RFP Vulnerability Assesstment & Penetration Test

RFP for Vulnerability Assessment & Penetration Test
A) Company Information
B) Proposal and Quotation
APPENDIX 1 – TECHNICAL CHECKLIST

Item Description Comply Proposal/ Remarks
/ Status
(Y/N)
1. External Penetration Test (Servers and Network Devices)
Deliverable: External Penetration Test Report
Using combination of Grey / White -box Approach
3 Separate Target Networks – (IIB HQ, Medini and KL Office)
Estimates as 23x External IP Addresses
Part 1: Information Gathering
Goal: The pen-tester tries to gather maximum information on the

remote host.
Expected Results:
• Domain Registration Information
• IP Addresses Range
Part 2: Fingerprinting/Foot Printing
Goal: Getting detailed information on remote host.
Expected Results:
• Remote server OS type
• Remote server web-server type
• Applications running on remote server
/ Status
(Y/N)
Part 3: Networking Survey
Goal: Combination of data collection, information gathering, and

policy control
Expected Results:
• Firewall / Routers Discovery
• Possible Local Network / Subnet Discovery
• ISP information
Part 4: Services Indication
Goal: Port scanning; finding accessible services
Expected Results:
• Open, closed or filtered ports
• Services Identification
Part 5: Evading Firewall Rules
Goal: Firewall evasion techniques are used to bypass firewall rules.
Expected Results:
• Mapping of firewall configuration rules

• Partial Access to devices behind the firewall
/ Status
(Y/N)
Part 6: Exploiting Services
Goal: The weaknesses found in the remote services are exploited
Expected Results:
• Data intercept or Packet Sniffing
2. a Internal Penetration Test (Servers and Network Devices)

Deliverable: Internal Penetration Test Report
Using combination Grey White-box Approach
3 Separate Target Networks – (IIB HQ, Seri Medini and IIB KL Office)
Part 1: Information Gathering
Goal: The pen-tester tries to gather maximum information on the

remote host.
Expected Results:
• IP Addresses Range
• Email IDs
• Hosts/Server List
Phase 2: Fingerprinting / Foot Printing
Goal: Getting detailed information on servers.
Expected Results:
• Server OS type
• Applications running on server
/ Status
(Y/N)
Part 3: Networking Survey
Goal: Combination of data collection, information gathering, and

policy control
Expected Results:
• Local Network / Subnet Discovery
• Topology Mapping
• Host IP lists
Part 4: Services Indication
Goal: Port scanning; finding accessible/unsecure server services
Expected Results:
• Open, closed or filtered ports
• Services Identification
Part 5: Exploiting Services
Goal: The weaknesses found in the remote services are exploited
Expected Results:
• Data intercept, packet sniffing or packet hijacking

/ Status
(Y/N)
2. b Wireless Penetration Test
Deliverable: Wireless Penetration Test Report
3 Physical Sites – (IIB HQ , Seri Medini and IIB KL Office)
Part 1: Policy & Architecture Review
Part 2 : Investigate AP physical installations
Part 3 : Identify Rouge AP
Part 4 : Vulnerabilities Scanning
Part 5 : Exploit Test & Verification
3. Vulnerability Assessment Services
Deliverable : Vulnerability Assessment and Service Report
2 Physical Sites – (IIB HQ and External Hosted Server)
Part 1: Information Gathering for External Hosted Server
Goal: The pen-tester tries to gather information on the remote host

and gain access to services.
Expected Results:
• Domain Registration Information
• List of vulnerabilities associated with each remote services
• List of possible denial of service vulnerabilities
• Possible misconfiguration on the remote server
• Gaining Server Access
Part 1: Information Gathering for IIB HQ
Goal: The pen-tester tries to gather information on the remote host

and gaining access of the services.
/ Status
(Y/N)
Expected Results:
• List of vulnerabilities associated with each remote services
• List of possible denial of service vulnerabilities
• Possible misconfiguration on the remote server
• Gaining Server Access
4. Post Review Test

Deliverable: Post Review Testing Report
Post Review Executive Presentation
Recommendation
5. Others
Others. Please specify.

RFP Vulnerability Assesstment &amp; Penetration Test

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

RFP Vulnerability Assesstment &amp; Penetration Test

Uploaded by

Copyright:

Available Formats

RFP for Vulnerability Assessment & Penetration Test

APPENDIX 1 – TECHNICAL CHECKLIST

Goal: The pen-tester tries to gather maximum information on the

Part 2: Fingerprinting/Foot Printing

Goal: Getting detailed information on remote host.

Goal: Combination of data collection, information gathering, and

Part 4: Services Indication

Goal: Port scanning; finding accessible services

Part 5: Evading Firewall Rules

Goal: Firewall evasion techniques are used to bypass firewall rules.

• Mapping of firewall configuration rules

• Data intercept or Packet Sniffing

2. a Internal Penetration Test (Servers and Network Devices)

Goal: The pen-tester tries to gather maximum information on the

Phase 2: Fingerprinting / Foot Printing

Goal: Getting detailed information on servers.

Goal: Combination of data collection, information gathering, and

Part 4: Services Indication

Goal: Port scanning; finding accessible/unsecure server services

Part 5: Exploiting Services

Goal: The weaknesses found in the remote services are exploited

• Data intercept, packet sniffing or packet hijacking

Goal: The pen-tester tries to gather information on the remote host

Part 1: Information Gathering for IIB HQ

Goal: The pen-tester tries to gather information on the remote host

4. Post Review Test

You might also like

RFP Vulnerability Assesstment & Penetration Test

RFP Vulnerability Assesstment & Penetration Test