Enterprise Security Testing Reference

Vulnerability Assessment
& Penetration Testing
Classification Guide

An authoritative, consultant-grade reference defining the precise legal, technical, and operational boundaries between Vulnerability Assessment and Penetration Testing across all enterprise attack surfaces. Aligned with 2024+ industry standards, Indian regulatory mandates, and global compliance frameworks.

Edition 2024 — 2025 Enterprise

Standard Alignment ISO 27001 · NIST · OWASP · PCI DSS

Jurisdictions India (IT Act, CERT-In, RBI, SEBI, IRDAI, DPDP) · US (CFAA) · UK (CMA)

Audience Security Teams · Compliance · Legal · Risk

Classification:

VA — Assess Only

PT — Exploit / Simulate

VA Boundary — Tipping Point

PT Boundary — RoE Required

Legal Warning

Part I · Foundations

Core Definitions & Principles

The following definitions establish the canonical, legally defensible distinction between Vulnerability Assessment and Penetration Testing. These definitions govern all domain-specific interpretations throughout this document and must be applied uniformly across all engagements, regardless of scope or client sector.

🔍

Vulnerability Assessment (VA) — Master Definition

NON-EXPLOITATIVE

A Vulnerability Assessment is a structured, systematic process of identifying, enumerating, categorising, and prioritising security weaknesses within a defined target environment. VA operates exclusively within a passive-to-semi-active discovery mode. Under no circumstances does a VA exercise involve the confirmation of exploitability through active exploitation, payload delivery, or any action that modifies system state beyond what is inherent to authorised scanning.

The intellectual output of a VA is a ranked inventory of vulnerabilities with contextual risk ratings (typically aligned with CVSS v3.1 / CVSS v4.0), remediation guidance, and compliance gap mapping. The output does not, and must not, include exploitation evidence, session tokens captured through active attacks, or proof-of-impact artefacts.

Canonical Characteristics

Identification and enumeration of vulnerabilities (CVE/CWE mapping)
Automated and manual scanning within authorised scope
Configuration review and misconfiguration detection
Version fingerprinting and EOL/EOS component identification
Compliance gap assessment (CERT-In, PCI DSS, ISO 27001, etc.)
OSINT-based surface enumeration (passive reconnaissance only)
Risk scoring and prioritisation using CVSS, EPSS, or SSVC
Remediation roadmap generation

Explicitly Excluded from VA Scope

Active exploitation of any identified vulnerability
Delivery of attack payloads (shellcode, SQL injections to confirm RCE, etc.)
Privilege escalation to confirm root/admin access
Lateral movement within networks
Data exfiltration — even as proof-of-concept
Bypassing authentication controls to gain access
Any action that modifies, encrypts, deletes, or corrupts data
Social engineering of personnel

Framework Alignment: ISO/IEC 27005:2022 defines VA as a component of risk identification. NIST SP 800-115 (Section 4) classifies VA-level activities as "target identification and analysis." OWASP Testing Guide v4.2 provides domain-specific test cases operable within VA scope. CERT-In's empanelment criteria require VA to be conducted prior to PT in phased engagements.

⚡

Penetration Testing (PT) — Master Definition

EXPLOIT · RoE MANDATORY

A Penetration Test is a legally authorised, adversarial simulation in which a qualified tester (or team) actively attempts to exploit identified or suspected vulnerabilities to confirm real-world impact. PT extends beyond discovery into controlled exploitation: establishing footholds, escalating privileges, moving laterally, and demonstrating tangible impact (e.g., data access, system compromise, service disruption).

Penetration Testing is governed by a mandatory, pre-signed Rules of Engagement (RoE) document, which defines the authorised scope, permitted techniques, escalation contacts, emergency stop conditions, and legal authorisation. No written RoE = No PT. Any exploitation activity without written RoE constitutes an unauthorised intrusion under applicable cybercrime law.

Canonical Characteristics

Active exploitation of vulnerabilities to confirm impact (proof-of-exploitation)
Privilege escalation from low-privilege entry points to administrative control
Lateral movement and pivoting across network segments
Credential theft, pass-the-hash, pass-the-ticket, token manipulation
Controlled data access demonstration (no exfiltration of real data without explicit permission)
Post-exploitation persistence mechanism testing
Social engineering and phishing simulation (where explicitly in scope)
Physical security testing (where in scope)
Full attack chain simulation (kill-chain or MITRE ATT&CK aligned)

⚠ Legal Warning — India: Exploitation of systems without explicit written authorisation constitutes an offence under Section 43 and Section 66 of the IT Act 2000 (as amended 2008), carrying penalties up to ₹1 crore and imprisonment up to 3 years. Under CERT-In Directions 2022, security service providers must maintain records of all security testing activities. DPDP Act 2023 additionally applies where personal data may be accessed during testing.

⚠ Legal Warning — Global: Unauthorised computer access is prosecuted under the Computer Fraud and Abuse Act (CFAA, 18 U.S.C. § 1030) in the US and the Computer Misuse Act 1990 (CMA) in the UK, regardless of intent. Other equivalent laws apply in EU (NIS2 Directive), Australia (Criminal Code Act 1995), Singapore (Computer Misuse Act), and UAE (Federal Law No. 5 of 2012).

📋

Rules of Engagement (RoE) — Mandatory Requirements

LEGALLY BINDING

A Rules of Engagement document is the sole instrument that converts an otherwise illegal exploitation activity into a lawful penetration test. The following are non-negotiable minimum requirements for any RoE governing PT activity:

Written authorisation from the asset owner (not merely IT/security staff — board-level or CIO-level sign-off is best practice for high-risk engagements)
Explicit scope definition: IP ranges, hostnames, URLs, API endpoints, environments (production vs. staging), and cloud account IDs
Explicit out-of-scope declaration: third-party systems, production databases, payment systems (unless specifically approved), critical infrastructure
Permitted techniques and tools (e.g., exploitation frameworks, social engineering, physical access)
Prohibited techniques (e.g., destructive payloads, ransomware simulation, DDoS)
Testing window: dates, times, time zones
Emergency stop / abort procedure and escalation contacts (24/7 reachable)
Incident response coordination: SOC/SIEM awareness of the test (or explicit black-box blinding agreement)
Data handling clauses: prohibition on real data exfiltration, evidence destruction post-engagement
Jurisdiction and governing law clause
Third-party system notification: Cloud provider approval (AWS, Azure, GCP have specific testing notification policies)

Vendor-Specific Requirements: AWS requires customers to comply with its Customer Support Policy for Penetration Testing — no prior approval is needed for most services but prohibited activities are defined. Microsoft Azure requires customers to fill the Penetration Testing Notification form for tests against Azure infrastructure. Google Cloud requires notification for any test affecting shared infrastructure. Failure to comply with cloud provider requirements may result in account suspension.

