{"id":5541,"date":"2020-12-21T12:40:23","date_gmt":"2020-12-21T11:40:23","guid":{"rendered":"https:\/\/nethemba.com\/?p=5541"},"modified":"2020-12-29T12:49:32","modified_gmt":"2020-12-29T11:49:32","slug":"prirucka-nasho-zakaznika-ii","status":"publish","type":"post","link":"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/","title":{"rendered":"Pr\u00edru\u010dka n\u00e1\u0161ho z\u00e1kazn\u00edka II"},"content":{"rendered":"<p>Toto je druh\u00e9 pokra\u010dovanie \u010dl\u00e1nku <a href=\"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-i\/\">Pr\u00edru\u010dka n\u00e1\u0161ho z\u00e1kazn\u00edka I &#8211; Ak\u00fd penetra\u010dn\u00fd test alebo bezpe\u010dnostn\u00fd audit potrebujem? (RFI)<\/a>.<\/p>\n<h1><span style=\"font-weight: 400;\"><a id=\"RFI\"><\/a>Chcem ponuku, \u010do odo m\u0148a potrebujete? (RFP)<\/span><\/h1>\n<p><span style=\"font-weight: 400;\">Ak u\u017e presne viete, o ak\u00e9 penetra\u010dn\u00e9 testy alebo bezpe\u010dnostn\u00e9 audity m\u00e1te z\u00e1ujem, tak n\u00e1s nev\u00e1hajte kontaktova\u0165. M\u00f4\u017eete to u\u010dini\u0165 aj bezpe\u010dn\u00fdm \u0161ifrovan\u00fdm sp\u00f4sobom &#8211; zasla\u0165 n\u00e1m S\/MIME alebo PGP \u0161ifrovan\u00fa spr\u00e1vu (na\u0161e k\u013e\u00fa\u010de <\/span><a href=\"https:\/\/nethemba.com\/sk\/o-nas\/nas-tim\/\"><span style=\"font-weight: 400;\">n\u00e1jdete tu<\/span><\/a><span style=\"font-weight: 400;\">) alebo n\u00e1s kontaktova\u0165 cez aplik\u00e1ciu Signal (na \u010d\u00edsle uvedenom v <\/span><a href=\"https:\/\/nethemba.com\/sk\/kontakt\/\"><span style=\"font-weight: 400;\">na\u0161ich ofici\u00e1lnych kontaktoch<\/span><\/a><span style=\"font-weight: 400;\">).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Aby sme v\u00e1m dok\u00e1zali vytvori\u0165 cenov\u00fa ponuku, tak budeme od v\u00e1s potrebova\u0165 p\u00e1r inform\u00e1ci\u00ed.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u0160tandardn\u00e9 penetra\u010dn\u00e9 testy pon\u00fakame za fixn\u00fa cenu, ktor\u00e1 reflektuje na\u0161u fixn\u00fa pracnos\u0165. Je nutn\u00e9 podotkn\u00fa\u0165, \u017ee tento druh penetra\u010dn\u00fdch testov je ur\u010den\u00fd skuto\u010dne pre jednoduch\u00e9 weby alebo aplik\u00e1cie, pr\u00edpadne pre z\u00edskanie odpovede na ot\u00e1zku \u201cDok\u00e1\u017ee cielen\u00fd \u00fato\u010dn\u00edk vyhackova\u0165 m\u00f4j web behom troch dn\u00ed?\u201d. Je ale vyslovene nevhodn\u00fd pre v\u00e4\u010d\u0161ie alebo komplexn\u00e9 aplik\u00e1cie.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Odhad pracnosti detailn\u00e9ho bezpe\u010dnostn\u00e9ho auditu webovej aplik\u00e1cie dok\u00e1\u017eeme realizova\u0165 tromi sp\u00f4sobmi. Pre v\u00e1s najjednoduch\u0161\u00ed (a pre n\u00e1s najr\u00fdchlej\u0161\u00ed) sp\u00f4sob je tak\u00fd, \u017ee n\u00e1m vytvor\u00edte testovac\u00ed \u00fa\u010det do va\u0161ej aplik\u00e1cie, ktor\u00fa chcete otestova\u0165. Ak chcete testovanie realizova\u0165 z poh\u013eadu pou\u017e\u00edvate\u013eov s r\u00f4znymi rolami, tak potrebujeme samostatn\u00fd testovac\u00ed \u00fa\u010det pre ka\u017ed\u00fa rolu. Toto n\u00e1m potom sta\u010d\u00ed, aby sme odhadli komplexnos\u0165 samotnej aplik\u00e1cie a teda aj na\u0161u predpokladan\u00fa pracnos\u0165 a v\u00fdsledn\u00fa cenu. Bohu\u017eia\u013e nie v\u017edy dok\u00e1\u017eeme z\u00edska\u0165 testovac\u00ed pr\u00edstup do testovanej aplik\u00e1cie (napr\u00edklad uveden\u00e1 aplik\u00e1cia m\u00f4\u017ee by\u0165 e\u0161te vo v\u00fdvoji). V tomto pr\u00edpade existuj\u00fa \u010fal\u0161ie dva sp\u00f4soby ako odhadn\u00fa\u0165 komplexnos\u0165 uvedenej aplik\u00e1cie a teda na\u0161u samotn\u00fa pracnos\u0165. Prv\u00fd sp\u00f4sob je, \u017ee n\u00e1m po\u0161lete v\u0161etku technick\u00fa dokument\u00e1ciu, ktor\u00fa k aplik\u00e1cii m\u00e1te. Ide\u00e1lne rovno so screenshotmi a detailn\u00fdmi popismi ka\u017ed\u00e9ho formul\u00e1ra. Druh\u00fd sp\u00f4sob je, \u017ee n\u00e1m odpoviete na sadu na\u0161ich \u0161pecifick\u00fdch ot\u00e1zok, ktor\u00e9 v\u00e1m za\u0161leme, a ktor\u00e9 sa t\u00fdkaj\u00fa samotnej aplik\u00e1cie:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">ak\u00fd je odhadom po\u010det str\u00e1nok rie\u0161enia? (t.j. unik\u00e1tnych &#8222;obrazoviek&#8220;, alebo &#8222;routes&#8220;)<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">ak\u00fd je zhruba po\u010det formul\u00e1rov\u00fdch vstupov? (t.j. vstupn\u00fdch &#8222;pol\u00ed\u010dok&#8220; na celom webe)<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">pou\u017e\u00edva sa SSL?<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">pou\u017e\u00edva sa autentifik\u00e1cia (testuje sa autentifikovan\u00e1 \u010das\u0165 webu)?<\/span>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">ak \u00e1no, pou\u017e\u00edva sa viacfaktorov\u00e1 autentifik\u00e1cia?<\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">pou\u017e\u00edva sa captcha?