leader-length.maximum="21cm"/> <fo:page-number-citation ref-id="testteam"/></fo:block>
</fo:block>
<fo:block margin-bottom="1.5cm" id="executiveSummary">
<fo:block keep-with-next.within-page="always" font-weight="bold" font-size="16pt" margin-bottom="1cm" background-color="orange"><fo:inline>1</fo:inline>   Executive Summary</fo:block>
<fo:block margin-bottom="1.5cm" id="introduction">
<fo:block keep-with-next.within-page="always" font-weight="bold" font-style="italic" font-size="14pt" margin-bottom="0.8cm" background-color="silver"><fo:inline>1.1</fo:inline>   Introduction</fo:block>
<fo:block margin-bottom="5pt">...</fo:block>
<fo:block margin-bottom="1.5cm">This report contains our findings as well as detailed explanations
of exactly how ROS performed the penetration test.</fo:block>
</fo:block>
<fo:block margin-bottom="1.5cm" id="scope">
<fo:block keep-with-next.within-page="always" font-weight="bold" font-style="italic" font-size="14pt" margin-bottom="0.8cm" background-color="silver"><fo:inline>1.2</fo:inline>   Scope of work</fo:block>
<fo:block margin-bottom="5pt">The scope of the penetration test was limited to the following
target:</fo:block>
<fo:list-block margin-bottom="5pt" provisional-distance-between-starts="0.75cm" provisional-label-separation="2.5mm" space-after="12pt" start-indent="1cm"><fo:list-item><fo:list-item-label end-indent="label-end()"><fo:block><fo:inline></fo:inline></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block>Target</fo:block></fo:list-item-body></fo:list-item></fo:list-block>
</fo:block>
<fo:block margin-bottom="1.5cm" id="objectives">
<fo:block keep-with-next.within-page="always" font-weight="bold" font-style="italic" font-size="14pt" margin-bottom="0.8cm" background-color="silver"><fo:inline>1.3</fo:inline>   Project objectives</fo:block>
<fo:block margin-bottom="1.5cm">...</fo:block>
</fo:block>
<fo:block margin-bottom="1.5cm" id="timeline">
<fo:block keep-with-next.within-page="always" font-weight="bold" font-style="italic" font-size="14pt" margin-bottom="0.8cm" background-color="silver"><fo:inline>1.4</fo:inline>   Timeline</fo:block>
<fo:block margin-bottom="1.5cm">The Security Audit took place between X and Y, 2015.</fo:block>
</fo:block>
<fo:block margin-bottom="1.5cm" id="resultsinanutshell">
<fo:block keep-with-next.within-page="always" font-weight="bold" font-style="italic" font-size="14pt" margin-bottom="0.8cm" background-color="silver"><fo:inline>1.5</fo:inline>   Results In A Nutshell</fo:block>
</fo:block>
<fo:block margin-bottom="1.5cm" id="findingSummary">
<fo:block keep-with-next.within-page="always" font-weight="bold" font-style="italic" font-size="14pt" margin-bottom="0.8cm" background-color="silver"><fo:inline>1.6</fo:inline>   Summary of Findings</fo:block>
<fo:block><fo:table margin-bottom="1.5cm" border-width="1pt" border-style="solid" border-color="black" width="100%" table-layout="fixed"><fo:table-column border-width="1pt" border-style="solid" border-color="black" column-width="proportional-column-width(12)"/><fo:table-column border-width="1pt" border-style="solid" border-color="black" column-width="proportional-column-width(22)"/><fo:table-column border-width="1pt" border-style="solid" border-color="black" column-width="proportional-column-width(50)"/><fo:table-column border-width="1pt" border-style="solid" border-color="black" column-width="proportional-column-width(16)"/><fo:table-body><fo:table-row background-color="orange" border-width="1pt" border-style="solid" border-color="black"><fo:table-cell padding="2pt"><fo:block>ID</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block>Type</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block>Description</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block>Threat level</fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block>
</fo:block>
<fo:block margin-bottom="1.5cm" id="recommendationSummary">
<fo:block keep-with-next.within-page="always" font-weight="bold" font-style="italic" font-size="14pt" margin-bottom="0.8cm" background-color="silver"><fo:inline>1.7</fo:inline>   Summary of Recommendations</fo:block>
<fo:block><fo:table margin-bottom="1.5cm" border-width="1pt" border-style="solid" border-color="black" width="100%" table-layout="fixed"><fo:table-column border-width="1pt" border-style="solid" border-color="black" column-width="proportional-column-width(12)"/><fo:table-column border-width="1pt" border-style="solid" border-color="black" column-width="proportional-column-width(22)"/><fo:table-column border-width="1pt" border-style="solid" border-color="black" column-width="proportional-column-width(66)"/><fo:table-body><fo:table-row background-color="orange" border-width="1pt" border-style="solid" border-color="black"><fo:table-cell padding="2pt"><fo:block>ID</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block>Type</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block>Recommendation</fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block>
