The customer should notify all the stakeholders, i.e. network admin, application admin, etc. about the security assessment activity so that they don’t detect our scan and testing traffic as unauthorized. All the stakeholders should be aware of our testing centre IP addresses as well.
“There should be a clear channel of communication (with no interference from IPS/IDS/Firewall/etc) between our scanners/testing centers and the target hosts. It is recommended to configure security appliances to allow unrestricted access from Paladion global delivery center IPs listed below to the ports/services of the target hosts that are exposed to the public or specific hosts.”
If there is an intermediate IPS or firewall with IPS capability, then it should be configured in such a way that our scan and testing traffic is not blocked in case any IPS rule is triggered.
If the web application for which the security assessment has to be performed is protected by a WAF, then the WAF should be configured in such a way that our scan/testing traffic is not blocked. WAF can continue to block the attack payloads but not the IP address.
If the web application for which the security assessment has to be performed is hosted in a UAT environment, then rules should be created on the firewall(s) to allow the traffic originating from our testing centers and destined for the UAT host; as well as the port on which the application is running.
During a security test, we attempt a large number of attacks within a very short time. This might trigger a large number of alerts in your IDS/IPS and catch the attention of the administrators. Please remember that in practice, an attacker might try these attacks slowly, over a longer period of time, and slip beneath the radar. To enable us to test efficiently, we request that our IP addresses are not blocked even when the administrators or security devices detect the attacks.