Part II · Legal & Compliance Framework

Regulatory Alignment & Compliance Obligations

The following section maps VAPT activities to applicable regulatory frameworks. Compliance with these frameworks is mandatory where stated. Security testing activities must be documented in a manner that satisfies audit requirements under each applicable standard.

⚖️

Compliance & Regulatory Framework Matrix

India — Regulatory Mandates

IT Act 2000 (Amended 2008) CERT-In Directions 2022 RBI Cybersecurity Framework SEBI Cyber Resilience Framework IRDAI Cybersecurity Guidelines DPDP Act 2023 NCIIPC Guidelines MeitY Cloud Policy

IT Act 2000 / ITA 2008: Sections 43, 43A, 66, 66B, 66C, 66F define criminal liability for unauthorised computer access, data theft, and disruption of critical infrastructure. VAPT without authorisation is an offence regardless of intent.
CERT-In Directions 2022: Mandatory 6-hour breach reporting timeline; security service providers must maintain audit logs for 180 days. VAPT firms empanelled with CERT-In must comply with reporting standards. VA/PT reports may be subject to regulatory inspection.
RBI (BFSI): RBI Cybersecurity Framework (2016, updated circulars) mandates annual VAPT for regulated entities (banks, NBFCs, payment aggregators). Scope must include internet-facing and core banking systems. VAPT must be conducted by CERT-In empanelled agencies for regulated entities.
SEBI Cyber Resilience Framework (2023): Mandates bi-annual VAPT for Market Infrastructure Institutions (MIIs) and quarterly for critical systems. Includes requirements for red team exercises (advanced PT) for Qualified Stock Brokers (QSBs).
IRDAI Cybersecurity Guidelines (2023): Insurers and TPAs must conduct annual VAPT. Scope includes insurer portals, mobile applications, and data-sharing APIs with third parties.
DPDP Act 2023: Data Fiduciaries must implement appropriate technical safeguards. VAPT is an expected control. Testers who access personal data during testing must operate under data processing agreements. Consent mechanisms must not be bypassed without written authorisation.

Global — International Standards

ISO/IEC 27001:2022 ISO/IEC 27002:2022 ISO/IEC 27005:2022 NIST SP 800-53 Rev5 NIST SP 800-115 NIST SP 800-61 Rev2 OWASP ASVS 4.0 OWASP Testing Guide v4.2 OWASP API Security Top 10 PCI DSS v4.0 SOC 2 (AICPA TSC) CSA CCM v4.0 MITRE ATT&CK v14 CIS Controls v8

ISO/IEC 27001:2022 (Annex A, Control 8.8): Requires management of technical vulnerabilities. VAPT is a primary mechanism. Clause 9.1 mandates monitoring and measurement, including security testing.
ISO/IEC 27005:2022: Provides the risk assessment framework within which VA findings feed. Risk treatment decisions determine whether PT is required to confirm exploitability and business impact.
NIST SP 800-115: The definitive technical guide to information security testing and assessment. Distinguishes between "testing" (active), "examination" (passive/VA), and "interviews." PT falls under active testing per NIST taxonomy.
NIST SP 800-53 Rev5 (CA-8): Penetration Testing control — organisations must conduct PT at defined frequencies and following system changes. VA is addressed under RA-5 (Vulnerability Monitoring and Scanning).
PCI DSS v4.0 (Req. 11.3 & 11.4): Requires internal and external VA scans (11.3) and annual penetration testing (11.4) with network and application layer coverage. PT must use industry-accepted methodology and be performed by qualified testers (internal or external).
SOC 2 (Common Criteria CC7.1): Requires vulnerability management processes. PT may be required depending on risk profile and auditor expectations. PT findings must be treated as control deficiencies if unaddressed.

Part III · Domain-Specific Reference

VA & PT Definitions, Boundaries & Legal Thresholds by Attack Surface

Each domain below provides independently scoped VA and PT definitions, explicit boundary conditions, grey-zone analysis, and legally relevant considerations. Tester teams must read and apply the domain-specific section relevant to their engagement scope, in addition to the master definitions in Part I.

🌐

Domain 1 — Web Applications

HTTP · HTTPS · Browser-Based

◼ VA — Vulnerability Assessment

Web Application VA — Definition & Permitted Activities

Web application VA encompasses the systematic identification of security weaknesses in web-accessible software interfaces using passive reconnaissance, authenticated and unauthenticated scanning, manual source review (where access is granted), and automated DAST/SAST tooling — all without delivering attack payloads that exploit identified findings.

Explicitly Permitted in VA

Automated DAST scanning (OWASP ZAP, Burp Suite Professional in scan mode, Nikto, Acunetix) against authorised targets — detecting but not exploiting findings
Manual crawling and application mapping (sitemap enumeration, endpoint discovery)
HTTP header analysis (CSP, HSTS, X-Frame-Options, CORS policy inspection)
Cookie attribute review (Secure, HttpOnly, SameSite flags)
TLS/SSL configuration assessment (protocol versions, cipher suites, certificate validity)
Error message and stack trace disclosure detection (observing, not triggering with intent to exploit)
Third-party component version identification (JS libraries, CMS, frameworks) and CVE mapping
Authentication mechanism review (password policy, lockout policy, MFA presence — not bypassing)
Directory and file enumeration (non-destructive; detection of exposed admin panels, backup files, .env files)
Robots.txt and sitemap.xml review
OWASP ASVS-aligned checklist review
Source code review (SAST) where source is provided under engagement terms
OSINT — public leaks, Shodan/Censys exposure, Google dorking for information disclosure

Explicitly Excluded from Web VA

Submitting crafted SQL injection payloads to confirm database access
Delivering XSS payloads that execute in victim browser sessions
Testing CSRF with forged requests that modify application state
File upload exploitation (uploading web shells)
Authentication bypass (confirming access to protected resources)
Accessing data beyond tester's own test account without explicit permission
Business logic exploitation that results in financial or data impact

OWASP Top 10 2021 OWASP ASVS 4.0 OWASP Testing Guide v4.2 NIST SP 800-115 PCI DSS v4.0 Req. 6.4, 11.3

◼ PT — Penetration Testing

Web Application PT — Proof-of-Impact Testing

Web application penetration testing involves the controlled exploitation of identified vulnerabilities to confirm real business impact. This includes confirming data exfiltration through SQLi, session hijacking through XSS execution, file system access through path traversal, or account takeover through authentication bypass — all within authorised scope and under a signed RoE.