</fo:block>
</fo:block>
<fo:block margin-bottom="1.5cm" id="methodology" break-before="page">
<fo:block keep-with-next.within-page="always" font-weight="bold" font-size="16pt" margin-bottom="1cm" background-color="orange"><fo:inline>2</fo:inline>   Methodology</fo:block>
<fo:block margin-bottom="1.5cm" id="planning">
<fo:block keep-with-next.within-page="always" font-weight="bold" font-style="italic" font-size="14pt" margin-bottom="0.8cm" background-color="silver"><fo:inline>2.1</fo:inline>   Planning</fo:block>
<fo:block margin-bottom="5pt">Our general approach during this penetration test was as follows:</fo:block>
<fo:list-block provisional-distance-between-starts="0.75cm" provisional-label-separation="2.5mm" margin-bottom="1.5cm" space-after="12pt" start-indent="1cm"><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block>1. </fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:inline font-weight="bold">Reconnaissance</fo:inline><fo:block/>We attempted to gather as much information as possible about the
target. Reconnaissance can take two forms: active and passive. A
passive attack is always the best starting point as this would normally defeat
intrusion detection systems and other forms of protection, etc., afforded to the
network. This would usually involve trying to discover publicly available
information by utilizing a web browser and visiting newsgroups etc. An active form
would be more intrusive and may show up in audit logs and may take the form of a
social engineering type of attack.</fo:block></fo:list-item-body></fo:list-item><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block>2. </fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:inline font-weight="bold">Enumeration</fo:inline><fo:block/>We used varied operating system fingerprinting tools to determine
what hosts are alive on the network and more importantly what services and operating
systems they are running. Research into these services would be carried out to
tailor the test to the discovered services.</fo:block></fo:list-item-body></fo:list-item><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block>3. </fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:inline font-weight="bold">Scanning</fo:inline><fo:block/>Through the use of vulnerability scanners, all discovered hosts would be tested
for vulnerabilities. The result would be analyzed to determine if there any
vulnerabilities that could be exploited to gain access to a target host on a
network.</fo:block></fo:list-item-body></fo:list-item><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block>4. </fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:inline font-weight="bold">Obtaining Access</fo:inline><fo:block/>Through the use of published exploits or weaknesses found in
applications, operating system and services access would then be attempted. This may
be done surreptitiously or by more brute force methods.</fo:block></fo:list-item-body></fo:list-item></fo:list-block>
</fo:block>
<fo:block margin-bottom="1.5cm" id="riskClassification">
<fo:block keep-with-next.within-page="always" font-weight="bold" font-style="italic" font-size="14pt" margin-bottom="0.8cm" background-color="silver"><fo:inline>2.2</fo:inline>   Risk Classification</fo:block>
<fo:block margin-bottom="5pt">Throughout the document, each vulnerability or risk identified has been labeled and
categorized as:</fo:block>
<fo:list-block provisional-distance-between-starts="0.75cm" provisional-label-separation="2.5mm" space-after="12pt" start-indent="1cm"><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:inline font-weight="bold">Extreme</fo:inline><fo:block/>Extreme risk of security controls being compromised with the possibility
of catastrophic financial/reputational losses occurring as a result.</fo:block></fo:list-item-body></fo:list-item><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:inline font-weight="bold">High</fo:inline><fo:block/>High risk of security controls being compromised with the potential for
significant financial/reputational losses occurring as a result.</fo:block></fo:list-item-body></fo:list-item><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:inline font-weight="bold">Elevated</fo:inline><fo:block/>Elevated risk of security controls being compromised with the potential
for material financial/reputational losses occurring as a result.</fo:block></fo:list-item-body></fo:list-item><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:inline font-weight="bold">Moderate</fo:inline><fo:block/>Moderate risk of security controls being compromised with the potential
