{"id":1528,"date":"2014-11-13T19:12:01","date_gmt":"2014-11-13T19:12:01","guid":{"rendered":"http:\/\/nethemba.com\/cs\/ako-si-vybrat-firmu-na-penetracne-testovanie\/"},"modified":"2014-11-13T19:12:01","modified_gmt":"2014-11-13T19:12:01","slug":"ako-si-vybrat-firmu-na-penetracne-testovanie","status":"publish","type":"post","link":"https:\/\/nethemba.com\/cs\/ako-si-vybrat-firmu-na-penetracne-testovanie\/","title":{"rendered":"Ako si vybra\u0165 firmu na penetra\u010dn\u00e9 testovanie?"},"content":{"rendered":"<p id=\"yui_patched_v3_11_0_1_1415902729618_609\" lang=\"sk-SK\" style=\"text-align: left;\" align=\"center\"><strong><span id=\"yui_patched_v3_11_0_1_1415902729618_608\" style=\"font-size: large;\">D\u00f4le\u017eit\u00e9 krit\u00e9ria pri v\u00fdbere spo\u013eahliv<\/span><span style=\"font-size: large;\">\u00e9<\/span><span style=\"font-size: large;\">ho dod\u00e1vate\u013ea<\/span><\/strong>\n<\/p>\n<p lang=\"sk-SK\" align=\"left\"><span style=\"font-size: large;\"><b>\u00davod<\/b><\/span><\/p>\n<p>Hne\u010f na za\u010diatku by som r\u00e1d zd\u00f4raznil, \u017ee vediem firmu zameran\u00fa na penetra\u010dn\u00e9 testovanie a bezpe\u010dnostn\u00e9 audity. Aby som sa \u010do najviac vyhol zaujatosti, sna\u017eil som sa nasleduj\u00facom \u010dl\u00e1nku zachova\u0165 v maxim\u00e1lne mo\u017enej miere objektivitu, s\u00fa\u010dasne pritom ale vyu\u017ei\u0165 moje takmer 15-ro\u010dn\u00e9 sk\u00fasenosti v oblasti penetra\u010dn\u00e9ho testovania a IT bezpe\u010dnosti. Podotkol by som, \u017ee v\u0161etky ni\u017e\u0161ie pop\u00edsan\u00e9 krit\u00e9ria na ide\u00e1lneho dod\u00e1vate\u013ea penetra\u010dn\u00e9ho testovania nesp\u013a\u0148a ani na\u0161a firma, aj ke\u010f sa sna\u017e\u00edme k tomu ka\u017ed\u00fdm rokom pribl\u00ed\u017ei\u0165.<\/p>\n<p>Pri v\u00fdbere dod\u00e1vate\u013ea na penetra\u010dn\u00e9 testovania som sa zameral na anal\u00fdzu tohto probl\u00e9mu z h\u013eadiska 3 krit\u00e9ri\u00ed, ktor\u00e9 poklad\u00e1m v pr\u00edpade IT bezpe\u010dnosti za najd\u00f4le\u017eitej\u0161ie \u2013 etika, profesionalita a sk\u00fasenosti.<\/p>\n<p lang=\"sk-SK\" align=\"left\"><span style=\"font-size: large;\"><b>Etika<\/b><\/span><\/p>\n<p>Bohu\u017eia\u013e u\u017e p\u00e1r rokov sa stret\u00e1vam na Slovensku s t\u00fdm, \u017ee t\u00ed, ktor\u00ed vedia odhalova\u0165 bezpe\u010dnostn\u00e9 zranite\u013enosti, nevedia ako ich spr\u00e1vne a eticky zverej\u0148ova\u0165, a t\u00ed, ktor\u00ed platia za penetra\u010dn\u00e9 testy, nevedia ak\u00e9 etick\u00e9 pravidl\u00e1 maj\u00fa vy\u017eadova\u0165 od ich dod\u00e1vate\u013eov. V praxi to znamen\u00e1, \u017ee na Slovensku relat\u00edvne \u010dasto funguje typ v\u00fdhra\u017en\u00e9ho penetra\u010dn\u00e9ho biznisu, ke\u010f niekto bez ak\u00e9hoko\u013evek s\u00fahlasu odhal\u00ed na Va\u0161om webe nejak\u00fa v\u00e1\u017enej\u0161iu zranite\u013enos\u0165 a vz\u00e1p\u00e4t\u00ed V\u00e1m nap\u00ed\u0161e v\u00fdhra\u017en\u00fd mail znenia:<br \/>\n<strong><span lang=\"sk-SK\">&#8222;Dobr\u00fd de\u0148, na Va\u0161om webe sme odhalili v\u00e1\u017enu zranite\u013enos\u0165, viac inform\u00e1ci\u00ed o nej V\u00e1m poskytneme, ke\u010f si u n\u00e1s\/<\/span><\/strong><strong><span lang=\"sk-SK\">u m\u0148a<\/span><\/strong><strong><span lang=\"sk-SK\"> zaplat\u00edte penetra\u010dn\u00fd test&#8230;&#8220;.