PT Activities — Web Applications

SQL injection exploitation to retrieve database contents (e.g., UNION SELECT, blind/time-based injection) — confirming data exposure
XSS exploitation to capture session tokens, demonstrate keylogging, or redirect to attacker-controlled pages
CSRF exploitation to perform authorised actions on behalf of authenticated victims
Authentication bypass — exploiting broken authentication to access privileged accounts
IDOR exploitation to demonstrate unauthorised object access across accounts
XXE injection to read local files or achieve SSRF
SSRF exploitation to access internal services (cloud metadata endpoints, internal APIs)
Web shell upload and execution (in isolated/staging environments only, with explicit RoE clause)
Deserialization attack exploitation
Business logic abuse chains demonstrating financial or data integrity impact
OAuth/SAML implementation flaws exploitation (token theft, account takeover)

⚠ Legal Warning: Web application PT against production systems without explicit RoE covering production access constitutes unauthorised computer access under IT Act Section 66 (India), CFAA § 1030 (US), and CMA Section 1 (UK). Testers who access third-party data (PII, financial data) during PT must comply with DPDP Act 2023 data minimisation and purpose limitation requirements. Under PCI DSS v4.0 Req. 11.4.1, PT must be conducted by a qualified internal resource or by a QSAC; findings must be documented and retained.

◼ VA Boundary — Web Applications

Exact Stopping Point & Tipping Points

The VA boundary for web applications is crossed at the moment a tester transitions from observing the potential for impact to actively inducing impact. The following table provides precise tipping points:

Activity	Classification	Rationale
Detecting a login page with no rate limiting via observation	VA	No exploitation; observation only
Automated brute-force of credentials	PT	Active exploitation of absence of lockout control
Identifying a reflected XSS parameter via scanner alert	VA	Detection without payload execution in victim context
Confirming XSS by executing `alert(document.cookie)` in authenticated session	PT	Active payload delivery with session data exposure
Observing SQLi error message from scanner probe	GREY	Passive probe may trigger DB error; see note below
Confirming SQL injection by retrieving database version or table data	PT	Exploitation with confirmed data access
Identifying an IDOR pattern (e.g., sequential user IDs)	VA	Pattern identification without accessing other users' data
Accessing another user's records by modifying the ID parameter	PT	Unauthorised data access — requires explicit RoE
Enumerating directory listing on unauthenticated path	VA	Information disclosure via passive observation
Downloading sensitive files found in directory listing	PT	Active data retrieval beyond enumeration

Grey Zone — SQLi Error Probing: Automated scanners (ZAP, Burp) routinely send error-inducing payloads (e.g., ', 1=1) as part of VA-level scanning. These are generally accepted as VA activities if they do not retrieve data. However, if the scanner payload causes a detectable data change (INSERT/UPDATE side-effects), this crosses into PT territory. Testers must configure scanners to exclude data-modifying payloads during VA phases.

◼ PT Boundary — Web Applications

PT Entry Triggers, Required Authorisations & Consequences

Trigger Points Where PT Begins

Any delivery of an exploit payload that confirms unauthorised access to application functionality
Any attempt to access, read, or modify data belonging to accounts outside the tester's own test account
Any attempt to escalate privileges within the application
Any chaining of vulnerabilities to demonstrate multi-step attack paths

Required Authorisations for Web PT

Signed RoE explicitly listing target application URLs, environments (prod/staging), and testing windows
If production testing: explicit approval for production impact, backup confirmation, change management ticket
Third-party SaaS components in scope must be explicitly approved (vendor notification may be required)
CDN provider approval if WAF bypass testing is in scope
Confirmation that application logging/SOC is aware (unless black-box test is explicitly designed)

Enterprise Example: An e-commerce platform's VAPT engagement is scoped to the checkout web application. During VA, the tester identifies a potential SQLi in a coupon code field and reports it. In a subsequent PT phase (new RoE), the tester exploits the SQLi to confirm access to the orders table — demonstrating order data exposure. The PT phase requires separate written approval covering the orders table, confirmation that no live payment data is present, and a defined cleanup procedure. Proceeding to the PT phase without these approvals — even with the VA finding as justification — constitutes an unauthorised intrusion.

🔌

Domain 2 — APIs (REST · GraphQL · SOAP · gRPC)

API Security

◼ VA — API Vulnerability Assessment

API VA — Definition & Permitted Activities

API VA involves the systematic security review of API endpoints using documentation analysis, schema validation, automated scanning, and manual inspection — without exploiting identified vulnerabilities to confirm unauthorised data access or privilege escalation. The OWASP API Security Top 10 (2023) provides the definitive vulnerability taxonomy for API VA engagements.

API schema/specification review (OpenAPI/Swagger, WSDL, GraphQL introspection schema)
Authentication mechanism assessment (API key management, OAuth 2.0 flow review, JWT claim analysis without forgery)
Rate limiting and throttling control detection (observing absence, not bypassing)
Endpoint enumeration using provided documentation and passive discovery
HTTP method enumeration and unexpected method detection
Response data over-exposure analysis (identifying fields returning excessive PII or sensitive data)
CORS policy misconfiguration detection
TLS enforcement and certificate validation checks
Error response analysis (stack traces, verbose error codes, internal IP disclosure)
Mass assignment vulnerability pattern identification (field enumeration without exploitation)
Broken object-level authorisation (BOLA/IDOR) pattern identification by inspecting API patterns
Automated scanning using tools such as 42Crunch, APIsec, OWASP ZAP API scan mode

Exploiting BOLA to access another user's data objects
JWT forgery or algorithm confusion attacks to gain elevated access
Mass assignment attacks to modify privilege levels or bypass business rules
GraphQL injection or introspection abuse to extract sensitive schema data beyond tester's permission level
Confirming SSRF through callbacks to internal network services via API parameters

OWASP API Security Top 10 2023 OWASP ASVS 4.0 (V13) NIST SP 800-204 PCI DSS v4.0 Req. 6.4

◼ PT — API Penetration Testing

API PT — Proof-of-Impact Testing

API PT confirms the real-world exploitability of API vulnerabilities, demonstrating actual unauthorised data access, privilege escalation, or business logic abuse through controlled exploitation of identified weaknesses in API endpoints.