for limited financial/reputational losses occurring as a result.</fo:block></fo:list-item-body></fo:list-item><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:inline font-weight="bold">Low</fo:inline><fo:block/>Low risk of security controls being compromised with measurable negative
impacts as a result.</fo:block></fo:list-item-body></fo:list-item></fo:list-block>
<fo:block margin-bottom="1.5cm">Please note that this risk rating system was taken from the Penetration Testing Execution
Standard (PTES). For more information, see:
http://www.pentest-standard.org/index.php/Reporting. </fo:block>
</fo:block>
</fo:block>
<fo:block margin-bottom="1.5cm" id="recon">
<fo:block keep-with-next.within-page="always" font-weight="bold" font-size="16pt" margin-bottom="1cm" background-color="orange"><fo:inline>3</fo:inline>   Reconnaissance and Fingerprinting</fo:block>
<fo:block margin-bottom="1.5cm">Through automated scans we were able to gain the following information about the
software and infrastructure. Detailed scan output can be found in the sections
below.</fo:block>
<fo:block margin-bottom="1.5cm" id="scans">
<fo:block keep-with-next.within-page="always" font-weight="bold" font-style="italic" font-size="14pt" margin-bottom="0.8cm" background-color="silver"><fo:inline>3.1</fo:inline>   Automated Scans</fo:block>
<fo:block margin-bottom="5pt">As part of our active reconnaissance we used the following automated scans:</fo:block>
<fo:list-block provisional-distance-between-starts="0.75cm" provisional-label-separation="2.5mm" margin-bottom="1.5cm" space-after="12pt" start-indent="1cm"><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block>nmap <fo:basic-link color="blue" external-destination="http://nmap.org">http://nmap.org</fo:basic-link></fo:block></fo:list-item-body></fo:list-item></fo:list-block>
</fo:block>
</fo:block>
<fo:block margin-bottom="1.5cm" id="techSummary">
<fo:block keep-with-next.within-page="always" font-weight="bold" font-size="16pt" margin-bottom="1cm" background-color="orange"><fo:inline>4</fo:inline>   Pentest Technical Summary</fo:block>
<fo:block margin-bottom="1.5cm" id="findings">
<fo:block keep-with-next.within-page="always" font-weight="bold" font-style="italic" font-size="14pt" margin-bottom="0.8cm" background-color="silver"><fo:inline>4.1</fo:inline>   Findings</fo:block>
<fo:block margin-bottom="1.5cm">We have identified the following issues:</fo:block>
</fo:block>
<fo:block margin-bottom="1.5cm" id="nonFindings">
<fo:block keep-with-next.within-page="always" font-weight="bold" font-style="italic" font-size="14pt" margin-bottom="0.8cm" background-color="silver"><fo:inline>4.2</fo:inline>   Non-Findings</fo:block>
<fo:block margin-bottom="1.5cm">In this section we list some of the things that were tried but turned
out to be dead ends.</fo:block>
</fo:block>
</fo:block>
<fo:block margin-bottom="1.5cm" id="futurework">
<fo:block keep-with-next.within-page="always" font-weight="bold" font-size="16pt" margin-bottom="1cm" background-color="orange"><fo:inline>5</fo:inline>   Future Work</fo:block>
</fo:block>
<fo:block margin-bottom="1.5cm" id="conclusion">
<fo:block keep-with-next.within-page="always" font-weight="bold" font-size="16pt" margin-bottom="1cm" background-color="orange"><fo:inline>6</fo:inline>   Conclusion</fo:block>
</fo:block>
<fo:block margin-bottom="1.5cm" break-before="page" id="testteam">
<fo:block keep-with-next.within-page="always" font-weight="bold" font-size="16pt" margin-bottom="1cm" background-color="orange"><fo:inline> Appendix 1</fo:inline>   Testing team</fo:block>
<fo:block><fo:table border-width="1pt" border-style="solid" border-color="black" width="100%" table-layout="fixed"><fo:table-column border-width="1pt" border-style="solid" border-color="black" column-width="proportional-column-width(25)"/><fo:table-column border-width="1pt" border-style="solid" border-color="black" column-width="proportional-column-width(75)"/><fo:table-body><fo:table-row border-width="1pt" border-style="solid" border-color="black"><fo:table-cell padding="2pt"><fo:block>Melanie Rieback</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block>Melanie Rieback is a former Asst. Prof. of Computer Science from the VU,
who is also the co-founder/CEO of Radically Open Security.</fo:block></fo:table-cell></fo:table-row><fo:table-row border-width="1pt" border-style="solid" border-color="black"><fo:table-cell padding="2pt"><fo:block>FirstName LastName</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block>Info</fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block>
</fo:block>
</fo:block><fo:block id="EndOfDoc"/></fo:flow></fo:page-sequence></fo:root>
View Git Blame Copy Permalink