{"id":5554,"date":"2020-12-21T14:25:52","date_gmt":"2020-12-21T13:25:52","guid":{"rendered":"https:\/\/nethemba.com\/?p=5554"},"modified":"2020-12-29T13:03:30","modified_gmt":"2020-12-29T12:03:30","slug":"prirucka-naseho-zakaznika-ii","status":"publish","type":"post","link":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-ii\/","title":{"rendered":"P\u0159\u00edru\u010dka na\u0161eho z\u00e1kazn\u00edka II"},"content":{"rendered":"<p>Toto je druh\u00e9 pokra\u010dov\u00e1n\u00ed \u010dl\u00e1nku <a href=\"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-i\/\">P\u0159\u00edru\u010dka na\u0161eho z\u00e1kazn\u00edka I &#8211; Jak\u00fd penetra\u010dn\u00ed test nebo bezpe\u010dnostn\u00ed audit pot\u0159ebuji? (RFI)<\/a>.<\/p>\n<h1><span style=\"font-weight: 400;\"><a id=\"RFP\"><\/a>Chci nab\u00eddku, co ode m\u011b pot\u0159ebujete? (RFP)<\/span><\/h1>\n<p><span style=\"font-weight: 400;\">Pokud ji\u017e p\u0159esn\u011b v\u00edte, o jak\u00e9 penetra\u010dn\u00ed testy nebo bezpe\u010dnostn\u00ed audity m\u00e1te z\u00e1jem, tak n\u00e1s nev\u00e1hejte kontaktovat. M\u016f\u017eete to u\u010dinit i bezpe\u010dn\u00fdm, \u0161ifrovan\u00fdm zp\u016fsobem &#8211; zaslat n\u00e1m S\/MIME nebo PGP \u0161ifrovanou zpr\u00e1vu (na\u0161e kl\u00ed\u010de <\/span><a href=\"https:\/\/nethemba.com\/cs\/o-nas\/nas-tym\/\"><span style=\"font-weight: 400;\">naleznete zde<\/span><\/a><span style=\"font-weight: 400;\">) nebo n\u00e1s kontaktovat p\u0159es aplikaci Signal (na \u010d\u00edsle uveden\u00e9m v <\/span><a href=\"https:\/\/nethemba.com\/cs\/kontakt\/\"><span style=\"font-weight: 400;\">na\u0161ich ofici\u00e1ln\u00edch kontaktech<\/span><\/a><span style=\"font-weight: 400;\">).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Abychom v\u00e1m dok\u00e1zali vytvo\u0159it cenovou nab\u00eddku, tak budeme od v\u00e1s pot\u0159ebovat p\u00e1r informac\u00ed.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Standardn\u00ed penetra\u010dn\u00ed testy nab\u00edz\u00edme za fixn\u00ed cenu, kter\u00e1 reflektuje na\u0161i fixn\u00ed pracnost. Je nutn\u00e9 podotknout, \u017ee tento druh penetra\u010dn\u00edch test\u016f je ur\u010den skute\u010dn\u011b pro jednoduch\u00e9 weby nebo aplikace, p\u0159\u00edpadn\u011b pro z\u00edsk\u00e1n\u00ed odpov\u011bdi na ot\u00e1zku &#8222;Dok\u00e1\u017ee c\u00edlen\u00fd \u00fato\u010dn\u00edk vyhackova\u0165 m\u016fj web b\u011bhem t\u0159\u00ed dn\u016f?&#8220;. Je ale vysloven\u011b nevhodn\u00fd pro v\u011bt\u0161\u00ed nebo komplexn\u00ed aplikace.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Odhad pracnosti detailn\u00edho bezpe\u010dnostn\u00edho auditu webov\u00e9 aplikace dok\u00e1\u017eeme realizovat t\u0159emi zp\u016fsoby. Pro v\u00e1s nejjednodu\u0161\u0161\u00ed (a pro n\u00e1s nejrychlej\u0161\u00ed) zp\u016fsob je takov\u00fd, \u017ee n\u00e1m vytvo\u0159\u00edte testovac\u00ed \u00fa\u010det do va\u0161\u00ed aplikace, kterou chcete otestovat. Pro realizaci test\u016fz pohledu u\u017eivatel\u016f s r\u016fzn\u00fdmi rolemi, tak pot\u0159ebujeme samostatn\u00fd testovac\u00ed \u00fa\u010det pro ka\u017edou roli. Toto n\u00e1m pak sta\u010d\u00ed, abychom odhadli komplexnost samotn\u00e9 aplikace a tedy i na\u0161i p\u0159edpokl\u00e1danou pracnost a v\u00fdslednou cenu. Bohu\u017eel ne v\u017edy dok\u00e1\u017eeme z\u00edskat testovac\u00ed p\u0159\u00edstup do testovan\u00e9 aplikace (nap\u0159\u00edklad proto, \u017ee uveden\u00e1 aplikace m\u016f\u017ee b\u00fdt je\u0161t\u011b ve v\u00fdvoji). V tomto p\u0159\u00edpad\u011b existuj\u00ed dal\u0161\u00ed dva zp\u016fsoby, jak odhadnout komplexnost uveden\u00e9 aplikace a tedy na\u0161i samotnou pracnost. Prvn\u00ed zp\u016fsob je, \u017ee n\u00e1m po\u0161lete ve\u0161kerou technickou dokumentaci, kterou k aplikaci m\u00e1te. Ide\u00e1ln\u011b z\u00e1tove\u0148 se screenshoty a detailn\u00edmi popisy ka\u017ed\u00e9ho formul\u00e1\u0159e. Druh\u00fd zp\u016fsob je, \u017ee n\u00e1m odpov\u00edte na sadu na\u0161ich specifick\u00fdch ot\u00e1zek, kter\u00e9 v\u00e1m za\u0161leme, a kter\u00e9 se t\u00fdkaj\u00ed samotn\u00e9 aplikace:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">jak\u00fd je odhadem po\u010det str\u00e1nek \u0159e\u0161en\u00ed? (Tj unik\u00e1tn\u00edch &#8222;obrazovek&#8220;, nebo &#8222;routes&#8220;)<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">jak\u00fd je zhruba po\u010det formul\u00e1\u0159ov\u00fdch vstup\u016f? (Tj vstupn\u00edch &#8222;pol\u00ed\u010dek&#8220; na cel\u00e9m webu)<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">pou\u017e\u00edv\u00e1 se SSL?<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">pou\u017e\u00edv\u00e1 se autentifikace (testuje se ov\u0119\u0159ena \u010d\u00e1st webu)?<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">pokud ano, pou\u017e\u00edv\u00e1 se v\u00edcefaktorov\u00e1 autentifikace?<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">pou\u017e\u00edv\u00e1 se captcha?<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">v\u00edte stru\u010dn\u011b popsat \u00fa\u010del a funkcionalitu aplikace 2-3 v\u011btami?<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">jak\u00fd je po\u010det u\u017eivatelsk\u00fdch rol\u00ed (z pohledu nich\u017e testuje)? Pokud jsou role variabiln\u00ed, doporu\u010dujeme vytvo\u0159it 3-4 role &#8211; nejm\u00e9n\u011b a nejv\u00edce opr\u00e1vn\u011bnou, nejv\u00edce exponovanou apod.