<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">viete stru\u010dne pop\u00edsa\u0165 \u00fa\u010del a funkcionalitu aplik\u00e1cie 2-3 vetami?<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">ak\u00fd je po\u010det pou\u017e\u00edvate\u013esk\u00fdch rol\u00ed (z poh\u013eadu ktor\u00fdch sa testuje)? Ak s\u00fa role variabiln\u00e9, odpor\u00fa\u010dame vytvori\u0165 3-4 role &#8211; najmenej a najviac opr\u00e1vnen\u00fa, najviac exponovan\u00fa a pod.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">pou\u017e\u00edva sa niekde v rie\u0161en\u00ed technol\u00f3gia n\u00e1chyln\u00e1 na probl\u00e9my so spr\u00e1vou pam\u00e4te na strane servera? (C\/C++)<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">pou\u017e\u00edva sa v rie\u0161en\u00ed tu\u010dn\u00fd klient (Java applety, Silverlight, Flash, ActiveX, &#8230;)?<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">prajete si aplik\u00e1ciu testova\u0165 na DoS zranite\u013enosti (nie DDoS)?<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">pou\u017e\u00edvaj\u00fa sa HTML5 features, napr. web sockets, local storage, at\u010f.?<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">vystavuje aplik\u00e1cia vlastn\u00e9 webov\u00e9 slu\u017eby (SOAP alebo REST), in\u00e9 ako tie, ktor\u00e9 konzumuje frontend (napr. pre integr\u00e1ciu tret\u00edch str\u00e1n)?<\/span>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">pros\u00edm, dodajte n\u00e1m dokument\u00e1ciu t\u00fdchto API v \u0161tandardnom form\u00e1te (WSDL, Swagger, Postman, API Blueprint, &#8230;)<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">ak to nie je mo\u017en\u00e9, ko\u013eko oper\u00e1ci\u00ed s ko\u013ek\u00fdmi parametrami tieto API implementuj\u00fa?<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">je k t\u00fdmto webov\u00fdm slu\u017eb\u00e1m k dispoz\u00edcii klient (napr. javascript web, mobiln\u00e1 aplik\u00e1cia, alebo aspo\u0148 SOAP UI projekt), ktor\u00fd dok\u00e1\u017ee generova\u0165 legit\u00edmne po\u017eiadavky na API?<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">ak\u00fdm sp\u00f4sobom je rie\u0161en\u00e1 autentifik\u00e1cia?<\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">testovanie je mo\u017en\u00e9 aj na dia\u013eku alebo je potrebn\u00e9 by\u0165 fyzicky u z\u00e1kazn\u00edka?<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">ak\u00fd m\u00e1 by\u0165 jazyk v\u00fdslednej spr\u00e1vy?<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">kde bude aplik\u00e1cia hostovan\u00e1 po\u010das testu, na vlastnom hw\/VPS\/cloud\/zdie\u013ean\u00fd hosting (kv\u00f4li s\u00fahlasu resp. obmedzeniam prev\u00e1dzkovate\u013ea)?<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">na akom prostred\u00ed sa testuje (DEV\/TEST, INT\/UAT, PROD&#8230; (odpor\u00fa\u010da sa 1:1 k\u00f3pia produkcie bez &#8222;ostr\u00fdch&#8220; d\u00e1t, dedikovan\u00e1 len pre penetra\u010dn\u00e9 testy))<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">ak\u00fd je preferovan\u00fd term\u00edn testovania?<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Na z\u00e1klade nich dok\u00e1\u017eeme potom odhadn\u00fa\u0165 na\u0161u v\u00fdsledn\u00fa pracnos\u0165 a teda v\u00fdsledn\u00fa cenu.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Ak m\u00e1te z\u00e1ujem o testy mobiln\u00fdch aplik\u00e1ci\u00ed, tak potrebujeme tie aplik\u00e1cie ide\u00e1lne tie\u017e vidie\u0165 (nemusia by\u0165 nevyhnutne v Google\/iOS repozit\u00e1ri, sta\u010d\u00ed bin\u00e1rne APK) alebo posla\u0165 k nim v\u0161etku dostupn\u00fa technick\u00fa dokument\u00e1ciu. Tie\u017e potrebujeme detailn\u00fd popis webov\u00fdch slu\u017eieb, ktor\u00e9 dan\u00e1 mobiln\u00e1 aplik\u00e1cia pou\u017e\u00edva (napr\u00edklad Swagger \u0161pecifik\u00e1ciu). Tento krok nie je potrebn\u00fd, ak chcete blackbox testovanie samotnej aplik\u00e1cie (v tomto pr\u00edpade si samotn\u00e9 pou\u017e\u00edvan\u00e9 met\u00f3dy, ich vstupy a v\u00fdstupy sami zist\u00edme odpo\u010d\u00favan\u00edm komunik\u00e1cie samotnej aplik\u00e1cie).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Pri extern\u00fdch penetra\u010dn\u00fdch testoch potrebujeme vedie\u0165 po\u010det testovan\u00fdch IP adries alebo IP rozsahov, ide\u00e1lne ak je mo\u017en\u00e9 \u0161pecifikova\u0165 aj pou\u017eit\u00e9 opera\u010dn\u00e9 syst\u00e9my alebo typy sie\u0165ov\u00fdch zariaden\u00ed. Tie\u017e n\u00e1m pom\u00f4\u017ee mapa sie\u0165ovej architekt\u00fary (nie je potrebn\u00e1 pri blackbox testoch).\u00a0 V pr\u00edpade, \u017ee vy\u017eaduje \u00faplne blackbox testy a nechcete n\u00e1m poveda\u0165 \u017eiadne inform\u00e1cie o testovanej infra\u0161trukt\u00fare, tak to je tie\u017e mo\u017en\u00e9 &#8211; v tomto pr\u00edpade pou\u017eijeme ale horn\u00fd cenov\u00fd odhad extern\u00fdch penetra\u010dn\u00fdch testov.