BOLA/IDOR exploitation: Accessing another user's API objects by modifying resource identifiers (e.g., GET /api/users/1234/orders → /api/users/1235/orders) — confirming cross-account data access
Broken Function-Level Authorisation (BFLA): Accessing admin-only API endpoints using non-privileged credentials
JWT attacks: Algorithm confusion (RS256 → HS256), header injection, weak secret cracking to forge tokens with elevated privileges
Mass assignment: Sending additional JSON fields to elevate role or bypass business rules
GraphQL abuse: Exploiting introspection, batch query attacks, field-level authorisation bypass, nested query DoS
SSRF via API parameters: Sending requests to internal cloud metadata services or internal APIs
Injection attacks via API inputs: SQLi, NoSQLi, command injection confirmed through API response analysis
Rate limiting bypass: IP rotation, header manipulation to confirm DoS potential or brute force viability
API key/secret leakage exploitation: Using discovered keys to authenticate as service accounts

⚠ Legal Warning: API PT against endpoints that serve third-party consumer data (B2C applications, financial APIs, healthcare APIs) requires data minimisation controls in the RoE. Under DPDP Act 2023, accessing consumer PII during API PT — even unintentionally — may constitute a data breach requiring CERT-In notification within 6 hours. The RoE must specify synthetic test data usage and prohibit access to real consumer records.

◼ VA Boundary — APIs

Exact Stopping Point & Tipping Points

Activity	Classification	Rationale
Reviewing API documentation for missing authorisation controls	VA	Documentation analysis, no exploitation
Observing that sequential user IDs are used in API paths	VA	Pattern identification without access attempt
Requesting another user's resource by incrementing ID	PT	Actual unauthorised data access attempt
Decoding a JWT to inspect claims and identify weak signing algorithm	VA	Inspection without forgery
Forging a JWT to gain access to an elevated privilege endpoint	PT	Active exploitation of crypto weakness
Identifying a GraphQL endpoint with introspection enabled	VA	Discovery of misconfiguration; no exploitation
Using introspection to map hidden mutation endpoints and test access controls	GREY	Context-dependent — mapping is VA; accessing hidden endpoints is PT
Detecting absence of rate limiting by observing API responses	VA	Observation of control absence
Executing a high-volume request flood to confirm DoS	PT	Active service disruption — requires explicit RoE and time window

Grey Zone — GraphQL Introspection: Enabling GraphQL introspection queries to retrieve schema is generally accepted as a VA activity. However, if introspection reveals hidden mutation endpoints and the tester proceeds to test access controls on those endpoints (sending requests to them), this transitions to PT. The boundary is: schema discovery (VA) vs. access testing of discovered schema elements (PT).

◼ PT Boundary — APIs

PT Entry Triggers & Required Authorisations

Any API request that accesses data objects belonging to accounts outside the tester's allocated test accounts
Any attempt to forge or manipulate authentication tokens to access elevated functionality
Any API call volume exceeding normal operational thresholds (potential DoS)
Any exploitation of injection vulnerabilities through API inputs
Any use of discovered API secrets/keys to authenticate as service or privileged accounts

The RoE for API PT must explicitly list: API base URLs, version identifiers, specific endpoint categories in scope, allocated test account credentials, and any rate limits imposed by the engagement. For financial APIs (payment, trading, banking), the RoE must confirm that test transactions are conducted in a sandbox environment only.

🌍

Domain 3 — External Network Infrastructure

Internet-Facing Perimeter

◼ VA — External Network

External Network VA — Definition & Permitted Activities

External network VA involves scanning and assessing all internet-facing assets of the organisation — including IP ranges, public DNS infrastructure, exposed services, and network perimeter devices — to identify vulnerabilities, misconfigurations, and exposure without active exploitation.

IP range and port scanning using Nmap, Masscan (within authorised IP scope)
Service version fingerprinting and banner grabbing
Vulnerability scanning using authenticated/unauthenticated scanners (Tenable Nessus, Qualys, Rapid7)
SSL/TLS configuration assessment (expired certs, weak ciphers, BEAST, POODLE, DROWN, Heartbleed detection)
DNS zone transfer attempts (identifying misconfigured DNS servers)
BGP route analysis and ASN enumeration
Firewall rule enumeration through response analysis (not firewall rule bypass)
OSINT-based asset discovery (Shodan, Censys, SecurityTrails, FOFA)
Email security assessment (SPF, DKIM, DMARC record analysis)
Exposed administrative interfaces detection (RDP, SSH, Telnet on non-standard ports)
Default credential identification (not active use of default credentials)
CVE mapping for identified service versions

Exploiting identified vulnerabilities to gain access to any system
Using discovered default credentials to authenticate
Firewall rule bypass or evasion techniques
DoS/DDoS testing without explicit RoE (never appropriate without a strict maintenance window)

◼ PT — External Network

External Network PT — Adversarial Perimeter Testing

External network PT simulates a real-world threat actor attempting to breach the organisational perimeter from the internet. This includes exploiting service vulnerabilities, credential stuffing/spraying, network protocol exploitation, and gaining an initial external foothold.

Exploitation of CVEs in identified service versions to gain remote code execution or access
Credential spraying against VPN gateways, OWA, or exposed authentication services
Default or weak credential exploitation on exposed administrative services
SSL/TLS vulnerability exploitation (Heartbleed, POODLE — on isolated test instances)
Network protocol exploitation (SMBv1, RDP BlueKeep, etc.) — in scope only where explicitly authorised
Establishing external C2 foothold and demonstrating perimeter penetration
Firewall/IDS evasion techniques to establish access (TCP fragmentation, timing-based evasion)
BGP hijacking simulation (requires extremely specific RoE and ISP coordination)

⚠ Critical Legal Consideration: External network PT MUST operate strictly within the authorised IP ranges defined in the RoE. Scanning or exploiting IP addresses adjacent to the declared scope — even if believed to belong to the same organisation — constitutes an attack on potentially third-party systems. Third-party IP ranges, shared hosting environments, and ISP infrastructure are NEVER in scope without explicit carrier-level authorisation. Under the CFAA, scanning systems without authorisation is an offence regardless of whether any data was accessed.

