- Web Penetration Testing with Kali Linux(Third Edition)
- Gilberto Najera Gutierrez Juned Ahmed Ansari
- 150字
- 2021-06-24 18:44:50
Status meeting and reports
Communication is key for a successful penetration test. Regular meetings should be scheduled between the testing team and the client organization and routine status reports issued by the testing team. The testing team should present how far they have reached and what vulnerabilities have been found up to that point. The client organization should also confirm whether their detection systems have triggered any alerts resulting from the penetration attempt. If a web server is being tested and a WAF was deployed, it should have logged and blocked attack attempts. As a best practice, the testing team should also document the time when the test was conducted. This will help the security team in correlating the logs with the penetration tests.
WAFs work by analyzing the HTTP/HTTPS traffic between clients and servers, and they are capable of detecting and blocking the most common attacks on web applications.
推薦閱讀
- Google系統架構解密:構建安全可靠的系統
- Kubernetes網絡權威指南:基礎、原理與實踐
- Implementing Azure DevOps Solutions
- Mobile First Design with HTML5 and CSS3
- AWS Development Essentials
- Django Project Blueprints
- Social Data Visualization with HTML5 and JavaScript
- 從實踐中學習Windows滲透測試
- iOS 10 開發指南
- 鴻蒙HarmonyOS手機應用開發實戰
- Agile IT Security Implementation Methodology
- Microsoft Hyper-V Cluster Design
- 鴻蒙HarmonyOS應用開發入門
- Angular權威教程
- Docker容器技術與運維