You are planning a penetration testing engagement for an organization that is very concerned about potential service disruptions. While reviewing the established rules of engagement, you note a specific condition that prohibits any tests that could result in denial of service. Which of the following tests should you exclude from your testing plan to comply with the client's requirement?
Attempting cross-site scripting (XSS) in various input fields of the client's website
Performing directory traversal attacks to assess system file access controls
Testing for SQL injection vulnerabilities in web applications
Sending large volumes of traffic to test for Denial of Service (DoS) vulnerabilities
Sending large volumes of traffic to test for a Denial of Service (DoS) vulnerability would be in direct violation of the rules of engagement that prohibit tests potentially leading to service disruptions. SQL injection, directory traversal, and cross-site scripting tests do not inherently risk causing denial of service and thus would not typically be excluded under such a condition, although the way these tests are executed should always consider the potential impact on the organization's services.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Denial of Service (DoS) attack?
Open an interactive chat with Bash
What are the common types of vulnerabilities tested in penetration testing?
Open an interactive chat with Bash
What are rules of engagement in penetration testing?