<\/span><\/strong><\/p>\n<p><span lang=\"sk-SK\">Bohu\u017eia\u013e m\u00e1lokto z vystra\u0161en\u00fdch klientov si uvedom\u00ed, \u017ee toto konanie je vyslovene neetick\u00e9 a to z nasleduj\u00facich pr\u00ed\u010din:<\/p>\n<p>1. Ide o z\u00edskavanie biznisu prostredn\u00edctvom vyhr\u00e1\u017eania (ak nie vyslovene vydierania).<br \/>\n2. Inform\u00e1cie o uveden\u00fdch zranite\u013enostiach boli z\u00edskan\u00e9 (ak nie neleg\u00e1lnym, tak) neetick\u00fdm sp\u00f4sobom &#8211; bez V\u00e1\u0161ho s\u00fahlasu na vykonanie testu, ktor\u00fd to odhalil.<\/span><\/p>\n<p><strong><span lang=\"sk-SK\">Seri\u00f3zna IT bezpe\u010dnostn\u00e1 spolo\u010dnos\u0165, ktor\u00e1 poskytuje penetra\u010dn\u00e9 testy a bezpe\u010dnostn\u00e9 audity by:<\/span><\/strong><\/p>\n<p><strong><span lang=\"sk-SK\">1. Nikdy nemala vyu\u017e\u00edva\u0165 vyhr<\/span><\/strong><strong><span lang=\"sk-SK\">\u00e1\u017eac\u00ed<\/span><\/strong><strong><span lang=\"sk-SK\"> (alebo vydiera\u010dsk\u00fd) pr\u00edstup ku klientovi a to:<\/span><\/strong><\/p>\n<ul>\n<li>\n<p lang=\"sk-SK\">podmienova\u0165 objednanie penetra\u010dn\u00e9ho testu t\u00fdm, \u017ee V\u00e1s informuje o bezpe\u010dnostn\u00fdch zranite\u013enostiach, ktor\u00e9 o Va\u0161ej webovej aplik\u00e1cii zistili bez V\u00e1\u0161ho s\u00fahlasu<\/p>\n<\/li>\n<li>\n<p lang=\"sk-SK\">podmienova\u0165 objednanie penetra\u010dn\u00e9ho testu t\u00fdm, \u017ee inak zverejn\u00ed odhalen\u00e9<br \/>\nbezpe\u010dnostn\u00e9 zranite\u013enosti<\/p>\n<\/li>\n<li>\n<p lang=\"sk-SK\">\u017eiada\u0165 priamu kompenz\u00e1ciu (napr\u00edklad finan\u010dn\u00fa) za zverejnenie odhalenej zranite\u013enost\u00ed V\u00e1m alebo tretej strane<\/p>\n<\/li>\n<\/ul>\n<p><span lang=\"sk-SK\">Vo v\u0161etk\u00fdch troch pr\u00edpadoch ide (ak nie o neleg\u00e1lny, tak) neetick\u00fd pr\u00edstup.<\/span><\/p>\n<p><strong><span lang=\"sk-SK\">2.<\/span><\/strong> <strong><span lang=\"sk-SK\">Mala v\u017edy vy\u017eadova\u0165 podp\u00edsanie vz\u00e1jomnej zmluvy o vykonan\u00ed penetra\u010dn\u00fdch testov<\/span><\/strong><span lang=\"sk-SK\"> (<\/span><span lang=\"sk-SK\">tzv. \u201e<\/span><span lang=\"sk-SK\">zmluva o bezpe\u010dnostnom zhodnoten\u00ed\u201c), kde Va\u0161a spolo\u010dnos\u0165 d\u00e1va svoj s\u00fahlas vykon\u00e1vate\u013eovi na spustenie a vykonanie dan\u00fdch penetra\u010dn\u00fdch testov v definovanom \u010dase (z dan\u00e9ho definovan\u00e9ho IP adresn\u00e9ho rozsahu alebo miesta) za jasn<\/span><span lang=\"sk-SK\">\u00fdch,<\/span><span lang=\"sk-SK\"> zmluvne definovan\u00fdch podmienok.<\/span><\/p>\n<p><strong><span lang=\"sk-SK\">3. Nemala ma\u0165 probl\u00e9m podp\u00edsa\u0165 obojstrann\u00fa NDA <\/span><\/strong><strong><span lang=\"sk-SK\">(Zmluva o ml\u010danlivosti)<\/span><\/strong><strong><span lang=\"sk-SK\"> s <\/span><\/strong><strong><span lang=\"sk-SK\">adekv\u00e1tnou <\/span><\/strong><strong><span lang=\"sk-SK\">zmluvnou pokutou <\/span><\/strong><strong><span lang=\"sk-SK\">(<\/span><\/strong><strong><span lang=\"sk-SK\">minim\u00e1lne do v\u00fd\u0161ky ceny samotn\u00e9ho penetra\u010dn\u00e9ho testu<\/span><\/strong><strong><span lang=\"sk-SK\">)<\/span><\/strong><strong><span lang=\"sk-SK\">.