◼ VA Boundary — External Network

Tipping Points

Activity	Classification	Rationale
Identifying open RDP port 3389 exposed to internet	VA	Discovery of exposure; no access attempt
Attempting authentication to RDP with default credentials	PT	Active exploitation of default credential risk
Detecting Heartbleed vulnerability via scanner signature	VA	Vulnerability identification without memory extraction
Extracting memory contents via Heartbleed exploit	PT	Active data exfiltration from vulnerable service
DNS zone transfer attempt that reveals internal hostnames	GREY	Zone transfer is a legitimate protocol function; data revealed is information disclosure finding
Using revealed DNS records to map internal infrastructure	PT	Intelligence exploitation — transition to active reconnaissance for attack
Banner grabbing from exposed SMTP, FTP, SSH services	VA	Passive version identification
Logging into FTP with discovered credentials	PT	Credential exploitation — requires RoE

◼ PT Boundary — External Network

PT Entry Triggers & Authorisations

Any authentication attempt to network services (VPN, RDP, SSH, SMTP AUTH, FTP)
Any exploitation of identified CVEs in production network services
Any attempt to establish persistence on network perimeter devices
Any traffic modification or man-in-the-middle activity on network segments

The RoE for external network PT must specify: exact CIDR ranges in scope, individual out-of-scope IPs (particularly shared infrastructure, co-location neighbours), ISP and hosting provider notifications (required where shared infrastructure is involved), and a specific emergency abort contact reachable 24/7. For cloud-hosted infrastructure, cloud provider notification policies must be satisfied prior to PT commencement.

🏢

Domain 4 — Internal Network Infrastructure

LAN · WAN · Intranet · AD

◼ VA — Internal Network

Internal Network VA — Definition & Permitted Activities

Internal network VA involves the assessment of an organisation's internal network landscape — including Active Directory, network devices, internal servers, workstations, and segmentation controls — using authorised scanning from an insider vantage point, without exploiting discovered vulnerabilities.

Internal network host discovery and asset inventory (Nmap, Nessus, Qualys agent/scanner)
Internal vulnerability scanning (authenticated scans preferred for depth)
Active Directory enumeration using read-only queries (BloodHound in read-only mode, LDAP queries with authorised credentials)
Network segmentation review (identifying reachability between VLANs — not exploiting)
SMB share enumeration (identifying accessible shares, not exploiting data within them)
Internal DNS and WINS enumeration
DHCP scope and ARP table analysis
Network device configuration review (if provided: firewall rules, router ACLs)
Patch level assessment across Windows/Linux hosts
Internal service version fingerprinting
Certificate authority infrastructure review
Group Policy Object (GPO) review for security misconfigurations (read-only)

Kerberoasting, AS-REP Roasting, or any credential-extraction attack
Pass-the-Hash, Pass-the-Ticket, or lateral movement
Exploiting unpatched vulnerabilities to escalate privileges
Modifying AD objects, GPOs, or ACLs
Accessing internal file shares beyond the tester's authorised context

◼ PT — Internal Network

Internal Network PT — Full Adversarial Simulation

Internal network PT simulates a threat actor who has achieved initial access (insider threat, breached endpoint, phished user) and is attempting to expand privileges and impact. This is one of the most sensitive engagement types due to the potential for lateral movement across critical systems.

Active Directory attacks: Kerberoasting (SPN-based service account hash extraction), AS-REP Roasting, DCSync (domain controller sync simulation), Golden/Silver Ticket forgery, ADCS ESC attack chains
Lateral movement: Pass-the-Hash, Pass-the-Ticket, Over-Pass-the-Hash (PTH/PTK), NTLM relay attacks (responder + ntlmrelayx)
Privilege escalation: Local privilege escalation exploits, misconfigured services (writable service binaries, unquoted service paths, AlwaysInstallElevated)
Network attacks: LLMNR/NBT-NS poisoning (credential capture), IPv6 rogue DHCP, ARP spoofing for MITM
Credential access: SAM/LSASS dumping, DPAPI decryption, credential file hunting
Persistence mechanisms: Scheduled tasks, registry run keys, WMI subscriptions — demonstrating persistence paths
Domain dominance: Demonstrating Domain Admin compromise, DCSync capability
Segmentation bypass: Demonstrating VLAN hopping, firewall rule abuse to reach isolated segments

⚠ Legal Warning — Critical Systems: Internal network PT must explicitly exclude critical operational systems unless separately authorised: production databases, ERP/SAP systems, payment processing hosts, industrial control systems (ICS/SCADA), and backup infrastructure. Under the IT Act, disrupting computer systems that support critical infrastructure (banking, power, telecom) attracts charges under Section 66F (cyber terrorism) with penalties up to life imprisonment. The RoE must include a specific critical systems exclusion list.

◼ VA Boundary — Internal Network

Tipping Points

Activity	Classification	Rationale
Running BloodHound data collection (SharpHound) with authorised domain credentials	GREY	SharpHound uses standard LDAP queries but produces attack path intelligence — acceptable in VA if read-only and authorised credentials used; findings treated as attack surface analysis
Using BloodHound attack paths to execute privilege escalation	PT	Exploitation of identified attack path
Listing SPNs in Active Directory to identify Kerberoastable accounts	VA	Enumeration of service accounts; no hash extraction
Extracting Kerberos service ticket hashes for offline cracking	PT	Active credential extraction — exploitation
Identifying LLMNR/NBT-NS is enabled on network	VA	Protocol misconfiguration detection
Running Responder to capture NTLM hashes via poisoning	PT	Active attack: credential interception from unsuspecting users
Identifying writable service binary path in registry	VA	Misconfiguration identified without exploitation
Replacing service binary and escalating to SYSTEM	PT	Active privilege escalation via exploitation

Grey Zone — BloodHound / SharpHound: The use of BloodHound for AD attack path analysis is a well-established VA technique when used with authorised credentials and in read-only mode. However, because SharpHound enumerates attack paths that are directly actionable, some clients and auditors classify it as a PT-level tool. The engagement scope definition must explicitly address whether BloodHound collection is permitted during the VA phase, or whether it is reserved for PT.

◼ PT Boundary — Internal Network

PT Entry Triggers & Authorisations

Any credential extraction attempt (hash dumping, ticket extraction, credential file reading)
Any lateral movement attempt — connecting to systems beyond the initial entry point
Any privilege escalation attempt via exploitation
Any modification of Active Directory objects, GPOs, or access control lists
Any persistence mechanism installation
Any network poisoning or MITM attack (LLMNR poisoning, ARP spoofing, rogue DHCP)

The RoE for internal network PT must include: VLAN/subnet scope map, explicit AD domain and OU scope, critical system exclusion list, Domain Admin notification chain, SOC awareness level (white/grey/black box), and a defined blast radius limitation for destructive test techniques.

