The Cyber Threat Perspective Episode 49: Scoping Offensive Security Engagements
Jul 12, 2023
Explore the critical nuances of scoping offensive security engagements, defining objectives and boundaries for effective penetration testing. Discover the evolving metrics that influence costs and timelines, as well as the challenges posed by cloud security. Learn about the complexities of scoping across various environments, including post-pandemic considerations. Delve into internal testing and the importance of alignment with client expectations, showcasing the collaborative dynamics of red and blue teams for enhanced security.
AI Snips
Chapters
Transcript
Episode notes
Cloud Expands External Surface
- Cloud resources expand the external attack surface beyond owned IP addresses.
- Knowing all cloud apps used is critical but often difficult due to shadow IT.
Clarify Infrastructure in Scoping
- Clarify on-premises infrastructure for internal tests, including domains and forest configurations.
- Tailor testing approach if environment is fully cloud-based or segmented across locations.
Zero Trust Blurs Pen Test Lines
- The shift towards zero trust and cloud eliminates clear external perimeters.
- Lines between internal and external penetration testing are increasingly blurred.