Fork me on GitHub

TestAndVerification -> Dynamic depth for infrastructure: Test for exposed services

Risk and Opportunity

Risk: Standard network segmentation and firewalling has not been performed, leading to world open cluster management ports.
Opportunity: With the help of tools the network configuration of unintentional exposed cluster(s) are tested. To identify clusters, all subdomains might need to be identified with a tool like OWASP Amass to perform portscans based o the result.

Usefulness and Requirements of this Activitiy

Usefullness: Medium
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

Additional Information

Implementation hints:

OWASP SAMM VERSION 2

ISO27001 2017