<\/span><\/strong><br \/>\n<span lang=\"sk-SK\">Seri\u00f3zna bezpe\u010dnostn\u00e1 spolo\u010dnos\u0165 vykon\u00e1vaj\u00faca penetra\u010dn\u00e9 testy by sa nemala pusti\u0165 do testovania V\u00e1\u0161ho webu predt\u00fdm, ako jej na to d\u00e1te p\u00edsomn\u00fd s\u00fahlas (v zmluve o vykonan\u00ed penetra\u010dn\u00fdch testov, pr\u00edpadne inej zmluve), podobne by V\u00e1s nemala informova\u0165 o zranite\u013enostiach, ktor\u00e9 odhalila po\u010das testovania vykonan\u00e9ho bez V\u00e1\u0161ho s\u00fahlasu.<\/span><\/p>\n<p lang=\"sk-SK\" align=\"left\"><span style=\"font-size: large;\"><b>Profesionalita<\/b><\/span><\/p>\n<p>Posudzova\u0165 technick\u00e9 schopnosti firmy vykon\u00e1vaj\u00facich penetra\u010dn\u00e9 testy, \u010di bezpe\u010dnostn\u00e9 audity m\u00f4\u017ee by\u0165 relat\u00edvne dos\u0165 \u0165a\u017ek\u00e9. Tri veci, ktor\u00e9 V\u00e1m m\u00f4\u017eu pomoc\u0165 aspo\u0148 \u010diasto\u010dne si overi\u0165 tieto schopnosti s\u00fa:<\/p>\n<p lang=\"sk-SK\" align=\"left\"><span style=\"font-size: medium;\"><b>1. Technick\u00e9 bezpe\u010dnostn\u00e9 certifik\u00e1cie<\/b><\/span><\/p>\n<p>ISACA certifik\u00e1ty <a href=\"http:\/\/www.isaca.org\/Certification\/CISA-Certified-Information-Systems-Auditor\/Pages\/default.aspx\">CISA<\/a>, <a href=\"http:\/\/www.isaca.org\/Certification\/CISM-Certified-Information-security-manager\/Pages\/default.aspx\">CISM<\/a>, <a href=\"http:\/\/www.isaca.org\/certification\/cgeit-certified-in-the-governance-of-enterprise-it\/pages\/default.aspx\">CGE<\/a><a href=\"http:\/\/www.isaca.org\/certification\/cgeit-certified-in-the-governance-of-enterprise-it\/pages\/default.aspx\">I<\/a><a href=\"http:\/\/www.isaca.org\/certification\/cgeit-certified-in-the-governance-of-enterprise-it\/pages\/default.aspx\">T<\/a>, \u010di <a href=\"http:\/\/www.isaca.org\/Certification\/CRISC-Certified-in-Risk-and-Information-Systems-Control\/Pages\/default.aspx\">CRISC<\/a> nie s\u00fa technick\u00e9 certifik\u00e1cie a o schopnosti realizova\u0165 penetra\u010dn\u00e9 testy prakticky v\u00f4bec nevypovedaj\u00fa.<\/p>\n<p>ISC2 certifik\u00e1t <a href=\"https:\/\/www.isc2.org\/cissp\/Default.aspx\">CISSP<\/a> je technick\u00fd certifik\u00e1t pre IT security mana\u017e\u00e9rov, ktor\u00fd ide dostato\u010dne ve\u013ea do \u0161\u00edrky, ale m\u00e1lo do h\u013abky, tak\u017ee tie\u017e nijako nevypoved\u00e1 o schopnosti realizova\u0165 kvalitn\u00e9 penetra\u010dn\u00e9 testovanie.<\/p>\n<p>EC-Council certifik\u00e1ty <a href=\"http:\/\/www.eccouncil.org\/Certification\/certified-ethical-hacker\">CEH<\/a>, <a href=\"http:\/\/www.eccouncil.org\/about-ec-council-certified-security-analyst\">ECSA<\/a>, <a href=\"http:\/\/www.eccouncil.org\/about-licensed-penetration-tester\">LPT<\/a> patria medzi najpopul\u00e1rnej\u0161ie hackersk\u00e9 certifik\u00e1cie, ale \u00farove\u0148 znalost\u00ed na to, aby ste ich z\u00edskali, je relat\u00edvne dos\u0165 n\u00edzka a tie\u017e nijako nevypovedaj\u00fa o nad\u0161tandardn\u00fdch technick\u00fdch schopnostiach penetra\u010dn\u00fdch testerov.