search

5. Common Scoping Mistakes

  • NOT THOROUGHLY reading the scope before testing

  • NOT STRICTLY following the scope

  • MISUNDERSTANDING the importance of scope

  • Reviewing asset scope, while FORGETTING bug scope.

Bugs and vulnerabilities CAN be OOS as well.

  • Assuming all subdomains are in scope - make sure you read well

  • Not verifying if third-party services are in-scope

  • Improperly configuring tools to adhere to scope

  • Reporting out of scope findings

hashtag
Common OOS vulnerabilities

  • Physical attacks

  • Social Engineering

  • Denial of Service (DoS)

  • Outdated software

  • Missing headers / cookie flags if you can leverage an attack because of this then it can be reported

Look for things that actually you can prove the security impact of.

  • Brute-forcing credentials - check exactly if it's in scope or not to make sure to not randomly bruteforce some specific account and get restricted or purely not obtaining anything out of it.

  • Username enumeration - very low impact, not pose on a security risk on its own. Sometimes it might not be OOS like fx when personal data knowledge is really important e.g. on a Health Institution website.

  • Fingerprinting - finding software names or software versions used

  • Theoretical attacks

  • Leaked credentials - using dark web credentials do not work as a finding

    • If you get the credentials because you guessed it it's a different story

Previous4. Knowledge base: https:kb.intigriti.comNext6. A SHORT INTRO ON HTTP and DNS