Common Pentest Findings

Overview

These findings are ranked from most Critical to Least. The list is not all inclusive and is more just a list of findings commonly seen on external pentests.

  1. Insufficient Authentication Controls

  2. Weak Password Policy

  3. Insufficient Patching

  4. Default Credentials

  5. Insufficient Encryption

  6. Information Disclosure

  7. Username Enumeration

  8. Default Web Pages

  9. Open Mail Relays

  10. IKE Aggressive Mode

  11. Unexpected Perimeter Services

  12. Insufficient Traffic Blocking

  13. Undetected Malicious Activity

  14. Historical Account Compromises

PreviousEscalating AccessNextInsufficient Authentication Controls

Last updated

Was this helpful?