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">pou\u017e\u00edv\u00e1 se n\u011bkde v \u0159e\u0161en\u00ed technologie n\u00e1chyln\u00e1 na probl\u00e9my se spr\u00e1vou pam\u011bti na stran\u011b serveru? (C \/ C ++)<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">pou\u017e\u00edv\u00e1 se v \u0159e\u0161en\u00ed tlust\u00fd klient (Java applety, Silverlight, Flash, ActiveX, &#8230;)?<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">p\u0159ejete si aplikaci testovat na DoS zranitelnosti (ne DDoS)?<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">pou\u017e\u00edvaj\u00ed se HTML5 features, nap\u0159. web sockets, local storage atd.?<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">vystavuje aplikace vlastn\u00ed webov\u00e9 slu\u017eby (SOAP nebo REST), jin\u00e9 ne\u017e ty, kter\u00e9 konzumuje frontend (nap\u0159. pro integraci t\u0159et\u00edch stran)?<\/span>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">pros\u00edm, dodejte n\u00e1m dokumentaci t\u011bchto API ve standardn\u00edm form\u00e1tu (WSDL, Swagger, Postman, API Blueprint, &#8230;)<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">pokud to nen\u00ed mo\u017en\u00e9, kolik operac\u00ed s kolika parametry tyto API implementuj\u00ed?<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">je k t\u011bmto webov\u00fdm slu\u017eb\u00e1m k dispozici klient (nap\u0159. javascript web, mobiln\u00ed aplikace, nebo alespo\u0148 SOAP UI projekt), kter\u00fd dok\u00e1\u017ee generovat legitimn\u00ed po\u017eadavky na API?<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">jak\u00fdm zp\u016fsobem je \u0159e\u0161ena autentifikace?<\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">testov\u00e1n\u00ed je mo\u017en\u00e9 i na d\u00e1lku nebo je pot\u0159eba b\u00fdt fyzicky u z\u00e1kazn\u00edka?<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">jak\u00fd m\u00e1 b\u00fdt jazyk v\u00fdsledn\u00e9 zpr\u00e1vy?<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">kde bude aplikace hostovan\u00e1 b\u011bhem testu, na vlastn\u00edm hw \/ VPS \/ cloud \/ sd\u00edlen\u00fd hosting (kv\u016fli souhlasu resp. omezen\u00edm provozovatele)?<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">na jak\u00e9m prost\u0159ed\u00ed se testuje (DEV \/ TEST, INT \/ UAT, PROD &#8230; (doporu\u010deno 1:1 kopie produkce bez &#8222;ostr\u00fdch&#8220; dat, dedikovan\u00e1 jen pro penetra\u010dn\u00ed testy)<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">jak\u00fd je preferovan\u00fd term\u00edn testov\u00e1n\u00ed?<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Na z\u00e1klad\u011b nich dok\u00e1\u017eeme pak odhadnout na\u0161i v\u00fdslednou pracnost a tedy i v\u00fdslednou cenu.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Pokud m\u00e1te z\u00e1jem o testy mobiln\u00edch aplikac\u00ed, pak ide\u00e1ln\u011b pot\u0159ebujeme tyto aplikace tak\u00e9 vid\u011bt (nemus\u00ed b\u00fdt nutn\u011b v Google \/ iOS repozit\u00e1\u0159i, sta\u010d\u00ed bin\u00e1rn\u00ed APK) nebo poslat k nim ve\u0161kerou dostupnou technickou dokumentaci. Tak\u00e9 pot\u0159ebujeme detailn\u00ed popis webov\u00fdch slu\u017eeb, kter\u00e9 dan\u00e1 mobiln\u00ed aplikace pou\u017e\u00edv\u00e1 (nap\u0159\u00edklad Swagger specifikaci). Tento krok nen\u00ed nutn\u00fd, pokud chcete blackbox testov\u00e1n\u00ed samotn\u00e9 aplikace (v tomto p\u0159\u00edpad\u011b si samotn\u00e9 pou\u017e\u00edvan\u00e9 metody, jejich vstupy a v\u00fdstupy sami zjist\u00edme odposlechem komunikace samotn\u00e9 aplikace).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">P\u0159i extern\u00edch penetra\u010dn\u00edch testech pot\u0159ebujeme v\u011bd\u011bt po\u010det testovan\u00fdch IP adres nebo IP rozsah\u016f, ide\u00e1ln\u011b pokud je mo\u017en\u00e9 specifikovat i pou\u017eit\u00e9 opera\u010dn\u00ed syst\u00e9my nebo typy s\u00ed\u0165ov\u00fdch za\u0159\u00edzen\u00ed. Tak\u00e9 n\u00e1m pom\u016f\u017ee mapa s\u00ed\u0165ov\u00e9 architektury (nen\u00ed nutn\u00e1 p\u0159i blackbox testech). V p\u0159\u00edpad\u011b, \u017ee vy\u017eaduje zcela blackbox testy a nechcete n\u00e1m sd\u011blovat \u017e\u00e1dn\u00e9 informace o zkou\u0161en\u00e9 infrastruktu\u0159e, tak to je tak\u00e9 mo\u017en\u00e9 &#8211; v tomto p\u0159\u00edpad\u011b pou\u017eijeme ale horn\u00ed cenov\u00fd odhad pro extern\u00ed penetra\u010dn\u00ed testy.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">P\u0159i intern\u00edch penetra\u010dn\u00edch testech pot\u0159ebujeme tak\u00e9 v\u011bd\u011bt po\u010det testovan\u00fdch IP adres nebo IP rozsah\u016f (p\u0159\u00edpadn\u011b i po\u010det lokalit, pokud testov\u00e1n\u00ed prob\u00edh\u00e1 &#8222;onsite&#8220;). Pokud provozujete n\u011bjak\u00e9 velmi star\u00e9 syst\u00e9my, kde je pravd\u011bpodobn\u00e9, \u017ee spadnou p\u0159i agresivn\u00edm scanu (tato situace sama o sob\u011b p\u0159edstavuje bezpe\u010dnostn\u00ed riziko a nem\u011bla by ani nastat), tak je mo\u017en\u00e9 n\u00e1m dodat jejich seznam IP adres a my jejich p\u0159i testov\u00e1n\u00ed vynech\u00e1me.