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Pri intern\u00fdch penetra\u010dn\u00fdch testoch potrebujeme tie\u017e vedie\u0165 po\u010det testovan\u00fdch IP adries alebo IP rozsahov (pr\u00edpadne aj po\u010det lokal\u00edt, ak testovanie prebieha \u201consite\u201d). Ak prev\u00e1dzkujete nejak\u00e9 ve\u013emi star\u00e9 syst\u00e9my, kde je pravdepodobn\u00e9, \u017ee spadn\u00fa pri agres\u00edvnom scane (t\u00e1to situ\u00e1cia sama o sebe predstavuje bezpe\u010dnostn\u00e9 riziko a nemala by ani nasta\u0165), tak je mo\u017en\u00e9 n\u00e1m doda\u0165 ich zoznam IP adries a my ich pri testovan\u00ed vynech\u00e1me.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">V pr\u00edpade v\u0161etk\u00fdch vy\u0161\u0161ie uveden\u00fdch testoch plat\u00ed, \u017ee ke\u010f chcete realizova\u0165 agres\u00edvne DoS (Denial Of Service) testy, tak je mo\u017en\u00e9 sa dohodn\u00fa\u0165 na presnom \u010dase testovania (napr\u00edklad v nede\u013eu o 4:00 r\u00e1no.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Niektor\u00ed z\u00e1kazn\u00edci chc\u00fa realizova\u0165 distribuovan\u00e9 DoS \u00fatoky (DDoS). Tu je potrebn\u00e9 podotkn\u00fa\u0165, \u017ee tieto testy maj\u00fa zmysel iba vtedy, ak s\u00fa realizovan\u00e9 z tis\u00edcok r\u00f4znych IP adries. Ktor\u00e9 obvykle \u017eiadna IT security firma nevlastn\u00ed. Toto dok\u00e1\u017eeme vyrie\u0161i\u0165 sp\u00f4sobom, \u017ee od cloudov\u00fdch poskytovate\u013eov (napr\u00edklad Amazon) zak\u00fapime na dohodnut\u00fa dobu testov tis\u00edcky virtu\u00e1lnych serverov s tis\u00edckami IP adries. Uveden\u00e9 rie\u0161enie ale vy\u017eaduje extra n\u00e1klady potrebn\u00e9 na objednanie a prev\u00e1dzku t\u00fdchto tis\u00edc serverov. Preto obvykle distribuovan\u00e9 DoS \u00fatoky nerealizujeme. Namiesto toho realizujeme tzv. aplika\u010dn\u00e9 DoS testy, ktor\u00fdch cie\u013eom je otestova\u0165 \u010di dok\u00e1\u017eeme uveden\u00fa aplik\u00e1ciu alebo syst\u00e9m zhodi\u0165 z be\u017en\u00e9ho dom\u00e1ceho internetov\u00e9ho pripojenia. Je potrebn\u00e9 poznamena\u0165, \u017ee dostato\u010dn\u00e9 siln\u00e9 distribuovan\u00e9 DoS \u00fatoky dok\u00e1\u017eu zhodi\u0165 prakticky ak\u00fako\u013evek internetov\u00fa slu\u017ebu a m\u00f4\u017ee by\u0165 ve\u013emi problematick\u00e9 sa vo\u010di nim br\u00e1ni\u0165 (v pr\u00edpade tak\u00e9hoto rizika preto odpor\u00fa\u010dame pou\u017ei\u0165 rie\u0161enia ako napr\u00edklad <\/span><a href=\"https:\/\/www.cloudflare.com\/\"><span style=\"font-weight: 400;\">Cloudflare<\/span><\/a><span style=\"font-weight: 400;\">).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Po dohode s na\u0161imi etick\u00fdmi hackermi a pod\u013ea ich \u010dasov\u00fdch mo\u017enost\u00ed v\u00e1m spolu s na\u0161ou vypracovanou ponukou vieme da\u0165 presne vedie\u0165, kedy sa do samotn\u00e9ho testovania dok\u00e1\u017eeme pusti\u0165. Najviac pre\u0165a\u017een\u00ed sme koncom roka, najmenej na jar alebo uprostred leta. Najlep\u0161iu dostupnos\u0165 m\u00e1me pri vykon\u00e1van\u00ed webov\u00fdch testoch, ktor\u00e9 dok\u00e1\u017eu realizova\u0165 v\u0161etci na\u0161i etick\u00ed hackeri. Najni\u017e\u0161iu dostupnos\u0165 m\u00e1me pri \u00fazko \u0161pecializovan\u00fdch bezpe\u010dnostn\u00fdch testoch, ktor\u00e9 vy\u017eaduj\u00fa \u0161peci\u00e1lne znalosti a vedia ich realizova\u0165 len \u00fazko profilovan\u00ed experti. \u0160pecializovan\u00e9 testy odpor\u00fa\u010dame preto zarezervova\u0165 p\u00e1r t\u00fd\u017ed\u0148ov a\u017e mesiacov dopredu.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">A posledn\u00e1 vec, ktor\u00fa potrebujeme vedie\u0165, je v akom jazyku m\u00e1 by\u0165 vytvoren\u00e1 samotn\u00e1 ponuka aj v\u00fdsledn\u00e1 spr\u00e1va (v pr\u00edpade angli\u010dtiny to vieme pokry\u0165 najv\u00e4\u010d\u0161\u00edm mno\u017estvom testerov).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Po tom, ako n\u00e1m za\u0161lete v\u0161etky inform\u00e1cie potrebn\u00e9 na odhad pracnosti samotn\u00e9ho testovania v\u00e1m behom najbli\u017e\u0161\u00edch dn\u00ed vyhotov\u00edme profesion\u00e1lnu cenov\u00fa ponuku. Ponuku \u0161tandardne vyhotovujeme bu\u010f v sloven\u010dine alebo v angli\u010dtine, v pr\u00edpade potreby ju vieme vyhotovi\u0165 aj v inom jazyku.<\/span><\/p>\n<h1><span style=\"font-weight: 400;\"><a id=\"Run\"><\/a>Rozhodol som sa pre va\u0161e slu\u017eby, po\u010fme do toho!<\/span><\/h1>\n<p><span style=\"font-weight: 400;\">Ak v\u00e1s na\u0161a ponuka oslovila, tak n\u00e1m dajte sp\u00e4tne vedie\u0165, ide\u00e1lne (\u0161ifrovan\u00fdm) emailom.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Nastal \u010das na spripomienkovanie a podpis zmluvy, ktorou n\u00e1m ude\u013eujete s\u00fahlas s vykonan\u00edm penetra\u010dn\u00fdch testov alebo bezpe\u010dnostn\u00fdch auditov va\u0161ich aplik\u00e1ci\u00ed, syst\u00e9mov \u010di sie\u0165ovej infra\u0161trukt\u00fary.