☁️

Domain 5 — Cloud: Amazon Web Services (AWS)

AWS Shared Responsibility

◼ VA — AWS

AWS VA — Definition & Permitted Activities

AWS VA assesses the security posture of an organisation's AWS environment against the Shared Responsibility Model — focusing on customer-managed controls: IAM policies, resource configurations, encryption settings, network controls, logging, and compliance posture — without exploiting discovered misconfigurations to gain unauthorised access to AWS resources.

IAM Assessment: Policy review (over-permissive policies, wildcard actions/resources), role trust relationship analysis, unused access key identification, MFA enforcement gaps, AWS IAM Access Analyzer findings review
S3 Bucket Configuration: Public access block settings, bucket ACL review, bucket policy analysis, encryption at rest verification, versioning and logging status
Network Configuration: Security Group rule analysis (overly permissive ingress/egress — 0.0.0.0/0), VPC flow log enablement, NACLs review, publicly exposed subnets
EC2/Compute: AMI public exposure, instance metadata service v1 (IMDSv1) vs v2 detection, unencrypted EBS volumes, expired/unrotated key pairs
Data Services: RDS/Aurora public accessibility, encryption status, snapshot exposure; DynamoDB public access; ElasticSearch/OpenSearch public endpoint detection
Monitoring/Logging: CloudTrail enablement and integrity, GuardDuty status, Config rules compliance, SecurityHub findings review
Serverless: Lambda function permission analysis, environment variable secrets exposure detection, execution role over-privilege assessment
Automated tools: AWS Prowler, CloudMapper, ScoutSuite, Checkov (IaC scanning), AWS Config rules, AWS Trusted Advisor, Steampipe

Exploiting over-permissive IAM roles to assume unintended permissions
Accessing S3 bucket contents beyond authorised test data
Exploiting EC2 IMDS to steal instance credentials
Using discovered IAM keys/credentials to access unauthorised services
Modifying AWS resources (security groups, IAM policies, S3 ACLs) beyond read operations

AWS Well-Architected Framework CIS AWS Foundations Benchmark v2.0 CSA CCM v4.0 NIST SP 800-53 Rev5 PCI DSS v4.0 CERT-In Cloud Guidelines

◼ PT — AWS

AWS PT — Cloud Environment Exploitation

AWS PT simulates a threat actor (external attacker or insider) who attempts to escalate privileges within the AWS environment, move laterally between services, access sensitive data, or establish persistence within the cloud account.

IAM Privilege Escalation: Exploiting over-permissive policies to assume roles or create new IAM users with elevated privileges (e.g., iam:PassRole abuse, iam:CreatePolicyVersion, sts:AssumeRole chains)
EC2 IMDS Exploitation: Accessing http://169.254.169.254/latest/meta-data/iam/security-credentials/ on IMDSv1-enabled instances to steal temporary credentials
S3 Data Access: Accessing publicly exposed or misconfigured S3 buckets to retrieve sensitive data (within authorised scope)
Cross-Service Privilege Escalation: Using Lambda role over-privileges to access DynamoDB, Secrets Manager, or SSM Parameter Store
Persistence: Creating backdoor IAM users, attaching policies to existing roles, deploying persistence Lambda functions
Shadow Access: Exploiting resource-based policies to gain cross-account access
CloudFormation/CDK Attack: Exploiting misconfigured IaC templates to deploy unauthorised resources

⚠ AWS Testing Policy: AWS does not require prior approval for security testing against resources you own. However, prohibited activities include: DNS zone walking via Route 53, DoS/DDoS simulation, port flooding, protocol flooding, request flooding against AWS infrastructure (not customer applications). Simulated DoS against customer-owned EC2/ELB requires explicit AWS notification if it may impact the underlying infrastructure. Violations may result in immediate account suspension.

⚠ Legal Warning: AWS PT must be performed against resources owned by the client organisation. Any exploitation of AWS shared infrastructure components, neighbouring tenant resources, or AWS control plane services constitutes an attack on Amazon's systems — a federal offence under CFAA and actionable under IT Act Section 66 in India.

◼ VA Boundary — AWS

Tipping Points

Activity	Classification	Rationale
Identifying a public S3 bucket via Prowler or ScoutSuite report	VA	Configuration finding; no data access
Listing contents of a public S3 bucket (`aws s3 ls s3://bucket`)	GREY	Publicly accessible; but downloading contents may constitute data access — context-dependent and must be pre-agreed in RoE
Downloading sensitive files from public S3 bucket	PT	Active data access — requires explicit RoE authorisation even if technically accessible
Identifying IMDSv1 is enabled on EC2 instance via config review	VA	Configuration misconfiguration identification
Accessing EC2 IMDS endpoint to retrieve IAM role credentials	PT	Active credential theft from cloud metadata service
Identifying over-permissive IAM policy (`s3:` on ``)	VA	Policy analysis; no exploitation
Using over-permissive policy to access other services or buckets	PT	Active exploitation of misconfigured IAM permissions
Running IAM Access Analyzer to identify external access findings	VA	AWS-native tool using read-only API calls

◼ PT Boundary — AWS

PT Entry Triggers & Authorisations

Any API call that modifies AWS resource state (IAM policy attachment, security group rule changes, instance creation/termination)
Any assumption of an IAM role beyond the tester's assigned credentials
Any access to S3 bucket data, Secrets Manager secrets, or SSM parameters beyond the authorised test scope
Any exploitation of IMDS to retrieve temporary credentials
Any cross-account access attempt or resource-sharing exploitation

☁️

Domain 6 — Cloud: Microsoft Azure

Entra ID · Azure AD · RBAC

◼ VA — Azure

Azure VA — Definition & Permitted Activities

Azure VA assesses the security configuration of Microsoft Azure environments, with particular focus on Microsoft Entra ID (formerly Azure AD) identity controls, Azure RBAC, network security groups, storage account configurations, and the Microsoft Secure Score posture — without exploiting identified misconfigurations.