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">U v\u0161ech v\u00fd\u0161e uveden\u00fdch test\u016f plat\u00ed, \u017ee kdy\u017e chcete realizovat agresivn\u00ed DoS (Denial Of Service) testy, tak je mo\u017en\u00e9 se dohodnout na p\u0159esn\u00e9m \u010dase testov\u00e1n\u00ed (nap\u0159\u00edklad v ned\u011bli o 4:00 r\u00e1no.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">N\u011bkte\u0159\u00ed z\u00e1kazn\u00edci cht\u011bj\u00ed realizovat distribuovan\u00e9 DoS \u00fatoky (DDoS). Zde je t\u0159eba podotknout, \u017ee tyto testy maj\u00ed smysl pouze tehdy, pokud jsou realizov\u00e1ny z tis\u00edc\u016f r\u016fzn\u00fdch IP adres. Kter\u00e9 obvykle \u017e\u00e1dn\u00e1 IT security firma nevlastn\u00ed. Toto dok\u00e1\u017eeme vy\u0159e\u0161it zp\u016fsobem, \u017ee od cloudov\u00fdch poskytovatel\u016f (nap\u0159\u00edklad Amazon) zakoup\u00edme na dohodnutou dobu test\u016f tis\u00edce virtu\u00e1ln\u00edch server\u016f s tis\u00edci IP adres. Uveden\u00e9 \u0159e\u0161en\u00ed ale vy\u017eaduje extra n\u00e1klady pot\u0159ebn\u00e9 na objedn\u00e1n\u00ed a provoz t\u011bchto tis\u00edc server\u016f. Proto obvykle distribuovan\u00e9 DoS \u00fatoky nerealizujeme. Nam\u00edsto toho realizujeme tzv. aplika\u010dn\u00ed DoS testy, jejich\u017e c\u00edlem je otestovat zda dok\u00e1\u017eeme uvedenou aplikaci nebo syst\u00e9m shodit z b\u011b\u017en\u00e9ho dom\u00e1c\u00edho internetov\u00e9ho p\u0159ipojen\u00ed. Je t\u0159eba poznamenat, \u017ee dostate\u010dn\u00e9 siln\u00e9 distribuovan\u00e9 DoS \u00fatoky dok\u00e1\u017e\u00ed shodit prakticky jakoukoliv internetovou slu\u017ebu a m\u016f\u017ee b\u00fdt velmi problematick\u00e9 se v\u016f\u010di nim br\u00e1nit (v p\u0159\u00edpad\u011b takov\u00e9ho rizika proto doporu\u010dujeme pou\u017e\u00edt \u0159e\u0161en\u00ed jako nap\u0159\u00edklad <\/span><a href=\"https:\/\/cloudflare.com\"><span style=\"font-weight: 400;\">CloudFlare<\/span><\/a><span style=\"font-weight: 400;\">).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Po dohod\u011b s na\u0161imi etick\u00fdmi hackery a podle jejich \u010dasov\u00fdch mo\u017enost\u00ed v\u00e1m spolu s na\u0161\u00ed vypracovanou nab\u00eddkou um\u00edme d\u00e1t p\u0159esn\u011b v\u011bd\u011bt, kdy se do samotn\u00e9ho testov\u00e1n\u00ed dok\u00e1\u017eeme pustit. Nejv\u00edce p\u0159et\u00ed\u017een\u00ed jsme koncem roku, nejm\u00e9n\u011b na ja\u0159e nebo uprost\u0159ed l\u00e9ta. Nejlep\u0161\u00ed dostupnost m\u00e1me p\u0159i prov\u00e1d\u011bn\u00ed webov\u00fdch test\u016f, kter\u00e9 dok\u00e1\u017e\u00ed realizovat v\u0161ichni na\u0161i eti\u010dt\u00ed hacke\u0159i. Nejni\u017e\u0161\u00ed dostupnost m\u00e1me v p\u0159\u00edpad\u011b \u00fazce specializovan\u00fdch bezpe\u010dnostn\u00edch test\u016f, kter\u00e9 vy\u017eaduj\u00ed speci\u00e1ln\u00ed znalosti a um\u011bj\u00ed je realizovat jen \u00fazce profilov\u00e1n\u00ed experti. Specializovan\u00e9 testy doporu\u010dujeme proto zarezervovat p\u00e1r t\u00fddn\u016f a\u017e m\u011bs\u00edc\u016f dop\u0159edu.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Posledn\u00ed v\u011bc, kterou pot\u0159ebujeme v\u011bd\u011bt, je v jak\u00e9m jazyce m\u00e1 b\u00fdt vytvo\u0159ena samotn\u00e1 nab\u00eddka i v\u00fdsledn\u00e1 zpr\u00e1va (v p\u0159\u00edpad\u011b angli\u010dtiny to v\u00edme pokr\u00fdt nejv\u011bt\u0161\u00edm mno\u017estv\u00edm tester\u016f).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Po zasl\u00e1n\u00ed ve\u0161ker\u00fdch informac\u00ed pot\u0159ebn\u00fdch pro odhad pracnosti samotn\u00e9ho testov\u00e1n\u00ed v\u00e1m b\u011bhem nejbli\u017e\u0161\u00edch dn\u016f vyhotov\u00edme profesion\u00e1ln\u00ed cenovou nab\u00eddku. Nab\u00eddku standardn\u011b vyhotovujeme bu\u010f v \u010de\u0161tin\u011b nebo v angli\u010dtin\u011b, v p\u0159\u00edpad\u011b pot\u0159eby ji um\u00edme vyhotovit i v jin\u00e9m jazyce.<\/span><\/p>\n<h1><span style=\"font-weight: 400;\"><a id=\"Run\"><\/a>Rozhodl jsem se pro va\u0161e slu\u017eby, poj\u010fme do toho!<\/span><\/h1>\n<p><span style=\"font-weight: 400;\">Pokud v\u00e1s na\u0161e nab\u00eddka oslovila, kontaktujte n\u00e1s, ide\u00e1ln\u011b (\u0161ifrovan\u00fdm) emailem.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Nastal \u010das pro\u00a0 vypracov\u00e1n\u00ed a podpis smlouvy, kterou n\u00e1m ud\u011blujete souhlas s proveden\u00edm penetra\u010dn\u00edch test\u016f nebo bezpe\u010dnostn\u00edch audit\u016f va\u0161ich aplikac\u00ed, syst\u00e9m\u016f \u010di s\u00ed\u0165ov\u00e9 infrastruktury.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Za 14 let na\u0161\u00ed existence jsme r\u016fzn\u00fdmi iteraci dosp\u011bli k rozs\u00e1hl\u00e9 17 strann\u00e9 &#8222;Smlouv\u011b o zhodnocen\u00ed bezpe\u010dnosti&#8220; (k dispozici m\u00e1me tak\u00e9 anglickou verzi &#8222;Vulnerability Assessment Agreement&#8220;), kde jsou obsa\u017eeny v\u0161echny pot\u0159ebn\u00e9 informace na bezprobl\u00e9mov\u00e9 zah\u00e1jen\u00ed testov\u00e1n\u00ed a pops\u00e1ny prakticky v\u0161echny mo\u017en\u00e9 nestandardn\u00ed situace, kter\u00e9 b\u011bhem testov\u00e1n\u00ed m\u016f\u017ee nastat. Od p\u0159esn\u00e9ho data, kdy bude provedeno testov\u00e1n\u00ed, p\u0159es p\u0159esn\u00fd p\u0159edm\u011bt a rozsah samotn\u00e9ho testov\u00e1n\u00ed, typy test\u016f a\u017e po popis pou\u017eit\u00e9 metodologie. Smlouva definuje p\u0159esn\u011b pr\u00e1va a povinnosti n\u00e1s i na\u0161ich z\u00e1kazn\u00edk\u016f. V p\u0159\u00edpad\u011b, \u017ee si od n\u00e1s objedn\u00e1te jen kr\u00e1tk\u00fd standardn\u00ed penetra\u010dn\u00ed test, tak v\u00e1m v r\u00e1mci minimalizace byrokracie dok\u00e1\u017eeme poskytnout zjednodu\u0161enou verzi t\u00e9to rozs\u00e1hl\u00e9 smlouvy.