Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Chapter 10 -Building penetration test labs > 10.2 -Approach - Pg. 372

372 CHAPTER 10 Building penetration test labs 10.1 OBJECTIVES When considering your penetration test lab configuration, you must focus on exactly what your objective is. Do you intend to practice a specific skill or do you need to replicate a client environment so that you can practice testing it before going to the client site? Perhaps there is an enterprise application that you'd like to focus on to find new vulnerabilities or a great idea for a new technique you'd like to try out. Whatever your individual needs are, you need to make sure that those are laid out first and foremost before beginning the build of your penetration testing lab. When determining your objective, make sure to include all facets of the work that you may need to accomplish. For example, if you plan on testing an enterprise application, make sure that your lab supports the full architecture of the application. If you're trying to test a specific tier of a multi-tier enterprise application, it doesn't necessarily make sense to put the entire application on a single lab system. You may be tempted to take advantage of an RDBMS vulnerability to compromise the application server whereas this may not be a feasible scenario in the real world. Make sure to consider the security of your lab environment as well. We'll discuss this more in the Approach section of this chapter, but it is very important to keep