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Za 14 rokov na\u0161ej existencie sme r\u00f4znymi iter\u00e1ciami dospeli k rozsiahlej 17 stranovej \u201cZmluve o zhodnoten\u00ed bezpe\u010dnosti\u201d (k dispoz\u00edcii m\u00e1me aj anglick\u00fa verziu \u201cVulnerability Assessment Agreement\u201d), kde s\u00fa obsiahnut\u00e9 v\u0161etky potrebn\u00e9 inform\u00e1cie na bezprobl\u00e9mov\u00e9 za\u010datie testovania a pop\u00edsan\u00e9 prakticky v\u0161etky mo\u017en\u00e9 ne\u0161tandardn\u00e9 situ\u00e1cie, ktor\u00e9 po\u010das testovania m\u00f4\u017ee nasta\u0165. Od presn\u00e9ho d\u00e1tumu, kedy bude vykonan\u00e9 testovanie, cez presn\u00fd predmet a rozsah samotn\u00e9ho testovania, typy testov a\u017e po popis pou\u017eitej metodol\u00f3gie. Zmluva definuje presne pr\u00e1va a povinnosti n\u00e1s aj na\u0161ich z\u00e1kazn\u00edkov. V pr\u00edpade, \u017ee si od n\u00e1s objedn\u00e1te len kr\u00e1tky \u0161tandardn\u00fd penetra\u010dn\u00fd test, tak v\u00e1m v r\u00e1mci minimaliz\u00e1cie byrokracie dok\u00e1\u017eeme poskytn\u00fa\u0165 zjednodu\u0161en\u00fa verziu tejto rozsiahlej zmluvy.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Mno\u017estvo na\u0161ich z\u00e1kazn\u00edkov vy\u017eaduje podp\u00edsanie zmluvy o ml\u010danlivosti (tzv. NDA). V tomto pr\u00edpade je mo\u017en\u00e9 pou\u017ei\u0165 na\u0161u \u0161abl\u00f3nu NDA zmluvy alebo dok\u00e1\u017eeme pou\u017ei\u0165 aj va\u0161u NDA zmluvu, ak na tom trv\u00e1te. V tomto pr\u00edpade ale v\u0161etky nov\u00e9 zmluvy (nielen NDA) podliehaj\u00fa kontrole n\u00e1\u0161ho pr\u00e1vneho oddelenia, ktor\u00e9 potrebuje p\u00e1r dn\u00ed na ich anal\u00fdzu a zapracovanie pripomienok. Je potrebn\u00e9 podotkn\u00fa\u0165, \u017ee niektor\u00ed na\u0161i z\u00e1kazn\u00edci maj\u00fa nerealistick\u00e9 o\u010dak\u00e1vania v NDA zmluve &#8211; napr\u00edklad chc\u00fa zmluvu o ml\u010danlivosti podp\u00edsa\u0165 na dobu neur\u010dit\u00fa alebo navrhuj\u00fa obrovsk\u00e9 zmluvn\u00e9 pokuty, ktor\u00e9 s\u00fa pri objeme objednan\u00fdch slu\u017eieb, \u00faplne neadekv\u00e1tne.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u010co v\u0161etko vieme a \u010do nevieme garantova\u0165 na\u0161im z\u00e1kazn\u00edkom n\u00e1jdete <\/span><a href=\"https:\/\/nethemba.com\/co-vieme-a-co-nevieme-garantovat-nasim-klientom\/\"><span style=\"font-weight: 400;\">v tomto \u010dl\u00e1nku<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Ak m\u00e1te \u0161peci\u00e1lne po\u017eiadavky na vykonanie testov alebo na zmluvu o ml\u010danlivosti, tak treba po\u010d\u00edta\u0165 s t\u00fdm, \u017ee podpis samotnej zmluvy sa m\u00f4\u017ee o nieko\u013eko dn\u00ed posun\u00fa\u0165 (v tomto pr\u00edpade prepoj\u00edme na\u0161e pr\u00e1vne oddelenie s va\u0161im pr\u00e1vnym oddelen\u00edm). Tento probl\u00e9m nemus\u00edte ma\u0165, ak sa rozhodnete pou\u017ei\u0165 na\u0161e existuj\u00face vyladen\u00e9 zmluvy. \u00daprimne sa sna\u017e\u00edme o to, aby na\u0161e zmluvy neboli jednostrann\u00e9 a boli obojstranne vyv\u00e1\u017een\u00e9. Ako z\u00e1kazn\u00edka v\u00e1s toti\u017e chceme nielen teraz, ale aj v bud\u00facnosti.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">V zmluve je potrebn\u00e9 tie\u017e uvies\u0165 kontaktn\u00e9 \u00fadaje na va\u0161ich aplika\u010dn\u00fdch a syst\u00e9mov\u00fdch administr\u00e1torov. Pre pr\u00edpad, \u017ee by n\u00e1m testovan\u00e1 aplik\u00e1cia spadla alebo prestala fungova\u0165 (nest\u00e1va sa to \u010dasto, ale m\u00f4\u017ee sa to sta\u0165).\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Zmluva \u0161pecifikuje napr\u00edklad aj to, kedy a \u010di v\u00f4bec bud\u00fa realizovan\u00e9 agres\u00edvne DoS testy (ak ich z\u00e1kazn\u00edk vy\u017eaduje).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Na vykonanie testov potrebujeme doda\u0165 v \u0161ifrovanej forme minim\u00e1lne dva testovacie \u00fa\u010dty, ktor\u00e9 budeme po\u010das testovania vyu\u017e\u00edva\u0165. Ide minim\u00e1lne o dva r\u00f4zne testovacie \u00fa\u010dty pre ka\u017ed\u00fa testovan\u00fa rolu (to je potrebn\u00e9, aby sme korektne otestovali vertik\u00e1lnu a horizont\u00e1lnu eskal\u00e1ciu privil\u00e9gi\u00ed v pr\u00edpade testovania autoriz\u00e1cie). Ak chcete svoju aplik\u00e1ciu otestova\u0165 \u00faplne, tak potrebujeme disponova\u0165 v\u0161etk\u00fdmi pou\u017e\u00edvate\u013esk\u00fdmi \u00fa\u010dtami, ktor\u00e9 dok\u00e1\u017eu funk\u010dne pokry\u0165 v\u0161etky formul\u00e1re testovanej aplik\u00e1cie.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Po podp\u00edsan\u00ed samotnej zmluvy z\u00e1kazn\u00edkovi automaticky garantujeme, \u017ee v \u010dase dohodnut\u00e9ho testovania mu rezervujeme na\u0161ich dedikovan\u00fdch testerov. Ke\u010f\u017ee na\u0161i testeri participuj\u00fa na r\u00f4znych projektoch r\u00f4znych z\u00e1kazn\u00edkov v r\u00f4znom \u010dase, je potrebn\u00e9 aby n\u00e1m z\u00e1kazn\u00edk umo\u017enil plnohodnotn\u00e9 testovanie v dohodnutom \u010dase.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Ke\u010f\u017ee mno\u017estvo na\u0161ich testerov je zo zahrani\u010dia a nehovor\u00ed slovensky, len anglicky, tak v pr\u00edpade, \u017ee sa rozhodnete pre angli\u010dtinu, tak v\u00e1m dok\u00e1\u017eeme zabezpe\u010di\u0165 najv\u00e4\u010d\u0161iu dostupnos\u0165.