Entra ID / Azure AD: Conditional Access policy review, MFA enforcement gaps, privileged role assignments (Global Admin, Application Admin, Privileged Role Admin enumeration), guest user access review, service principal secret/certificate expiry, App Registration permission scopes
Azure RBAC: Over-privileged role assignments, Owner/Contributor role breadth, custom role misconfiguration, management group scope analysis
Storage Accounts: Public blob access detection, HTTPS-only enforcement, shared access signature (SAS) token policy review, soft delete and versioning status
Network: NSG rule analysis, Azure Firewall policy review, virtual network peering exposure, ExpressRoute and VPN gateway configuration
Compute: VM extension review, Just-in-time (JIT) VM access enablement, disk encryption status, public IP exposure
Defender for Cloud: Secure Score review, compliance posture (CIS, PCI, NIST), Defender plan enablement gaps
Key Vault: Access policy review, soft delete enablement, key/secret expiry, network access restrictions
Automated tools: Microsoft Secure Score, Defender for Cloud, BloodHound for Azure (AzureHound — read-only collection), Prowler, ScoutSuite, Monkey365

◼ PT — Azure

Azure PT — Identity and Resource Exploitation

Entra ID attacks: Password spray against Entra ID (including legacy authentication protocols), MFA bypass via adversary-in-the-middle phishing proxy (Evilginx2), consent phishing (OAuth app grant exploitation)
Service Principal abuse: Exploiting over-privileged app registrations, SP credential theft, Azure AD token theft via device code phishing
RBAC exploitation: Privilege escalation via over-permissive custom roles, management group scope escalation
Managed Identity abuse: Accessing IMDS endpoint on Azure VMs (http://169.254.169.254/metadata/identity/oauth2/token) to obtain managed identity tokens
Storage account exploitation: Accessing publicly exposed blobs, exploiting misconfigured SAS tokens
Azure persistence: Backdoor App Registrations, hidden role assignments, rogue service principals
Pass-the-PRT: Exploiting Primary Refresh Tokens from Entra ID-joined devices

⚠ Azure Testing Policy: Microsoft requires customers to submit a Penetration Testing Notification (available via the Microsoft Unified Support portal) for tests that target Azure infrastructure. Failure to notify may result in automatic mitigation by Microsoft Defender for Cloud or account suspension. This notification is mandatory and separate from the client RoE.

◼ VA Boundary — Azure

Tipping Points

Activity	Classification	Rationale
Running AzureHound to collect Entra ID relationships (read-only)	GREY	Uses legitimate LDAP/REST calls with authorised credentials; produces attack path intelligence. Classify as VA only if explicitly agreed and credentials are non-privileged
Using AzureHound attack paths to escalate privileges in Entra ID	PT	Active exploitation of identified attack path
Identifying a storage account with public blob access enabled	VA	Configuration detection
Downloading data from publicly accessible blob container	PT	Active data access — requires RoE coverage even if technically public
Reviewing Conditional Access policies for gaps	VA	Policy analysis via read-only API/portal
Demonstrating MFA bypass via Evilginx2 proxy against test user	PT	Active attack simulation — requires test user credentials and RoE
Enumerating Global Admin accounts via Entra ID portal/API	VA	Read-only directory query with authorised access
Attempting password spray against Global Admin accounts	PT	Active credential attack — exploitation

◼ PT Boundary — Azure

Any authentication attempt beyond the tester's assigned test account credentials
Any exploitation of Managed Identity IMDS to obtain tokens
Any modification of RBAC assignments, Conditional Access policies, or Entra ID configurations
Any storage account data access beyond explicitly authorised test containers
Any App Registration modification or new service principal creation

Mandatory: Microsoft Penetration Testing Notification must be filed before PT commences. The RoE must reference the Microsoft notification confirmation number.

☁️

Domain 7 — Cloud: Google Cloud Platform (GCP)

GCP IAM · GCS · Compute Engine

◼ VA — GCP

GCP VA — Definition & Permitted Activities

GCP VA evaluates the security posture of Google Cloud environments against GCP-specific security controls, with emphasis on IAM policy overpermissiveness, service account misuse risk, network exposure, GCS bucket configurations, and Workspace/Google Identity integration risks.

IAM: Service account key proliferation detection, default service account usage identification, over-permissive IAM bindings (primitive roles: Owner, Editor on production projects), workload identity federation review
GCS Buckets: Public access detection, IAM policy vs. ACL analysis, uniform bucket-level access enforcement, retention policy review
Compute Engine: Instance metadata API exposure assessment, OS Login vs. SSH key management, default service account with Editor role on compute instances, firewall rule review (0.0.0.0/0 ingress)
GKE: Cluster access control (private endpoint, public endpoint with authorised networks), RBAC review, workload identity configuration, legacy metadata API enablement check
Logging/Monitoring: Cloud Audit Log enablement (Admin Activity, Data Access, System Event), Security Command Center findings review, Log sink configuration
Automated tools: GCP Security Command Center, Forseti Security, Prowler (GCP module), ScoutSuite, Checkov (Terraform/GCP IaC)

◼ PT — GCP

GCP PT — Service Account and Resource Exploitation

Service account key exploitation: Using leaked/discovered service account keys to authenticate as high-privilege service accounts
Metadata API exploitation: Accessing http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/ to retrieve service account tokens from Compute Engine instances
IAM privilege escalation: Exploiting iam.serviceAccounts.actAs, iam.serviceAccountKeys.create, or resourcemanager.projects.setIamPolicy to escalate privileges
GCS data access: Accessing publicly exposed or misconfigured GCS bucket contents
GKE exploitation: Exploiting misconfigured RBAC or workload identity to gain cluster-admin privileges
Cloud Functions abuse: Exploiting over-permissive service accounts attached to Cloud Functions
Org-level privilege escalation: Exploiting organisation-level IAM bindings to gain cross-project access

⚠ GCP Testing Policy: Google Cloud requires notification for penetration tests that may affect shared infrastructure. Contact Google Cloud Security via the vulnerability disclosure program for guidance. Customer-owned GCP resources can generally be tested without prior GCP notification, but shared services (e.g., Cloud CDN, Cloud Interconnect) require explicit approval. GCP's terms of service prohibit any testing that disrupts service availability or affects other customers.

◼ VA Boundary — GCP

Activity	Classification	Rationale
Reviewing IAM policies for default service accounts with Editor role	VA	Read-only policy analysis
Using default service account to access project resources beyond test scope	PT	Active exploitation of excessive permissions
Identifying Compute Engine instance with legacy metadata API enabled	VA	Configuration finding
Accessing metadata API to retrieve service account token	PT	Active credential theft from cloud metadata
Identifying public GCS bucket via SCC or Prowler	VA	Configuration assessment finding
Listing/downloading data from public GCS bucket	PT	Data access requiring RoE coverage

◼ PT Boundary — GCP

Any API call that impersonates a service account beyond the tester's assigned identity
Any metadata API access for credential retrieval
Any GCS bucket data access beyond authorised test buckets
Any modification of IAM bindings, organisation policies, or project-level resources
Any GKE cluster access beyond the tester's authorised kubeconfig credentials

🔀

Domain 8 — Cloud: Other / Hybrid / Multi-Cloud

Oracle Cloud · IBM Cloud · Private Cloud · Multi-Cloud

◼ VA — Hybrid & Other Cloud

Hybrid Cloud VA — Definition & Scope Considerations

Hybrid and multi-cloud environments introduce unique VA complexity due to the intersection of multiple cloud providers' shared responsibility models, on-premises infrastructure, and cloud-to-cloud and cloud-to-on-premises connectivity. VA must address each cloud platform independently while also assessing cross-environment security controls — particularly identity federation, network transit zones, and data classification consistency.