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Mno\u017estv\u00ed na\u0161ich z\u00e1kazn\u00edk\u016f vy\u017eaduje podeps\u00e1n\u00ed smlouvy o ml\u010denlivosti (tzv. NDA). V tomto p\u0159\u00edpad\u011b je mo\u017en\u00e9 pou\u017e\u00edt na\u0161i \u0161ablonu NDA smlouvy nebo dok\u00e1\u017eeme pou\u017e\u00edt va\u0161i NDA smlouvu, pokud na tom trv\u00e1te. V tomto p\u0159\u00edpad\u011b ale v\u0161echny nov\u00e9 smlouvy (nejen NDA) podl\u00e9haj\u00ed kontrole na\u0161eho pr\u00e1vn\u00edho odd\u011blen\u00ed, kter\u00e9 pot\u0159ebuje p\u00e1r dn\u00ed na jejich anal\u00fdzu a zapracov\u00e1n\u00ed p\u0159ipom\u00ednek. Je t\u0159eba podotknout, \u017ee n\u011bkte\u0159\u00ed na\u0161i z\u00e1kazn\u00edci maj\u00ed nerealistick\u00e1 o\u010dek\u00e1v\u00e1n\u00ed v NDA smlouv\u011b &#8211; nap\u0159\u00edklad cht\u011bj\u00ed smlouvu o ml\u010denlivosti podepsat na dobu neur\u010ditou nebo navrhuj\u00ed obrovsk\u00e9 smluvn\u00ed pokuty, kter\u00e9 jsou p\u0159i objemu objednan\u00fdch slu\u017eeb, zcela neadekv\u00e1tn\u00ed.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Co v\u0161echno v\u00edme a co nev\u00edme garantovat na\u0161im z\u00e1kazn\u00edk\u016fm najdete <\/span><a href=\"https:\/\/nethemba.com\/co-vieme-a-co-nevieme-garantovat-nasim-klientom\/\"><span style=\"font-weight: 400;\">v tomto \u010dl\u00e1nku<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Pokud m\u00e1te speci\u00e1ln\u00ed po\u017eadavky na proveden\u00ed test\u016f nebo na smlouvu o ml\u010denlivosti, tak je nutno po\u010d\u00edtat s t\u00edm, \u017ee podpis samotn\u00e9 smlouvy se m\u016f\u017ee o n\u011bkolik dn\u00ed posunout (v tomto p\u0159\u00edpad\u011b propoj\u00edme na\u0161e pr\u00e1vn\u00ed odd\u011blen\u00ed s va\u0161\u00edm pr\u00e1vn\u00edm odd\u011blen\u00edm). Tento probl\u00e9m nemus\u00edte m\u00edt, pokud se rozhodnete pou\u017e\u00edt na\u0161e st\u00e1vaj\u00edc\u00ed vylad\u011bn\u00e9 smlouvy. Up\u0159\u00edmn\u011b se sna\u017e\u00edme o to, aby na\u0161e smlouvy nebyly jednostrann\u00e9 a byly oboustrann\u011b vyv\u00e1\u017een\u00e9. Jako z\u00e1kazn\u00edka v\u00e1s toti\u017e chceme nejen nyn\u00ed, ale i v budoucnosti.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Ve smlouv\u011b je t\u0159eba tak\u00e9 uv\u00e9st kontaktn\u00ed \u00fadaje na va\u0161ie aplika\u010dn\u00ed a syst\u00e9mov\u00e9 administr\u00e1tory. Pro p\u0159\u00edpad, \u017ee by n\u00e1m testovan\u00e1 aplikace spadla nebo p\u0159estala fungovat (nest\u00e1v\u00e1 se to \u010dasto, ale m\u016f\u017ee se to st\u00e1t).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Smlouva specifikuje nap\u0159\u00edklad i to, kdy a zda v\u016fbec budou realizov\u00e1ny agresivn\u00ed DoS testy (pokud je z\u00e1kazn\u00edk vy\u017eaduje).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Na otest\u00e1van\u00ed pot\u0159ebujeme dodat v \u0161ifrovan\u00e9 form\u011b minim\u00e1ln\u011b dva testovac\u00ed \u00fa\u010dty, kter\u00e9 budeme b\u011bhem testov\u00e1n\u00ed vyu\u017e\u00edvat. Jde minim\u00e1ln\u011b o dva r\u016fzn\u00e9 testovac\u00ed \u00fa\u010dty pro ka\u017edou testovanou roli (to je nutn\u00e9, abychom korektn\u011b otestovali vertik\u00e1ln\u00ed a horizont\u00e1ln\u00ed eskalaci privilegi\u00ed v p\u0159\u00edpad\u011b testov\u00e1n\u00ed autorizace). Chcete-li svou aplikaci otestovat \u00fapln\u011b, tak pot\u0159ebujeme disponovat v\u0161emi u\u017eivatelsk\u00fdmi \u00fa\u010dty, kter\u00e9 dok\u00e1\u017e\u00ed funk\u010dn\u011b pokr\u00fdt v\u0161echny formul\u00e1\u0159e testovan\u00e9 aplikace.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Po podeps\u00e1n\u00ed samotn\u00e9 smlouvy z\u00e1kazn\u00edkovi automaticky garantujeme, \u017ee v dob\u011b dohodnut\u00e9ho testov\u00e1n\u00ed mu rezervujeme n\u011bkolik na\u0161ich dedikovan\u00fdch tester\u016f. Jeliko\u017e na\u0161i teste\u0159i participuj\u00ed na r\u016fzn\u00fdch projektech r\u016fzn\u00e9 z\u00e1kazn\u00edky v r\u016fzn\u00e9m \u010dase, je t\u0159eba aby n\u00e1m z\u00e1kazn\u00edk umo\u017enil plnohodnotn\u00e9 testov\u00e1n\u00ed v dohodnut\u00e9m \u010dase.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Jeliko\u017e mno\u017estv\u00ed na\u0161ich tester\u016f je ze zahrani\u010d\u00ed a nemluv\u00ed \u010desky, jen anglicky, tak v p\u0159\u00edpad\u011b, \u017ee se rozhodnete pro angli\u010dtinu, tak v\u00e1m dok\u00e1\u017eeme zabezpe\u010dit nejv\u011bt\u0161\u00ed dostupnost.<\/span><\/p>\n<h1><span style=\"font-weight: 400;\"><a id=\"TestingEnvironment\"><\/a>Jak p\u0159iprav\u00edm testovac\u00ed prost\u0159ed\u00ed a testovac\u00ed \u00fa\u010dty<\/span><\/h1>\n<p><span style=\"font-weight: 400;\">Nedostate\u010dn\u011b p\u0159ipraven\u00e9 testovac\u00ed prost\u0159ed\u00ed ze strany z\u00e1kazn\u00edka je bohu\u017eel \u010dasto k\u00e1men \u00farazu, kv\u016fli kter\u00e9mu se nedok\u00e1\u017eeme v\u010das pustit do test\u016f (a \u010dastokr\u00e1t n\u00e1sledn\u011b stihnout sl\u00edben\u00fd deadline testov\u00e1n\u00ed). Pokud toti\u017e nestihneme deadline nikoli na\u0161im zavin\u011bn\u00edm, tak do pokra\u010dov\u00e1n\u00ed test\u016f se m\u016f\u017eeme pustit a\u017e kdy\u017e na\u0161i teste\u0159i budou m\u00edt op\u011bt \u010das. To z\u00e1kazn\u00edka m\u016f\u017ee st\u00e1t dal\u0161\u00ed pen\u00edze a \u010das a sna\u017e\u00edme se tomu p\u0159edej\u00edt.