<\/p>\n<p>Certifik\u00e1ty, ktor\u00e9 reflektuj\u00fa hlbok\u00e9 znalosti penetra\u010dn\u00e9ho testovania s\u00fa napr\u00edklad <a href=\"http:\/\/www.offensive-security.com\/information-security-certifications\/oscp-offensive-security-certified-professional\/\">OSCP<\/a> (Offensive Security Certified Professional), <a href=\"http:\/\/www.iacertification.org\/cept_certified_expert_penetration_tester.html\">CEPT<\/a> (Certified Expert Penetration Tester), \u010di r\u00f4zne certifik\u00e1cie od organiz\u00e1cie SANS, napr\u00edklad <a href=\"http:\/\/www.giac.org\/certification\/certified-intrusion-analyst-gcia\">GCIA<\/a>. V slovensk\u00fdch, \u010di \u010desk\u00fdch kon\u010din\u00e1ch s\u00fa tieto certifik\u00e1cie bohu\u017eia\u013e dos\u0165 nezn\u00e1me a klienti ich nepoznaj\u00fa a teda nevy\u017eaduj\u00fa.<\/p>\n<p lang=\"sk-SK\" align=\"left\"><span style=\"font-size: medium;\"><b>2. Uk\u00e1\u017ekov\u00e9 v\u00fdstupn\u00e9 spr\u00e1vy, manu\u00e1lne overenie, metodol\u00f3gie<\/b><\/span><\/p>\n<p>Firma, ktor\u00e1 vykon\u00e1va penetra\u010dn\u00e9 testovanie, \u010di bezpe\u010dnostn\u00e9 audity, by nemala ma\u0165 probl\u00e9m na po\u017eiadenie poskytn\u00fa\u0165 uk\u00e1\u017ekov\u00e9 anonymizovan\u00e9 spr\u00e1vy (reporty) testov, ktor\u00e9 vykonala.<\/p>\n<p>Z v\u00fdsledn\u00fdch spr\u00e1v je obvykle mo\u017en\u00e9 zisti\u0165, \u010di penetra\u010dn\u00e9 testovanie bolo vykonan\u00e9 formou spustenia 2-3 automatizovan\u00fdch n\u00e1strojov, ktor\u00fdch v\u00fdstup bol len prelo\u017een\u00fd do sloven\u010diny\/\u010destiny, alebo bolo realizovan\u00e9 aj h\u013abkov\u00e9 testovanie, ktor\u00e9 zahr\u0148uje manu\u00e1lne overovanie zranite\u013enost\u00ed (tzv. \u201emanual inspection\u201c) a pr\u00edpadne reverzn\u00e9 in\u017einierstvo (obzvl\u00e1\u0161\u0165 pri lok\u00e1lne testovan\u00fdch aplik\u00e1ci\u00e1ch). Vo v\u0161eobecnosti plat\u00ed, \u017ee manu\u00e1lne h\u013eadanie a overovanie zranite\u013enost\u00ed, ako aj schopnos\u0165 vykon\u00e1va\u0165 reverzn\u00e9 in\u017einierstvo, sved\u010d\u00ed o nad\u0161tandardn\u00fdch znalostiach testerov a toto krit\u00e9rium by malo by\u0165 vy\u017eadovan\u00e9 v pr\u00edpade, \u017ee ako z\u00e1kazn\u00edk chcete skuto\u010dne d\u00f4kladn\u00e9 overenie bezpe\u010dnosti aplik\u00e1cie alebo syst\u00e9mu.<\/p>\n<p>Penetra\u010dn\u00e9 testovanie m\u00f4\u017ee by\u0165 vykonan\u00e9 r\u00f4znymi postupmi. Niektor\u00ed dod\u00e1vatelia ako svoj \u201eknow-how\u201c pou\u017e\u00edvaj\u00fa vlastn\u00e9 metodol\u00f3gie, v\u00e4\u010d\u0161ina sk\u00fasen\u00fdch spolo\u010dnost\u00ed ale preferuje verejne dostupn\u00e9 \u201ebest-practice\u201c metodol\u00f3gie, medzi najzn\u00e1mej\u0161ie patr\u00ed OSSTMM, pri detailnom testovan\u00ed webov\u00fdch aplik\u00e1ci\u00ed je to OWASP Testing Guide v4 , v pr\u00edpade mobiln\u00fdch aplik\u00e1ci\u00ed zase OWASP Mobile Project. Aplik\u00e1cie na spracovanie \u010d\u00edsel platobn\u00fdch kariet sa obvykle testuj\u00fa pod\u013ea PCI-DSS \u0161tandardu.<\/p>\n<p lang=\"sk-SK\" align=\"left\"><span style=\"font-size: medium;\"><b>3. Organiza\u010dn\u00e1 zodpovednos\u0165 a nezaujatos\u0165<\/b><\/span><\/p>\n<p>Spolo\u010dnos\u0165 na penetra\u010dn\u00e9 testovanie by nemala ma\u0165 probl\u00e9m o odhalen\u00fdch bezpe\u010dnostn\u00fdch n\u00e1lezoch informova\u0165 z\u00e1kazn\u00edka okam\u017eite, e\u0161te predt\u00fdm, ako mu vyhotov\u00ed a dod\u00e1 v\u00fdsledn\u00fa spr\u00e1vu. Dodr\u017eiavanie term\u00ednov ukon\u010denia je tie\u017e zn\u00e1mka profesionality.