boward57 Posted September 4, 2018 Share Posted September 4, 2018 I am not sure if this is the right forum with the proper expertise to comment but I thought I would ask. We recently underwent a pen test for our application security and we were issued the final report. It's a SaaS application with a large corporate customer base. I am unable to mention the application but I wondered if I posted some of the particular threats/exploits they mentioned if members would be willing to comment on them? Thank you in advance! Quote Link to comment Share on other sites More sharing options...
digininja Posted September 4, 2018 Share Posted September 4, 2018 Have you tried going back to your testers? They should give you full support after the test not just deliver a report and walk away. You can ask if you want though. 1 Quote Link to comment Share on other sites More sharing options...
Glowinghot666 Posted September 4, 2018 Share Posted September 4, 2018 post report plz Quote Link to comment Share on other sites More sharing options...
r3plic4tor Posted September 7, 2018 Share Posted September 7, 2018 (edited) Seeing its a web application, Im guessing it was an external engagement testing your perimeter. The report should contain the vulnerabilities discovered, and how they were exploited within 'scope' over the given time frame. (as well as how they can be patched) If you wish to supply details and extend permission, maybe we could recreate these scenario's and give you a better conclusion? Or just supply links to the Domains in scope! Edited September 7, 2018 by r3plic4tor Quote Link to comment Share on other sites More sharing options...
barry99705 Posted September 10, 2018 Share Posted September 10, 2018 Yea, posting the issues to a public forum is a really bad idea. Follow digininja's advice and ask your testers. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.