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Proto je velmi d\u016fle\u017eit\u00e9, aby z\u00e1kazn\u00edk p\u0159ipravil v\u010das a po\u0159\u00e1dn\u011b prost\u0159ed\u00ed, kter\u00e9 m\u00e1 b\u00fdt p\u0159edm\u011btem na\u0161ich test\u016f. Jeliko\u017e agresivn\u00ed penetra\u010dn\u00ed testov\u00e1n\u00ed m\u016f\u017ee zp\u016fsobit p\u00e1d syst\u00e9m\u016f, aplikac\u00ed, \u010di po\u0161kozen\u00ed dat, tak preferujeme prov\u00e1d\u011bn\u00ed test\u016f prim\u00e1rn\u011b v testovac\u00edm nebo p\u0159edproduk\u010dn\u00edm prost\u0159ed\u00ed (to je takov\u00e9, kter\u00e9 je co nejv\u00edce identick\u00e9 s produk\u010dn\u00edm prost\u0159ed\u00edm). Souvis\u00ed to tak\u00e9 s t\u00edm, \u017ee chceme minimalizovat jakoukoliv odpov\u011bdnost za \u0161kody zp\u016fsoben\u00e9 na\u0161im testov\u00e1n\u00edm, kter\u00e9 principi\u00e1ln\u011b nem\u016f\u017eeme n\u00e9st. Pokud se z\u00e1kazn\u00edk boj\u00ed, \u017ee na\u0161e testov\u00e1n\u00ed zp\u016fsob\u00ed v\u00fdpadek jeho slu\u017eeb nebo po\u0161kozen\u00ed dat, tak by m\u011bl ud\u011blat v\u0161e proto, aby m\u011bl k dispozici testovac\u00ed nebo p\u0159edproduk\u010dn\u00ed prost\u0159ed\u00ed, kde m\u016f\u017eeme prov\u00e9st potenci\u00e1ln\u011b agresivn\u00ed testov\u00e1n\u00ed. Jestli\u017ee toto nedok\u00e1\u017ee zajistit a vy\u017eaduje testov\u00e1n\u00ed v produk\u010dn\u00edm prost\u0159ed\u00ed (co\u017e se n\u00e1m bohu\u017eel n\u011bkdy st\u00e1v\u00e1), tak by m\u011bl m\u00edt k dispozici aktu\u00e1ln\u00ed z\u00e1lohy a b\u011bhem testov\u00e1n\u00ed k dispozici sv\u00e9ho aplika\u010dn\u00edho nebo syst\u00e9mov\u00e9ho administr\u00e1tora, kter\u00e9mu dok\u00e1\u017eeme kdykoliv zavolat, kdy\u017e n\u00e1m testov\u00e1na aplikace vypadne nebo p\u0159estane norm\u00e1ln\u011b reagovat.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Tak\u00e9 je d\u016fle\u017eit\u00e9, aby b\u011bhem testov\u00e1n\u00ed z\u00e1kazn\u00edk testovan\u00e9 prost\u0159ed\u00ed nijak nem\u011bnil \u010di neaktualizoval, co\u017e m\u016f\u017ee zp\u016fsobit nekonzistence na\u0161ich odhalen\u00fdch n\u00e1lez\u016f.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Z\u00e1kazn\u00edk by podle podepsan\u00e9 smlouvy m\u011bl zajistit k datu spu\u0161t\u011bn\u00ed samotn\u00e9ho testov\u00e1n\u00ed p\u0159\u00edstup v\u0161em na\u0161im penetra\u010dn\u00edm testerem &#8211; ov\u011b\u0159it zda funguje VPN spojen\u00ed, kter\u00e9 n\u00e1m poskytl i samotn\u00e9 testovac\u00ed \u00fa\u010dty. Pokud samotn\u00e9 p\u0159ihla\u0161ov\u00e1n\u00ed vy\u017eaduje druh\u00fd faktor (OTP kalkula\u010dku nebo hardwarov\u00fd token), tak je nutn\u00e9, aby n\u00e1m ho v\u010das doru\u010dil.<\/span><\/p>\n<h1><span style=\"font-weight: 400;\"><a id=\"Expectations\"><\/a>Testov\u00e1n\u00ed \u00fasp\u011b\u0161n\u011b prob\u00edh\u00e1, co m\u00e1m \u010dekat?<\/span><\/h1>\n<p><span style=\"font-weight: 400;\">Po zaji\u0161t\u011bn\u00ed testovac\u00edho prost\u0159ed\u00ed a testovac\u00edch \u00fa\u010dt\u016f se ve fin\u00e1le pou\u0161t\u00edme do test\u016f. Pokud jde o testov\u00e1n\u00ed v testovac\u00edm nebo p\u0159edproduk\u010dn\u00ed prost\u0159ed\u00ed, tak na\u0161i teste\u0159i prov\u00e1d\u011bj\u00ed testy prakticky nonstop (preferovan\u00e1 situace).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Pokud jde o testov\u00e1n\u00ed produk\u010dn\u00edho prost\u0159ed\u00ed, tak se m\u016f\u017eeme p\u0159izp\u016fsobit \u010dasov\u00fdm po\u017eadavk\u016fm z\u00e1kazn\u00edka (n\u011bkte\u0159\u00ed vy\u017eaduj\u00ed testov\u00e1n\u00ed mimo pracovn\u00ed provoz, aby testov\u00e1n\u00ed negativn\u011b neovliv\u0148ovalo funk\u010dnost testovan\u00e9 aplikace, n\u011bkte\u0159\u00ed naopak vy\u017eaduj\u00ed testov\u00e1n\u00ed b\u011bhem pracovn\u00edho provozu, aby administr\u00e1to\u0159i a v\u00fdvoj\u00e1\u0159i aplikace u z\u00e1kazn\u00edka dok\u00e1zali okam\u017eit\u011b reagovat na p\u0159\u00edpadn\u00e9 ot\u00e1zky ze strany na\u0161ich tester\u016f).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Pokud b\u011bhem testov\u00e1n\u00ed odhal\u00edme kritick\u00e9 zranitelnosti v testovan\u00e9 aplikaci, syst\u00e9mu nebo v infrastruktu\u0159e, kter\u00e9 by mohly v\u00e9st k \u00faniku citliv\u00fdch informac\u00ed nebo ne\u00fa\u010dinnost, tak okam\u017eit\u011b kontaktujeme (telefonicky nebo e-mailem) z\u00e1kazn\u00edka a po\u017e\u00e1d\u00e1me ho bezprost\u0159edn\u00ed opravu.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Kritick\u00e9 jako\u017e i v\u0161echny m\u00e9n\u011b kritick\u00e9 zranitelnosti na\u0161i teste\u0159i zahrnou do v\u00fdsledn\u00e9 zpr\u00e1vy, kter\u00e1 je na konci testov\u00e1n\u00ed zasl\u00e1na a p\u0159edstavena z\u00e1kazn\u00edkovi (dokud je to mo\u017en\u00e9, tak v \u0161ifrovan\u00e9 form\u011b).