Mitigation strategies
RECOMMEND MITIGATION STRATEGIES
- Nearly every pen test will discover multiple vulnerabilities.
- A pen test report should contain recommendations to mitigate each vulnerability
- Solutions vary, depending on the vulnerability
MITIGATION STRATEGY CATEGORIES
- People - behavior changes
- Social engineering
- Passwords
- Process - how things are done
- Backup media handling
- ID management
- Technology
- Controls based on hardware and/or software
COMMON FINDINGS
- Shared local administrator credentials
- Randomize credentials/LAPS
- Weak password complexity
- Minimum password requirements/password filters
- Plain text passwords
- Encrypt the passwords
- No multifactor authentication
- Implement multifactor authentication
- SQL injection
- Sanitize user input/parameterize queries
- Unnecessary open services
- Disable or remove unneeded services(system hardening)
QUICK REVIEW
- Recommend mitigation activities for each identified vulnerability
- Suggest different classes of mitigations(technical, administrative, etc.)
- Know common findings and mitigations for the PenTest.
相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