<\/p>\n<p>\u010eal\u0161\u00ed prejav profesionality dod\u00e1vate\u013ea je dodr\u017eiavanie internej bezpe\u010dnosti samotn\u00fdch penetra\u010dn\u00fdch testerov (mazanie odovzdan\u00fdch v\u00fdsledn\u00fdch spr\u00e1v a dokument\u00e1cie po ukon\u010den\u00ed projektu, mo\u017enos\u0165 \u0161ifrovanej komunik\u00e1cie so samotn\u00fdmi testermi vyu\u017eit\u00edm technol\u00f3gii PGP alebo S\/MIME, \u010di \u0161ifrovan\u00e9 hovory, ako aj fyzick\u00e1 bezpe\u010dnos\u0165 priestorov dod\u00e1vate\u013ea a jej neust\u00e1le preverovanie).<\/p>\n<p>D\u00f4le\u017eit\u00e1 je aj \u00fastretovos\u0165 k smerom z\u00e1kazn\u00edkovi \u2013 napr\u00edklad ochota vykon\u00e1va\u0165 niektor\u00e9 druhy testov (napr\u00edklad DoS) v no\u010dn\u00fdch hodin\u00e1ch, \u010di cez v\u00edkendy.<\/p>\n<p>Aby bola zachovan\u00e1 \u010do najv\u00e4\u010d\u0161ia nezaujatos\u0165 a objekt\u00edvnos\u0165 pri h\u013eadan\u00ed zranite\u013enost\u00ed, vykon\u00e1vate\u013e penetra\u010dn\u00fdch testov \u010di bezpe\u010dnostn\u00fdch auditov by mala by\u0165 in\u00e1 spolo\u010dnos\u0165 ako spolo\u010dnos\u0165, ktor\u00e1 samotn\u00e9 rie\u0161enie vyv\u00edja \u010di nasadzuje. Podobne vykon\u00e1vate\u013e testov by nemal realizova\u0165 samotn\u00e9 bezpe\u010dnostn\u00e9 opravy a mal by sl\u00fa\u017ei\u0165 len ako nez\u00e1visl\u00fd bezpe\u010dnostn\u00fd konzultant.<\/p>\n<p lang=\"sk-SK\" align=\"left\"><span style=\"font-size: large;\"><b>Sk\u00fasenosti a aktivity v IT bezpe\u010dnostnej komunite<\/b><\/span><\/p>\n<p>Penetra\u010dn\u00e9 testovanie je citliv\u00e1 oblas\u0165 a mno\u017estvo z\u00e1kazn\u00edkov si ne\u017eel\u00e1 by\u0165 zverejnen\u00fdch v referenci\u00e1ch dod\u00e1vate\u013eov penetra\u010dn\u00fdch testov \u010di bezpe\u010dnostn\u00fdch auditov. Napriek tomu dostupn\u00e9 referencie m\u00f4\u017eu pom\u00f4c\u0165 zisti\u0165, \u010di dan\u00e1 spolo\u010dnos\u0165 m\u00e1 dlhodob\u00e9 sk\u00fasenosti napr\u00edklad s testovan\u00edm aplik\u00e1ci\u00ed v bankovom prostred\u00ed, testovan\u00edm mobiln\u00fdch aplik\u00e1ci\u00ed, \u010di r\u00f4znymi ne\u0161tandardn\u00fdmi technol\u00f3giami, ktor\u00e9 z\u00e1kazn\u00edk po\u017eaduje.<\/p>\n<p>Tie najlep\u0161ie svetov\u00e9 firmy d\u00e1 sa poveda\u0165 \u201ebezpe\u010dnos\u0165ou \u017eij\u00fa\u201c &#8211; neust\u00e1le odha\u013euj\u00fa nov\u00e9 druhy a vektory zranite\u013enost\u00ed, analyzuj\u00fa nov\u00e9 technol\u00f3gie, p\u00ed\u0161u odborn\u00e9 \u010dl\u00e1nky, publikuj\u00fa a predn\u00e1\u0161aj\u00fa na svetov\u00fdch konferenci\u00e1ch a svoje know-how, \u010di technick\u00e9 n\u00e1stroje zverej\u0148uj\u00fa.<\/p>\n<p lang=\"sk-SK\" align=\"left\"><span style=\"color: #000000;\"><span style=\"font-size: large;\"><b>Z\u00e1ver<\/b><\/span><\/span><\/p>\n<p>Rozdiely v kvalite ako aj cene firiem na penetra\u010dn\u00e9 testy a bezpe\u010dnostn\u00e9 audity m\u00f4\u017eu by\u0165 skuto\u010dne dramatick\u00e9. Pri osloven\u00ed viacer\u00fdch dod\u00e1vate\u013eov je preto vhodn\u00e9 na za\u010diatku definova\u0165 o\u010dak\u00e1van\u00fa \u00farove\u0148 a h\u013abku samotn\u00e9ho bezpe\u010dnostn\u00e9ho zhodnotenia a na z\u00e1klade toho vybra\u0165 cenovo prijate\u013en\u00e9ho dod\u00e1vate\u013ea.