<\/span><\/p>\n<h1><span style=\"font-weight: 400;\"><a id=\"TestingEnvironment\"><\/a>Ako priprav\u00edm testovacie prostredie a testovacie \u00fa\u010dty<\/span><\/h1>\n<p><span style=\"font-weight: 400;\">Nedostato\u010dne dobre pripraven\u00e9 testovacie prostredie zo strany z\u00e1kazn\u00edka je bohu\u017eia\u013e \u010dasto kame\u0148 \u00farazu, kv\u00f4li ktor\u00e9mu sa nedok\u00e1\u017eeme v\u010das pusti\u0165 do testov (a \u010dastokr\u00e1t n\u00e1sledne stihn\u00fa\u0165 deadline testovania). Ak toti\u017e nestihneme deadline nie na\u0161im zavinen\u00edm, tak do pokra\u010dovania testov sa vieme pusti\u0165 a\u017e ke\u010f na\u0161i testeri bud\u00fa ma\u0165 op\u00e4\u0165 \u010das. \u010co z\u00e1kazn\u00edka m\u00f4\u017ee st\u00e1\u0165 \u010fal\u0161ie peniaze a \u010das.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Preto je ve\u013emi d\u00f4le\u017eit\u00e9, aby z\u00e1kazn\u00edk pripravil v\u010das a poriadne prostredie, ktor\u00e9 m\u00e1 by\u0165 predmetom na\u0161ich testov. Ke\u010f\u017ee agres\u00edvne penetra\u010dn\u00e9 testovanie m\u00f4\u017ee sp\u00f4sobi\u0165 p\u00e1d syst\u00e9mov, aplik\u00e1ci\u00ed, \u010di po\u0161kodenie d\u00e1t, tak preferujeme vykon\u00e1vanie testov prim\u00e1rne v testovacom alebo pred produk\u010dnom prostred\u00ed (to je tak\u00e9, ktor\u00e9 je \u010do najviac identick\u00e9 s produk\u010dn\u00fdm prostred\u00edm). S\u00favis\u00ed to tie\u017e s t\u00fdm, \u017ee chceme minimalizova\u0165 ak\u00fako\u013evek zodpovednos\u0165 za \u0161kody sp\u00f4soben\u00e9 na\u0161im testovan\u00edm, ktor\u00e9 principi\u00e1lne nem\u00f4\u017eeme nies\u0165. Ak sa z\u00e1kazn\u00edk boj\u00ed, \u017ee na\u0161e testovanie sp\u00f4sob\u00ed v\u00fdpadok jeho slu\u017eieb alebo po\u0161kodenie d\u00e1t, tak by mal spravi\u0165 v\u0161etko preto, aby mal k dispoz\u00edcii testovacie alebo predproduk\u010dn\u00e9 prostredie, kde m\u00f4\u017eeme vykona\u0165 potenci\u00e1lne agres\u00edvne testovanie. Ak toto nedok\u00e1\u017ee zabezpe\u010di\u0165 a vy\u017eaduje testovanie v produk\u010dnom prostred\u00ed (\u010do sa n\u00e1m bohu\u017eia\u013e niekedy st\u00e1va), tak by mal ma\u0165 k dispoz\u00edcii aktu\u00e1lne z\u00e1lohy a po\u010das testovania k dispoz\u00edcii svojho aplika\u010dn\u00e9ho alebo syst\u00e9mov\u00e9ho administr\u00e1tora, ktor\u00e9mu dok\u00e1\u017eeme kedyko\u013evek zavola\u0165, ke\u010f n\u00e1m testovan\u00e1 aplik\u00e1cia vypadne alebo prestane norm\u00e1lne reagova\u0165.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Tie\u017e je d\u00f4le\u017eit\u00e9, aby po\u010das testovania z\u00e1kazn\u00edk testovan\u00e9 prostredie nijako nemenil \u010di neaktualizoval, \u010do m\u00f4\u017ee sp\u00f4sobi\u0165 nekonzistenciu na\u0161ich odhalen\u00fdch n\u00e1lezov.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Z\u00e1kazn\u00edk by pod\u013ea podp\u00edsanej zmluvy mal zabezpe\u010di\u0165 k d\u00e1tumu spustenia samotn\u00e9ho testovania pr\u00edstup v\u0161etk\u00fdm na\u0161im penetra\u010dn\u00fdm testerom &#8211; overi\u0165 \u010di funguje VPN spojenie, ktor\u00e9 n\u00e1m poskytol ako aj samotn\u00e9 testovacie \u00fa\u010dty. Ak samotn\u00e9 prihlasovanie vy\u017eaduje druh\u00fd faktor (OTP kalkula\u010dku alebo hardv\u00e9rov\u00fd token), tak je potrebn\u00e9, aby n\u00e1m ho v\u010das doru\u010dil.<\/span><\/p>\n<h1><span style=\"font-weight: 400;\"><a id=\"Expectations\"><\/a>Testovanie \u00faspe\u0161ne prebieha, \u010do m\u00e1m \u010daka\u0165?<\/span><\/h1>\n<p><span style=\"font-weight: 400;\">Po zabezpe\u010den\u00ed testovacieho prostredia a testovac\u00edch \u00fa\u010dtoch sa vo fin\u00e1le p\u00fa\u0161\u0165ame do testov. Ak ide o testovanie v testovacom alebo predproduk\u010dnom prostred\u00ed, tak na\u0161i testeri vykon\u00e1vaj\u00fa testy prakticky nonstop (preferovan\u00e1 situ\u00e1cia).\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Ak ide o testovanie produk\u010dn\u00e9ho prostredia, tak sa m\u00f4\u017eeme prisp\u00f4sobi\u0165 \u010dasov\u00fdm po\u017eiadavk\u00e1m z\u00e1kazn\u00edka (niektor\u00ed vy\u017eaduj\u00fa testovanie mimo pracovnej prev\u00e1dzky, aby testovanie negat\u00edvne neovplyv\u0148ovalo funk\u010dnos\u0165 testovanej aplik\u00e1cie, niektor\u00ed naopak vy\u017eaduj\u00fa testovanie po\u010das pracovnej prev\u00e1dzky, aby administr\u00e1tori a v\u00fdvoj\u00e1ri aplik\u00e1cie u z\u00e1kazn\u00edka dok\u00e1zali okam\u017eite reagova\u0165 na pr\u00edpadn\u00e9 ot\u00e1zky zo strany na\u0161ich testerov).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Ak po\u010das testovania odhal\u00edme kritick\u00e9 zranite\u013enosti v testovanej aplik\u00e1cii, syst\u00e9me alebo v infra\u0161trukt\u00fare, ktor\u00e9 by mohli vies\u0165 k \u00faniku citliv\u00fdch inform\u00e1ci\u00ed alebo znefunk\u010dneniu, tak okam\u017eite kontaktujeme (telefonicky alebo e-mailom) z\u00e1kazn\u00edka. A po\u017eiadame ho bezprostredn\u00fa opravu.