<\/span><\/p>\n<h1><span style=\"font-weight: 400;\"><a id=\"Report\"><\/a>V\u00fdsledn\u00e1 zpr\u00e1va<\/span><\/h1>\n<p><span style=\"font-weight: 400;\">Na konci ka\u017ed\u00e9ho penetra\u010dn\u00edho testu nebo bezpe\u010dnostn\u00edho auditu, od n\u00e1s obdr\u017e\u00edte profesion\u00e1ln\u011b vypracovanou v\u00fdslednou zpr\u00e1vu (v angli\u010dtin\u011b nebo jin\u00e9m podporovan\u00e9m jazyce).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">V\u00fdsledn\u00e1 zpr\u00e1va obsahuje na za\u010d\u00e1tku mana\u017eersk\u00e9 shrnut\u00ed a v\u00fdsledky test\u016f pro jednotliv\u00e9 aplikace, slu\u017eby \u010di syst\u00e9my. V\u00fdsledky obsahuj\u00ed seznam odhalen\u00fdch zranitelnost\u00ed se\u0159azen\u00fdch podle stupn\u011b z\u00e1va\u017enosti &#8211; od kritick\u00fdch zranitelnosti, p\u0159es zranitelnosti s vysok\u00fdm, st\u0159edn\u00edm a n\u00edzk\u00fdm stupn\u011bm z\u00e1va\u017enosti. Ke ka\u017ed\u00e9 odhalen\u00e9 zranitelnosti je uveden detailn\u00ed popis, stupe\u0148 z\u00e1va\u017enosti a \u0159e\u0161en\u00ed jak uvedenou zranitelnost opravit. Pokud uvedenou zranitelnost nen\u00ed jednoduch\u00e9 opravit, tak uvedeme tak\u00e9 &#8222;workaround&#8220;, kter\u00fd umo\u017en\u00ed negativn\u00ed dopad dan\u00e9 zranitelnosti co nejv\u00edce minimalizovat. Ka\u017ed\u00e1 zranitelnost obsahuje tak\u00e9 voliteln\u00e9 odkazy na CVE, \u010di jin\u00fd standardizovan\u00fd nebo komunitn\u00ed popis.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Detailn\u00ed bezpe\u010dnostn\u00ed audit obsahuje v cen\u011b i osobn\u00ed prezentaci v\u00fdsledk\u016f, kterou lze ud\u011blat i online a p\u0159\u00edpadn\u011b si ji doobjednat pro jak\u00fdkoli jin\u00fd proveden\u00fd test. V t\u00e9to prezentaci na\u0161i teste\u0159i vysv\u011btl\u00ed v\u00fdvoj\u00e1\u0159\u016fm aplikace nebo spr\u00e1vci syst\u00e9mu, jak je mo\u017en\u00e9 odhalen\u00e9 zranitelnosti zneu\u017e\u00edt a samoz\u0159ejm\u011b i jak je opravit, p\u0159\u00edpadn\u011b jak je mo\u017en\u00e9 v budoucnu uveden\u00fdm zranitelnostem (bezpe\u010dnostn\u00edm chyb\u00e1m) p\u0159edch\u00e1zet.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">V\u00fdsledn\u00e1 zpr\u00e1va je platn\u00e1 k datu p\u0159ed\u00e1n\u00ed z\u00e1kazn\u00edkovi. Bohu\u017eel po tomto \u010dase nedok\u00e1\u017eeme garantovat, \u017ee se neobjev\u00ed n\u011bjak\u00e1 nov\u00e1 kritick\u00e1 zranitelnost, kter\u00e1 bude zneu\u017eita. Proto doporu\u010dujeme prov\u00e1d\u011bt opakovan\u00e9 testy a aplikaci tak\u00e9 za\u0159adit do bug bounty programu.<\/span><\/p>\n<p>Ve <a href=\"\/cs\/prirucka-naseho-zakaznika-iii\/\">t\u0159et\u00ed n\u00e1sleduj\u00edc\u00ed \u010d\u00e1sti \u010dl\u00e1nku<\/a> si \u0159ekneme n\u011bco o tom, jak funguj\u00ed opakovan\u00e9 penetra\u010dn\u00ed testy, bug bounty programy, jak\u00e9 technologick\u00e9 certifik\u00e1ty na etick\u00e9 hackov\u00e1n\u00ed jsou nejlep\u0161\u00ed a tak\u00e9 o tom, jak\u00e9 jsou v\u00fdhody svobodn\u00e9 voluntaryistickej firmy jako je ta na\u0161e.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Toto je druh\u00e9 pokra\u010dov\u00e1n\u00ed \u010dl\u00e1nku P\u0159\u00edru\u010dka na\u0161eho z\u00e1kazn\u00edka I &#8211; Jak\u00fd penetra\u010dn\u00ed test nebo bezpe\u010dnostn\u00ed audit pot\u0159ebuji? (RFI). Chci nab\u00eddku, co ode m\u011b pot\u0159ebujete? (RFP) Pokud ji\u017e p\u0159esn\u011b v\u00edte, o jak\u00e9 penetra\u010dn\u00ed testy nebo bezpe\u010dnostn\u00ed audity m\u00e1te z\u00e1jem, tak n\u00e1s nev\u00e1hejte kontaktovat. M\u016f\u017eete to u\u010dinit i bezpe\u010dn\u00fdm, \u0161ifrovan\u00fdm zp\u016fsobem &#8211; zaslat n\u00e1m S\/MIME nebo PGP [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":5543,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[2885,12],"tags":[508,2872,2873,2874,2887,2876,1052,2886,510,2875,2888],"class_list":["post-5554","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-2","category-uncategorized-cs","tag-bezpecnostne-audity-cs","tag-bezpecnostni-audity","tag-eticke-hackovani","tag-it-bezpecnostni-sluzby","tag-nda","tag-owasp-web-security-testing-guide-cs","tag-penetracni-testy","tag-smlouva","tag-socialne-inzinierstvo-cs","tag-socialni-inzenyrstvi","tag-zprava"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>P\u0159\u00edru\u010dka na\u0161eho z\u00e1kazn\u00edka II - Nethemba<\/title>\n<meta name=\"description\" content=\"Chci nab\u00eddku, co ode m\u011b pot\u0159ebujete? (RFP) Rozhodl jsem se pro va\u0161e slu\u017eby, poj\u010fme do toho! Jak p\u0159iprav\u00edm testovac\u00ed prost\u0159ed\u00ed a testovac\u00ed \u00fa\u010dty? Testov\u00e1n\u00ed \u00fasp\u011b\u0161n\u011b prob\u00edh\u00e1, co m\u00e1m \u010dekat? V\u00fdsledn\u00e1 zpr\u00e1va\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-ii\/\" \/>\n<meta property=\"og:locale\" content=\"cs_CZ\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"P\u0159\u00edru\u010dka na\u0161eho z\u00e1kazn\u00edka II - Nethemba\" \/>\n<meta property=\"og:description\" content=\"Chci nab\u00eddku, co ode m\u011b pot\u0159ebujete? (RFP) Rozhodl jsem se pro va\u0161e slu\u017eby, poj\u010fme do toho! Jak p\u0159iprav\u00edm testovac\u00ed prost\u0159ed\u00ed a testovac\u00ed \u00fa\u010dty? Testov\u00e1n\u00ed \u00fasp\u011b\u0161n\u011b prob\u00edh\u00e1, co m\u00e1m \u010dekat? V\u00fdsledn\u00e1 zpr\u00e1va\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-ii\/\" \/>\n<meta