<\/p>\n<p>Ked\u017ee ka\u017ed\u00fd dod\u00e1vate\u013e m\u00f4\u017ee ma\u0165 trochu in\u00fd poh\u013ead na bezpe\u010dnos\u0165 a odhalen\u00e9 zranite\u013enosti r\u00f4znych dod\u00e1vate\u013eov sa nemusia prekr\u00fdva\u0165, pri testovan\u00ed bezpe\u010dnosti je dobr\u00e9 disponova\u0165 nezaujat\u00fdm n\u00e1zorom od viacer\u00fdch spolo\u010dnost\u00ed. Preto minim\u00e1lne vo finan\u010dnom sektore existuje pravidlo strieda\u0165 dod\u00e1vate\u013eov na penetra\u010dn\u00e9 testy a bezpe\u010dnostn\u00e9 audity a to napr\u00edklad ka\u017ed\u00e9 dva roky.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>D\u00f4le\u017eit\u00e9 krit\u00e9ria pri v\u00fdbere spo\u013eahliv\u00e9ho dod\u00e1vate\u013ea \u00davod Hne\u010f na za\u010diatku by som r\u00e1d zd\u00f4raznil, \u017ee vediem firmu zameran\u00fa na penetra\u010dn\u00e9 testovanie a bezpe\u010dnostn\u00e9 audity. Aby som sa \u010do najviac vyhol zaujatosti, sna\u017eil som sa nasleduj\u00facom \u010dl\u00e1nku zachova\u0165 v maxim\u00e1lne mo\u017enej miere objektivitu, s\u00fa\u010dasne pritom ale vyu\u017ei\u0165 moje takmer 15-ro\u010dn\u00e9 sk\u00fasenosti v oblasti penetra\u010dn\u00e9ho testovania a [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[12],"tags":[],"class_list":["post-1528","post","type-post","status-publish","format-standard","hentry","category-uncategorized-cs"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Ako si vybra\u0165 firmu na penetra\u010dn\u00e9 testovanie? - Nethemba<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nethemba.com\/cs\/ako-si-vybrat-firmu-na-penetracne-testovanie\/\" \/>\n<meta property=\"og:locale\" content=\"cs_CZ\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Ako si vybra\u0165 firmu na penetra\u010dn\u00e9 testovanie? - Nethemba\" \/>\n<meta property=\"og:description\" content=\"D\u00f4le\u017eit\u00e9 krit\u00e9ria pri v\u00fdbere spo\u013eahliv\u00e9ho dod\u00e1vate\u013ea \u00davod Hne\u010f na za\u010diatku by som r\u00e1d zd\u00f4raznil, \u017ee vediem firmu zameran\u00fa na penetra\u010dn\u00e9 testovanie a bezpe\u010dnostn\u00e9 audity. Aby som sa \u010do najviac vyhol zaujatosti, sna\u017eil som sa nasleduj\u00facom \u010dl\u00e1nku zachova\u0165 v maxim\u00e1lne mo\u017enej miere objektivitu, s\u00fa\u010dasne pritom ale vyu\u017ei\u0165 moje takmer 15-ro\u010dn\u00e9 sk\u00fasenosti v oblasti penetra\u010dn\u00e9ho testovania a [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nethemba.com\/cs\/ako-si-vybrat-firmu-na-penetracne-testovanie\/\" \/>\n<meta property=\"og:site_name\" content=\"Nethemba\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/nethemba\" \/>\n<meta property=\"article:published_time\" content=\"2014-11-13T19:12:01+00:00\" \/>\n<meta name=\"author\" content=\"Pavol Lupt\u00e1k\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@nethemba\" \/>\n<meta name=\"twitter:site\" content=\"@nethemba\" \/>\n<meta name=\"twitter:label1\" content=\"Napsal(a)\" \/>\n\t<meta name=\"twitter:data1\" content=\"Pavol Lupt\u00e1k\" \/>\n\t<meta name=\"twitter:label2\" content=\"Odhadovan\u00e1 doba \u010dten\u00ed\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minut\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/nethemba.com\/cs\/ako-si-vybrat-firmu-na-penetracne-testovanie\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/nethemba.com\/cs\/ako-si-vybrat-firmu-na-penetracne-testovanie\/\"},\"author\":{\"name\":\"Pavol Lupt\u00e1k\",\"@id\":\"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234\"},\"headline\":\"Ako si vybra\u0165 firmu na penetra\u010dn\u00e9 testovanie?