From c93b611045f841b8eb6c2915e7e56c4aa9930d1b Mon Sep 17 00:00:00 2001 From: Eleanor Rose Date: Sat, 17 Feb 2024 13:49:58 +1300 Subject: [PATCH] Update 01-Test_Network_Infrastructure_Configuration.md Fixing typo - missing word --- .../01-Test_Network_Infrastructure_Configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/01-Test_Network_Infrastructure_Configuration.md b/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/01-Test_Network_Infrastructure_Configuration.md index e1d9729301..705bc7c247 100644 --- a/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/01-Test_Network_Infrastructure_Configuration.md +++ b/document/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/01-Test_Network_Infrastructure_Configuration.md @@ -17,7 +17,7 @@ The following steps need to be taken to test the configuration management infras - The different elements that make up the infrastructure need to be determined in order to understand how they interact with a web application and how they affect its security. - All the elements of the infrastructure need to be reviewed in order to make sure that they don't contain any known vulnerabilities. - A review needs to be made of the administrative tools used to maintain all the different elements. -- The authentication systems need to reviewed in order to assure that they serve the needs of the application and that they cannot be manipulated by external users to leverage access. +- The authentication systems need to be reviewed in order to assure that they serve the needs of the application and that they cannot be manipulated by external users to leverage access. - A list of defined ports which are required for the application should be maintained and kept under change control. After having mapped the different elements that make up the infrastructure (see [Map Network and Application Architecture](../01-Information_Gathering/10-Map_Application_Architecture.md)), it is possible to review the configuration of each element founded and test for any known vulnerabilities.