property=\"og:site_name\" content=\"Nethemba\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/nethemba\" \/>\n<meta property=\"article:published_time\" content=\"2020-12-21T13:25:52+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-12-29T12:03:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nethemba.com\/wp-content\/uploads\/2020\/12\/nda.png\" \/>\n\t<meta property=\"og:image:width\" content=\"680\" \/>\n\t<meta property=\"og:image:height\" content=\"234\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Pavol Lupt\u00e1k\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@nethemba\" \/>\n<meta name=\"twitter:site\" content=\"@nethemba\" \/>\n<meta name=\"twitter:label1\" content=\"Napsal(a)\" \/>\n\t<meta name=\"twitter:data1\" content=\"Pavol Lupt\u00e1k\" \/>\n\t<meta name=\"twitter:label2\" content=\"Odhadovan\u00e1 doba \u010dten\u00ed\" \/>\n\t<meta name=\"twitter:data2\" content=\"16 minut\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/prirucka-naseho-zakaznika-ii\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/prirucka-naseho-zakaznika-ii\\\/\"},\"author\":{\"name\":\"Pavol Lupt\u00e1k\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#\\\/schema\\\/person\\\/5f4ba68c8e1a2013d30e0804245b8234\"},\"headline\":\"P\u0159\u00edru\u010dka na\u0161eho z\u00e1kazn\u00edka II\",\"datePublished\":\"2020-12-21T13:25:52+00:00\",\"dateModified\":\"2020-12-29T12:03:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/prirucka-naseho-zakaznika-ii\\\/\"},\"wordCount\":3261,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/prirucka-naseho-zakaznika-ii\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nethemba.com\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/nda.png\",\"keywords\":[\"bezpe\u010dnostn\u00e9 audity\",\"BEZPE\u010cNOSTN\u00cd AUDITY\",\"etick\u00e9 hackov\u00e1n\u00ed\",\"IT BEZPE\u010cNOSTN\u00cd SLU\u017dBY\",\"NDA\",\"OWASP web security testing guide\",\"penetra\u010dn\u00ed testy\",\"smlouva\",\"soci\u00e1lne in\u017einierstvo\",\"SOCI\u00c1LN\u00cd IN\u017dEN\u00ddRSTV\u00cd\",\"zpr\u00e1va\"],\"articleSection\":[\"Blog\",\"Uncategorized @cs\"],\"inLanguage\":\"cs\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nethemba.com\\\/cs\\\/prirucka-naseho-zakaznika-ii\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/prirucka-naseho-zakaznika-ii\\\/\",\"url\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/prirucka-naseho-zakaznika-ii\\\/\",\"name\":\"P\u0159\u00edru\u010dka na\u0161eho z\u00e1kazn\u00edka II - Nethemba\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/prirucka-naseho-zakaznika-ii\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/prirucka-naseho-zakaznika-ii\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nethemba.com\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/nda.png\",\"datePublished\":\"2020-12-21T13:25:52+00:00\",\"dateModified\":\"2020-12-29T12:03:30+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#\\\/schema\\\/person\\\/5f4ba68c8e1a2013d30e0804245b8234\"},\"description\":\"Chci nab\u00eddku, co ode m\u011b pot\u0159ebujete? (RFP) Rozhodl jsem se pro va\u0161e slu\u017eby, poj\u010fme do toho! Jak p\u0159iprav\u00edm testovac\u00ed prost\u0159ed\u00ed a testovac\u00ed \u00fa\u010dty? Testov\u00e1n\u00ed \u00fasp\u011b\u0161n\u011b prob\u00edh\u00e1, co m\u00e1m \u010dekat? V\u00fdsledn\u00e1 zpr\u00e1va\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/prirucka-naseho-zakaznika-ii\\\/#breadcrumb\"},\"inLanguage\":\"cs\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nethemba.com\\\/cs\\\/prirucka-naseho-zakaznika-ii\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"cs\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/prirucka-naseho-zakaznika-ii\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nethemba.com\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/nda.png\",\"contentUrl\":\"https:\\\/\\\/nethemba.com\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/nda.png\",\"width\":680,\"height\":234},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/prirucka-naseho-zakaznika-ii\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/home-new-2025\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"P\u0159\u00edru\u010dka na\u0161eho z\u00e1kazn\u00edka II\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/nethemba.com\\\/de\\\/\",\"name\":\"Nethemba\",\"description\":\"We care about your security\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nethemba.com\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"cs\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#\\\/schema\\\/person\\\/5f4ba68c8e1a2013d30e0804245b8234\",\"name\":\"Pavol Lupt\u00e1k\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"cs\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"caption\":\"Pavol Lupt\u00e1k\"},\"sameAs\":[\"https:\\\/\\\/www.nethemba.com\\\/\"],\"url\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/author\\\/nethemba-admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"P\u0159\u00edru\u010dka na\u0161eho z\u00e1kazn\u00edka II - Nethemba","description":"Chci nab\u00eddku, co ode m\u011b pot\u0159ebujete? (RFP) Rozhodl jsem se pro va\u0161e slu\u017eby, poj\u010fme do toho! Jak p\u0159iprav\u00edm testovac\u00ed prost\u0159ed\u00ed a testovac\u00ed \u00fa\u010dty? Testov\u00e1n\u00ed \u00fasp\u011b\u0161n\u011b