The necessary inputs and requirements are:
Phase 1: Access to the integration branch of the repository for the not-yet-deployed application’s source code. Ethical Hacking focuses on the source code.
Phase 2: When the project has a deployed application (Integration Environment), the hacking coverage expands to include application security testing.
Phase 3: This phase applies only if the infrastructure supporting the application is defined as code and kept in the integration branch of the repository referred to in Phase 1. This phase includes infrastructure hacking.
Git and a monitored environment
in the branch are required,
through automated Linux.
The following environments are not supported:
- Access through a
VPNthat only runs on
Windowsthat requires manual interaction such as an
VPNSite to Site.
The Squad plan needs access to the source code because it is based on continuous attacks on the latest version available.
with one condition.
The code must be stored
in the same branch
in each repository.
If it is agreed
that all attacks will be performed
then this same branch
must be present
in all of the repositories
included for hacking.
The Squad plan is based
for version control.
Git is necessary
for she Squad plan.
No. It is independent of the client’s development methodology. The Squad plan test results become a planning tool in future development cycles. They do not prevent the continuation of development.
No. The client can use whatever repository they deem appropriate. We only require access to the integration branch and its respective environment.