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Kritick\u00e9 ako aj v\u0161etky menej kritick\u00e9 zranite\u013enosti na\u0161i testeri zahrn\u00fa do v\u00fdslednej spr\u00e1vy, ktor\u00e1 je na konci testovania zaslan\u00e1 a odprezentovan\u00e1 z\u00e1kazn\u00edkovi (pok\u00fdm je to mo\u017en\u00e9, tak v \u0161ifrovanej forme).<\/span><\/p>\n<h1><span style=\"font-weight: 400;\"><a id=\"Report\"><\/a>V\u00fdsledn\u00e1 spr\u00e1va<\/span><\/h1>\n<p><span style=\"font-weight: 400;\">Na konci ka\u017ed\u00e9ho penetra\u010dn\u00e9ho testu alebo bezpe\u010dnostn\u00e9ho auditu, od n\u00e1s obdr\u017e\u00edte profesion\u00e1lne vypracovan\u00fa v\u00fdsledn\u00fa spr\u00e1vu (v angli\u010dtine alebo inom podporovanom jazyku).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">V\u00fdsledn\u00e1 spr\u00e1va obsahuje na za\u010diatku mana\u017e\u00e9rske zhrnutie a v\u00fdsledky testov pre jednotliv\u00e9 aplik\u00e1cie, slu\u017eby \u010di syst\u00e9my. V\u00fdsledky obsahuj\u00fa zoznam odhalen\u00fdch zranite\u013enost\u00ed zoraden\u00fdch pod\u013ea stup\u0148a z\u00e1va\u017enosti &#8211; od kritick\u00fdch zranite\u013enosti, cez zranite\u013enosti s vysok\u00fdm, stredn\u00fdm a n\u00edzkym stup\u0148om z\u00e1va\u017enosti. Ku ka\u017edej odhalenej zranite\u013enosti je uveden\u00fd detailn\u00fd popis, stupe\u0148 z\u00e1va\u017enosti a rie\u0161enie ako uveden\u00fa zranite\u013enos\u0165 opravi\u0165. Ak uveden\u00fa zranite\u013enos\u0165 nie je jednoduch\u00e9 opravi\u0165, tak uvedieme tie\u017e \u201cworkaround\u201d, ktor\u00fd umo\u017en\u00ed negat\u00edvny dopad danej zranite\u013enosti \u010do najviac minimalizova\u0165. Ka\u017ed\u00e1 zranite\u013enos\u0165 obsahuje tie\u017e volite\u013en\u00e9 odkazy na CVE, \u010di in\u00fd \u0161tandardizovan\u00fd alebo komunitn\u00fd popis.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Detailn\u00fd bezpe\u010dnostn\u00fd audit obsahuje v cene aj osobn\u00fa prezent\u00e1ciu v\u00fdsledkov, ktor\u00fa je mo\u017en\u00e9 spravi\u0165 aj online a pr\u00edpadne si ju doobjedna\u0165 pre ak\u00fdko\u013evek in\u00fd vykonan\u00fd test. V tejto prezent\u00e1cii na\u0161i testeri vysvetlia v\u00fdvoj\u00e1rom aplik\u00e1cie alebo syst\u00e9mu, ako je mo\u017en\u00e9 uveden\u00e9 odhalen\u00e9 zranite\u013enosti zneu\u017ei\u0165 a samozrejme ako ich opravi\u0165. Tie\u017e ako je mo\u017en\u00e9 v bud\u00facnosti predch\u00e1dza\u0165 uveden\u00fdm zranite\u013enostiam (bezpe\u010dnostn\u00fdm chyb\u00e1m).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">V\u00fdsledn\u00e1 spr\u00e1va je platn\u00e1 k d\u00e1tumu odovzdania z\u00e1kazn\u00edkovi. Bohu\u017eia\u013e po tomto \u010dase nedok\u00e1\u017eeme garantova\u0165, \u017ee sa neobjav\u00ed nejak\u00e1 nov\u00e1 kritick\u00e1 zranite\u013enos\u0165, ktor\u00e1 bude zneu\u017eit\u00e1. Preto odpor\u00fa\u010dame realizova\u0165 opakovan\u00e9 testy a aplik\u00e1ciu tie\u017e zaradi\u0165 do bug bounty programu.<\/span><\/p>\n<p>V <a href=\"\/sk\/prirucka-nasho-zakaznika-iii\/\">tretej nasleduj\u00facej \u010dasti \u010dl\u00e1nku<\/a> si povieme nie\u010do o tom, ako funguj\u00fa opakovan\u00e9 penetra\u010dn\u00e9 testy, bug bounty programy, ak\u00e9 technologick\u00e9 certifik\u00e1ty na etick\u00e9 hackovanie s\u00fa najlep\u0161ie a tie\u017e o tom, ak\u00e9 s\u00fa v\u00fdhody slobodnej voluntaryistickej firmy ako je t\u00e1 na\u0161a.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Toto je druh\u00e9 pokra\u010dovanie \u010dl\u00e1nku Pr\u00edru\u010dka n\u00e1\u0161ho z\u00e1kazn\u00edka I &#8211; Ak\u00fd penetra\u010dn\u00fd test alebo bezpe\u010dnostn\u00fd audit potrebujem? (RFI). Chcem ponuku, \u010do odo m\u0148a potrebujete? (RFP) Ak u\u017e presne viete, o ak\u00e9 penetra\u010dn\u00e9 testy alebo bezpe\u010dnostn\u00e9 audity m\u00e1te z\u00e1ujem, tak n\u00e1s nev\u00e1hajte kontaktova\u0165. M\u00f4\u017eete to u\u010dini\u0165 aj bezpe\u010dn\u00fdm \u0161ifrovan\u00fdm sp\u00f4sobom &#8211; zasla\u0165 n\u00e1m S\/MIME alebo PGP [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":5542,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[2870],"tags":[2884,511,2868,2869,40,496,2883,513,2882],"class_list":["post-5541","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-agreement","tag-bezpecnostne-audity-sk","tag-eticke-hackovanie","tag-it-bezpecnostne-sluzby","tag-owasp","tag-penetracne-testy-sk","tag-report","tag-socialne-inzinierstvo-sk","tag-web-security-testing-guide-sk"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Pr\u00edru\u010dka n\u00e1\u0161ho z\u00e1kazn\u00edka II - Nethemba<\/title>\n<meta name=\"description\" content=\"Chcem ponuku, \u010do odo m\u0148a potrebujete? (RFP). Rozhodol som sa pre va\u0161e slu\u017eby, po\u010fme do toho! Ako priprav\u00edm testovacie prostredie a testovacie \u00fa\u010dty? Testovanie \u00faspe\u0161ne