\",\"datePublished\":\"2014-11-13T19:12:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/nethemba.com\/cs\/ako-si-vybrat-firmu-na-penetracne-testovanie\/\"},\"wordCount\":1613,\"commentCount\":0,\"articleSection\":[\"Uncategorized @cs\"],\"inLanguage\":\"cs\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/nethemba.com\/cs\/ako-si-vybrat-firmu-na-penetracne-testovanie\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/nethemba.com\/cs\/ako-si-vybrat-firmu-na-penetracne-testovanie\/\",\"url\":\"https:\/\/nethemba.com\/cs\/ako-si-vybrat-firmu-na-penetracne-testovanie\/\",\"name\":\"Ako si vybra\u0165 firmu na penetra\u010dn\u00e9 testovanie? - Nethemba\",\"isPartOf\":{\"@id\":\"https:\/\/nethemba.com\/de\/#website\"},\"datePublished\":\"2014-11-13T19:12:01+00:00\",\"author\":{\"@id\":\"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234\"},\"breadcrumb\":{\"@id\":\"https:\/\/nethemba.com\/cs\/ako-si-vybrat-firmu-na-penetracne-testovanie\/#breadcrumb\"},\"inLanguage\":\"cs\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/nethemba.com\/cs\/ako-si-vybrat-firmu-na-penetracne-testovanie\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/nethemba.com\/cs\/ako-si-vybrat-firmu-na-penetracne-testovanie\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/nethemba.com\/cs\/home-new-2025\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ako si vybra\u0165 firmu na penetra\u010dn\u00e9 testovanie?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/nethemba.com\/de\/#website\",\"url\":\"https:\/\/nethemba.com\/de\/\",\"name\":\"Nethemba\",\"description\":\"We care about your security\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/nethemba.com\/de\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"cs\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234\",\"name\":\"Pavol Lupt\u00e1k\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"cs\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"caption\":\"Pavol Lupt\u00e1k\"},\"sameAs\":[\"https:\/\/www.nethemba.com\/\"],\"url\":\"https:\/\/nethemba.com\/cs\/author\/nethemba-admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Ako si vybra\u0165 firmu na penetra\u010dn\u00e9 testovanie? - Nethemba","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nethemba.com\/cs\/ako-si-vybrat-firmu-na-penetracne-testovanie\/","og_locale":"cs_CZ","og_type":"article","og_title":"Ako si vybra\u0165 firmu na penetra\u010dn\u00e9 testovanie? - Nethemba","og_description":"D\u00f4le\u017eit\u00e9 krit\u00e9ria pri v\u00fdbere spo\u013eahliv\u00e9ho dod\u00e1vate\u013ea \u00davod Hne\u010f na za\u010diatku by som r\u00e1d zd\u00f4raznil, \u017ee vediem firmu zameran\u00fa na penetra\u010dn\u00e9 testovanie a bezpe\u010dnostn\u00e9 audity. Aby som sa \u010do najviac vyhol zaujatosti, sna\u017eil som sa nasleduj\u00facom \u010dl\u00e1nku zachova\u0165 v maxim\u00e1lne mo\u017enej miere objektivitu, s\u00fa\u010dasne pritom ale vyu\u017ei\u0165 moje takmer 15-ro\u010dn\u00e9 sk\u00fasenosti v oblasti penetra\u010dn\u00e9ho testovania a [&hellip;]","og_url":"https:\/\/nethemba.com\/cs\/ako-si-vybrat-firmu-na-penetracne-testovanie\/","og_site_name":"Nethemba","article_publisher":"https:\/\/www.facebook.com\/nethemba","article_published_time":"2014-11-13T19:12:01+00:00","author":"Pavol Lupt\u00e1k","twitter_card":"summary_large_image","twitter_creator":"@nethemba","twitter_site":"@nethemba","twitter_misc":{"Napsal(a)":"Pavol Lupt\u00e1k","Odhadovan\u00e1 doba \u010dten\u00ed":"8 minut"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nethemba.com\/cs\/ako-si-vybrat-firmu-na-penetracne-testovanie\/#article","isPartOf":{"@id":"https:\/\/nethemba.com\/cs\/ako-si-vybrat-firmu-na-penetracne-testovanie\/"},"author":{"name":"Pavol Lupt\u00e1k","@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234"},"headline":"Ako si vybra\u0165 firmu na penetra\u010dn\u00e9 testovanie?","datePublished":"2014-11-13T19:12:01+00:00","mainEntityOfPage":{"@id":"https:\/\/nethemba.com\/cs\/ako-si-vybrat-firmu-na-penetracne-testovanie\/"},"wordCount":1613,"commentCount":0,"articleSection":["Uncategorized @cs"],"inLanguage":"cs","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nethemba.com\/cs\/ako-si-vybrat-firmu-na-penetracne-testovanie\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nethemba.com\/cs\/ako-si-vybrat-firmu-na-penetracne-testovanie\/","url":"https:\/\/nethemba.com\/cs\/ako-si-vybrat-firmu-na-penetracne-testovanie\/","name":"Ako si vybra\u0165 firmu na penetra\u010dn\u00e9 testovanie? - Nethemba","isPartOf":{"@id":"https:\/\/nethemba.com\/de\/#website"},"datePublished":"2014-11-13T19:12:01+00:00","author":{"@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234"},"breadcrumb":{"@id":"https:\/\/nethemba.com\/cs\/ako-si-vybrat-firmu-na-penetracne-testovanie\/#breadcrumb"},"inLanguage":"cs","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nethemba.com\/cs\/ako-si-vybrat-firmu-na-penetracne-testovanie\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/nethemba.com\/cs\/ako-si-vybrat-firmu-na-penetracne-testovanie\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nethemba.com\/cs\/home-new-2025\/"},{"@type":"ListItem","position":2,"name":"Ako si vybra\u0165 firmu na penetra\u010dn\u00e9 testovanie?"}]},{"@type":"WebSite","@id":"https:\/\/nethemba.com\/de\/#website","url":"https:\/\/nethemba.com\/de\/","name":"Nethemba","description":"We care about your security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nethemba.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"cs"},{"@type":"Person","@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234","name":"Pavol Lupt\u00e1k","image":{"@type":"ImageObject","inLanguage":"cs","@id":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","caption":"Pavol Lupt\u00e1k"},"sameAs":["https:\/\/www.nethemba.com\/"],"url":"https:\/\/nethemba.com\/cs\/author\/nethemba-admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/posts\/1528","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/comments?post=1528"}],"version-history":[{"count":0,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/posts\/1528\/revisions"}],"wp:attachment":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/media?parent=1528"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/categories?post=1528"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/tags?post=1528"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}