prob\u00edh\u00e1, co m\u00e1m \u010dekat? V\u00fdsledn\u00e1 zpr\u00e1va","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-ii\/","og_locale":"cs_CZ","og_type":"article","og_title":"P\u0159\u00edru\u010dka na\u0161eho z\u00e1kazn\u00edka II - Nethemba","og_description":"Chci nab\u00eddku, co ode m\u011b pot\u0159ebujete? (RFP) Rozhodl jsem se pro va\u0161e slu\u017eby, poj\u010fme do toho! Jak p\u0159iprav\u00edm testovac\u00ed prost\u0159ed\u00ed a testovac\u00ed \u00fa\u010dty? Testov\u00e1n\u00ed \u00fasp\u011b\u0161n\u011b prob\u00edh\u00e1, co m\u00e1m \u010dekat? V\u00fdsledn\u00e1 zpr\u00e1va","og_url":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-ii\/","og_site_name":"Nethemba","article_publisher":"https:\/\/www.facebook.com\/nethemba","article_published_time":"2020-12-21T13:25:52+00:00","article_modified_time":"2020-12-29T12:03:30+00:00","og_image":[{"width":680,"height":234,"url":"https:\/\/nethemba.com\/wp-content\/uploads\/2020\/12\/nda.png","type":"image\/png"}],"author":"Pavol Lupt\u00e1k","twitter_card":"summary_large_image","twitter_creator":"@nethemba","twitter_site":"@nethemba","twitter_misc":{"Napsal(a)":"Pavol Lupt\u00e1k","Odhadovan\u00e1 doba \u010dten\u00ed":"16 minut"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-ii\/#article","isPartOf":{"@id":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-ii\/"},"author":{"name":"Pavol Lupt\u00e1k","@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234"},"headline":"P\u0159\u00edru\u010dka na\u0161eho z\u00e1kazn\u00edka II","datePublished":"2020-12-21T13:25:52+00:00","dateModified":"2020-12-29T12:03:30+00:00","mainEntityOfPage":{"@id":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-ii\/"},"wordCount":3261,"commentCount":0,"image":{"@id":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-ii\/#primaryimage"},"thumbnailUrl":"https:\/\/nethemba.com\/wp-content\/uploads\/2020\/12\/nda.png","keywords":["bezpe\u010dnostn\u00e9 audity","BEZPE\u010cNOSTN\u00cd AUDITY","etick\u00e9 hackov\u00e1n\u00ed","IT BEZPE\u010cNOSTN\u00cd SLU\u017dBY","NDA","OWASP web security testing guide","penetra\u010dn\u00ed testy","smlouva","soci\u00e1lne in\u017einierstvo","SOCI\u00c1LN\u00cd IN\u017dEN\u00ddRSTV\u00cd","zpr\u00e1va"],"articleSection":["Blog","Uncategorized @cs"],"inLanguage":"cs","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-ii\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-ii\/","url":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-ii\/","name":"P\u0159\u00edru\u010dka na\u0161eho z\u00e1kazn\u00edka II - Nethemba","isPartOf":{"@id":"https:\/\/nethemba.com\/de\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-ii\/#primaryimage"},"image":{"@id":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-ii\/#primaryimage"},"thumbnailUrl":"https:\/\/nethemba.com\/wp-content\/uploads\/2020\/12\/nda.png","datePublished":"2020-12-21T13:25:52+00:00","dateModified":"2020-12-29T12:03:30+00:00","author":{"@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234"},"description":"Chci nab\u00eddku, co ode m\u011b pot\u0159ebujete? (RFP) Rozhodl jsem se pro va\u0161e slu\u017eby, poj\u010fme do toho! Jak p\u0159iprav\u00edm testovac\u00ed prost\u0159ed\u00ed a testovac\u00ed \u00fa\u010dty? Testov\u00e1n\u00ed \u00fasp\u011b\u0161n\u011b prob\u00edh\u00e1, co m\u00e1m \u010dekat? V\u00fdsledn\u00e1 zpr\u00e1va","breadcrumb":{"@id":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-ii\/#breadcrumb"},"inLanguage":"cs","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-ii\/"]}]},{"@type":"ImageObject","inLanguage":"cs","@id":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-ii\/#primaryimage","url":"https:\/\/nethemba.com\/wp-content\/uploads\/2020\/12\/nda.png","contentUrl":"https:\/\/nethemba.com\/wp-content\/uploads\/2020\/12\/nda.png","width":680,"height":234},{"@type":"BreadcrumbList","@id":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-ii\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nethemba.com\/cs\/home-new-2025\/"},{"@type":"ListItem","position":2,"name":"P\u0159\u00edru\u010dka na\u0161eho z\u00e1kazn\u00edka II"}]},{"@type":"WebSite","@id":"https:\/\/nethemba.com\/de\/#website","url":"https:\/\/nethemba.com\/de\/","name":"Nethemba","description":"We care about your security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nethemba.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"cs"},{"@type":"Person","@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234","name":"Pavol Lupt\u00e1k","image":{"@type":"ImageObject","inLanguage":"cs","@id":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","caption":"Pavol Lupt\u00e1k"},"sameAs":["https:\/\/www.nethemba.com\/"],"url":"https:\/\/nethemba.com\/cs\/author\/nethemba-admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/posts\/5554","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/comments?post=5554"}],"version-history":[{"count":0,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/posts\/5554\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/media\/5543"}],"wp:attachment":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/media?parent=5554"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/categories?post=5554"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/tags?post=5554"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}