Testing Plan
Given these restrictions, we suggested performing a comprehensive and automated vulnerability scan, along with an external penetration test against the hosted web application and the supporting network infrastructure. While this solution wasn't perfect, it would provide solid information on the security posture of the environment and actionable recommendations on additional measures (as appropriate) that could augment the existing level of security.
Our efforts would certainly include scanning for the Open Web Application Security Project (OWASP) Top Ten security vulnerabilities, including SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF), as well as typical network-based vulnerabilities including open ports and insecure services.
The information we require from the web application is the public IP address and/or address range to target. Given the short timeframe for testing, we received additional information about the application that wasn't strictly required, but could help focus our investigation into the application and the search for vulnerabilities—such as the supporting operating system, database, hardware, and programming language used. This additional information saved some time that we would normally spend in the vulnerability analysis, footprinting, and research stages. We also selected a mutually convenient time and asked the client to inform their staff as well as their hosting provider of the scheduled time for the penetration test.