prebieha, \u010do m\u00e1m \u010daka\u0165? V\u00fdsledn\u00e1 spr\u00e1va\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/\" \/>\n<meta property=\"og:locale\" content=\"sk_SK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Pr\u00edru\u010dka n\u00e1\u0161ho z\u00e1kazn\u00edka II - Nethemba\" \/>\n<meta property=\"og:description\" content=\"Chcem ponuku, \u010do odo m\u0148a potrebujete? (RFP). Rozhodol som sa pre va\u0161e slu\u017eby, po\u010fme do toho! Ako priprav\u00edm testovacie prostredie a testovacie \u00fa\u010dty? Testovanie \u00faspe\u0161ne prebieha, \u010do m\u00e1m \u010daka\u0165? V\u00fdsledn\u00e1 spr\u00e1va\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/\" \/>\n<meta property=\"og:site_name\" content=\"Nethemba\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/nethemba\" \/>\n<meta property=\"article:published_time\" content=\"2020-12-21T11:40:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-12-29T11:49:32+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nethemba.com\/wp-content\/uploads\/2020\/12\/nda.png\" \/>\n\t<meta property=\"og:image:width\" content=\"680\" \/>\n\t<meta property=\"og:image:height\" content=\"234\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Pavol Lupt\u00e1k\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@nethemba\" \/>\n<meta name=\"twitter:site\" content=\"@nethemba\" \/>\n<meta name=\"twitter:label1\" content=\"Autor\" \/>\n\t<meta name=\"twitter:data1\" content=\"Pavol Lupt\u00e1k\" \/>\n\t<meta name=\"twitter:label2\" content=\"Predpokladan\u00fd \u010das \u010d\u00edtania\" \/>\n\t<meta name=\"twitter:data2\" content=\"16 min\u00fat\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/\"},\"author\":{\"name\":\"Pavol Lupt\u00e1k\",\"@id\":\"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234\"},\"headline\":\"Pr\u00edru\u010dka n\u00e1\u0161ho z\u00e1kazn\u00edka II\",\"datePublished\":\"2020-12-21T11:40:23+00:00\",\"dateModified\":\"2020-12-29T11:49:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/\"},\"wordCount\":3141,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/nethemba.com\/wp-content\/uploads\/2020\/12\/nda.png\",\"keywords\":[\"agreement\",\"bezpe\u010dnostn\u00e9 audity\",\"etick\u00e9 hackovanie\",\"it bezpe\u010dnostn\u00e9 slu\u017eby\",\"OWASP\",\"penetra\u010dn\u00e9 testy\",\"report\",\"soci\u00e1lne in\u017einierstvo\",\"web security testing guide\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"sk-SK\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/\",\"url\":\"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/\",\"name\":\"Pr\u00edru\u010dka n\u00e1\u0161ho z\u00e1kazn\u00edka II - Nethemba\",\"isPartOf\":{\"@id\":\"https:\/\/nethemba.com\/de\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/nethemba.com\/wp-content\/uploads\/2020\/12\/nda.png\",\"datePublished\":\"2020-12-21T11:40:23+00:00\",\"dateModified\":\"2020-12-29T11:49:32+00:00\",\"author\":{\"@id\":\"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234\"},\"description\":\"Chcem ponuku, \u010do odo m\u0148a potrebujete? (RFP). Rozhodol som sa pre va\u0161e slu\u017eby, po\u010fme do toho! Ako priprav\u00edm testovacie prostredie a testovacie \u00fa\u010dty? Testovanie \u00faspe\u0161ne prebieha, \u010do m\u00e1m \u010daka\u0165? V\u00fdsledn\u00e1 spr\u00e1va\",\"breadcrumb\":{\"@id\":\"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/#breadcrumb\"},\"inLanguage\":\"sk-SK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"sk-SK\",\"@id\":\"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/#primaryimage\",\"url\":\"https:\/\/nethemba.com\/wp-content\/uploads\/2020\/12\/nda.png\",\"contentUrl\":\"https:\/\/nethemba.com\/wp-content\/uploads\/2020\/12\/nda.png\",\"width\":680,\"height\":234},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/nethemba.com\/sk\/domov\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Pr\u00edru\u010dka n\u00e1\u0161ho z\u00e1kazn\u00edka II\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/nethemba.com\/de\/#website\",\"url\":\"https:\/\/nethemba.com\/de\/\",\"name\":\"Nethemba\",\"description\":\"We care about your security\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/nethemba.com\/de\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"sk-SK\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234\",\"name\":\"Pavol Lupt\u00e1k\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"sk-SK\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"caption\":\"Pavol Lupt\u00e1k\"},\"sameAs\":[\"https:\/\/www.nethemba.com\/\"],\"url\":\"https:\/\/nethemba.com\/sk\/author\/nethemba-admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Pr\u00edru\u010dka n\u00e1\u0161ho z\u00e1kazn\u00edka II - Nethemba","description":"Chcem ponuku, \u010do odo m\u0148a potrebujete? (RFP). Rozhodol som sa pre va\u0161e slu\u017eby, po\u010fme do toho! Ako priprav\u00edm testovacie prostredie a testovacie \u00fa\u010dty? Testovanie \u00faspe\u0161ne prebieha, \u010do m\u00e1m \u010daka\u0165? V\u00fdsledn\u00e1 spr\u00e1va","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/","og_locale":"sk_SK","og_type":"article","og_title":"Pr\u00edru\u010dka n\u00e1\u0161ho z\u00e1kazn\u00edka II - Nethemba","og_description":"Chcem ponuku, \u010do odo m\u0148a potrebujete? (RFP). Rozhodol som sa pre va\u0161e slu\u017eby, po\u010fme do toho! Ako priprav\u00edm testovacie prostredie a testovacie \u00fa\u010dty? Testovanie \u00faspe\u0161ne prebieha, \u010do m\u00e1m \u010daka\u0165? V\u00fdsledn\u00e1 spr\u00e1va","og_url":"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/","og_site_name":"Nethemba","article_publisher":"https:\/\/www.facebook.com\/nethemba","article_published_time":"2020-12-21T11:40:23+00:00","article_modified_time":"2020-12-29T11:49:32+00:00","og_image":[{"width":680,"height":234,"url":"https:\/\/nethemba.com\/wp-content\/uploads\/2020\/12\/nda.png","type":"image\/png"}],"author":"Pavol Lupt\u00e1k","twitter_card":"summary_large_image","twitter_creator":"@nethemba","twitter_site":"@nethemba","twitter_misc":{"Autor":"Pavol Lupt\u00e1k","Predpokladan\u00fd \u010das \u010d\u00edtania":"16 min\u00fat"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/#article","isPartOf":{"@id":"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/"},"author":{"name":"Pavol Lupt\u00e1k","@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234"},"headline":"Pr\u00edru\u010dka n\u00e1\u0161ho z\u00e1kazn\u00edka II","datePublished":"2020-12-21T11:40:23+00:00","dateModified":"2020-12-29T11:49:32+00:00","mainEntityOfPage":{"@id":"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/"},"wordCount":3141,"commentCount":0,"image":{"@id":"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/#primaryimage"},"thumbnailUrl":"https:\/\/nethemba.com\/wp-content\/uploads\/2020\/12\/nda.png","keywords":["agreement","bezpe\u010dnostn\u00e9 audity","etick\u00e9 hackovanie","it bezpe\u010dnostn\u00e9 slu\u017eby","OWASP","penetra\u010dn\u00e9 testy","report","soci\u00e1lne in\u017einierstvo","web security testing guide"],"articleSection":["Blog"],"inLanguage":"sk-SK","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/","url":"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/","name":"Pr\u00edru\u010dka n\u00e1\u0161ho z\u00e1kazn\u00edka II - Nethemba","isPartOf":{"@id":"https:\/\/nethemba.com\/de\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/#primaryimage"},"image":{"@id":"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/#primaryimage"},"thumbnailUrl":"https:\/\/nethemba.com\/wp-content\/uploads\/2020\/12\/nda.png","datePublished":"2020-12-21T11:40:23+00:00","dateModified":"2020-12-29T11:49:32+00:00","author":{"@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234"},"description":"Chcem ponuku, \u010do odo m\u0148a potrebujete? (RFP). Rozhodol som sa pre va\u0161e slu\u017eby, po\u010fme do toho! Ako priprav\u00edm testovacie prostredie a testovacie \u00fa\u010dty? Testovanie \u00faspe\u0161ne prebieha, \u010do m\u00e1m \u010daka\u0165? V\u00fdsledn\u00e1 spr\u00e1va","breadcrumb":{"@id":"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/#breadcrumb"},"inLanguage":"sk-SK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/"]}]},{"@type":"ImageObject","inLanguage":"sk-SK","@id":"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/#primaryimage","url":"https:\/\/nethemba.com\/wp-content\/uploads\/2020\/12\/nda.png","contentUrl":"https:\/\/nethemba.com\/wp-content\/uploads\/2020\/12\/nda.png","width":680,"height":234},{"@type":"BreadcrumbList","@id":"https:\/\/nethemba.com\/sk\/prirucka-nasho-zakaznika-ii\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nethemba.com\/sk\/domov\/"},{"@type":"ListItem","position":2,"name":"Pr\u00edru\u010dka n\u00e1\u0161ho z\u00e1kazn\u00edka II"}]},{"@type":"WebSite","@id":"https:\/\/nethemba.com\/de\/#website","url":"https:\/\/nethemba.com\/de\/","name":"Nethemba","description":"We care about your security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nethemba.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"sk-SK"},{"@type":"Person","@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234","name":"Pavol Lupt\u00e1k","image":{"@type":"ImageObject","inLanguage":"sk-SK","@id":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","caption":"Pavol Lupt\u00e1k"},"sameAs":["https:\/\/www.nethemba.com\/"],"url":"https:\/\/nethemba.com\/sk\/author\/nethemba-admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/posts\/5541","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/comments?post=5541"}],"version-history":[{"count":0,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/posts\/5541\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/media\/5542"}],"wp:attachment":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/media?parent=5541"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/categories?post=5541"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/tags?post=5541"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}