Common Pentest Findings

Overview

These findings are ranked from most Critical to Least. The list is not all inclusive and is more just a list of findings commonly seen on external pentests.

1. Insufficient Authentication Controls

2. Weak Password Policy

3. Insufficient Patching

4. Default Credentials

5. Insufficient Encryption

6. Information Disclosure

7. Username Enumeration

8. Default Web Pages

9. Open Mail Relays

10. IKE Aggressive Mode

11. Unexpected Perimeter Services

12. Insufficient Traffic Blocking

13. Undetected Malicious Activity

14. Historical Account Compromises