Oracle Cloud Infrastructure (OCI): Compartment structure and IAM policy review, VCN security list and NSG assessment, Object Storage bucket access review, Vault key management configuration, Audit Log enablement
IBM Cloud: IAM policy and access group review, Cloud Object Storage (COS) bucket exposure, Virtual Private Cloud (VPC) security group analysis, Key Protect/HPCS configuration
Private Cloud (VMware vSphere, OpenStack, Nutanix): Hypervisor patch level, vCenter/vSphere access control review, inter-VM network segmentation, snapshot and backup exposure, management network isolation
Multi-Cloud Connectivity: Transit gateway and peering configuration review, cloud-to-on-premises VPN/ExpressRoute/Direct Connect encryption and routing assessment, cross-cloud identity federation (SSO/SAML integration weaknesses)
Cloud Security Posture Management (CSPM): Centralised CSPM tool coverage (Wiz, Orca, Prisma Cloud, Defender for Cloud multi-cloud) — findings review and gap analysis
Container Orchestration: Kubernetes configuration review (API server exposure, RBAC, network policies, Pod Security Standards, admission controllers) across all cloud platforms
Hybrid Identity: Azure AD Connect / Entra Connect sync configuration review, ADFS security assessment, LDAP-to-cloud bridge misconfiguration detection

⚠ Scope Complexity: In multi-cloud environments, the RoE must individually address each cloud provider's testing notification requirements, specify the account/subscription/project identifiers per provider, and identify which cross-cloud transit paths are in scope. A single misconfigured cross-cloud trust relationship can enable lateral movement across the entire hybrid estate — this must be explicitly addressed in both VA findings and PT authorisation.

◼ PT — Hybrid & Other Cloud

Hybrid Cloud PT — Cross-Environment Attack Simulation

Hybrid cloud PT is among the most complex engagement types, as it may involve attack chains that traverse on-premises Active Directory, cloud identity systems, network transit zones, and multiple cloud environments. The attack surface is the intersection of all connected environments.

Hybrid identity attacks: Exploiting Azure AD Connect sync accounts (MSOL account, ADSyncAccount) to move from on-premises to Azure cloud; ADFS golden SAML attacks
Cloud-to-on-premises pivoting: Using cloud-hosted resources with site-to-site VPN access to pivot into on-premises networks
Cross-cloud trust exploitation: Abusing cross-cloud federated identity trust relationships to gain access from one cloud provider to another
Container escape and cluster takeover: Pod breakout to node-level access, RBAC privilege escalation to cluster-admin across any Kubernetes deployment
Private cloud hypervisor exploitation: vCenter credential attack, VM escape (theoretical; only in isolated lab environments), snapshot and backup access
CSPM tool access exploitation: If CSPM platforms have read-all permissions across clouds, gaining access to CSPM credentials grants visibility across the entire multi-cloud estate — high-value target in PT

◼ VA Boundary — Hybrid Cloud

Key Grey Zone — Cross-Cloud Transit Assessment: Reviewing the configuration of cross-cloud VPN tunnels, peering connections, and transit gateways is a VA activity. However, the moment a tester attempts to send traffic through those paths to reach systems in another cloud environment, the activity becomes PT. The tipping point is traffic initiation, not configuration review.

Activity	Classification	Rationale
Reviewing Azure AD Connect configuration for MSOL account permissions	VA	Read-only configuration review
Using MSOL account credentials to extract on-premises AD hashes	PT	Active hybrid identity exploitation
Identifying cross-cloud VPN tunnel configuration weaknesses	VA	Configuration analysis
Using cross-cloud VPN access to scan or pivot into adjacent cloud	PT	Active lateral movement across cloud boundary
Reviewing Kubernetes RBAC policies for cluster-admin over-assignment	VA	Configuration review
Exploiting misconfigured RBAC to gain cluster-admin access	PT	Active Kubernetes privilege escalation

◼ PT Boundary — Hybrid Cloud

Any attempt to traverse cloud boundaries using identified trust relationships or transit paths
Any exploitation of hybrid identity mechanisms (ADFS, Azure AD Connect, SAML trusts)
Any container escape or Kubernetes cluster-admin exploitation
Any hypervisor-level access attempts in private cloud environments

Multi-cloud PT requires a consolidated RoE that is acknowledged by the security lead at each constituent cloud provider account, the network team responsible for transit connectivity, and the on-premises infrastructure owner. Missing acknowledgement from any of these parties creates legal exposure for the tester if activities in that environment are subsequently challenged.

🤖

Domain 9 — AI / ML Systems

LLMs · MLOps · Model Security

◼ VA — AI/ML Systems

AI/ML VA — Definition & Scope

AI/ML security VA is an emerging discipline that applies security assessment principles to machine learning models, training pipelines, inference infrastructure, and LLM-integrated applications. The threat model for AI/ML systems differs significantly from traditional software — attacks may target model behaviour (adversarial inputs, prompt injection) rather than underlying infrastructure, and impacts may include model output manipulation, training data extraction, or model theft.

VA in this domain focuses on identifying attack surfaces and misconfigurations without actively conducting adversarial attacks that manipulate model behaviour or extract training data.

Model Exposure Assessment: Identifying publicly exposed model APIs, model card information disclosure, model versioning policy review
MLOps Pipeline Review: Training data storage access controls (S3/GCS/Azure Data Lake for training datasets), model registry access controls (MLflow, Vertex AI, SageMaker Model Registry), CI/CD pipeline security for ML workflows
Inference Infrastructure: API authentication enforcement on model inference endpoints, rate limiting, input validation controls, logging and monitoring of inference requests
LLM Application Review: Identifying prompt injection vulnerability patterns in system prompts, reviewing LLM output handling for downstream injection risks, assessing tool/function call authorisation in agentic LLM systems
Data Security: Training data access controls, PII presence in training datasets (DPDP Act / GDPR relevance), embedding and vector database security
Supply Chain: Third-party model provenance review (Hugging Face model card review, pickle file safety), dependency scanning for ML frameworks (PyTorch, TensorFlow, scikit-learn CVE mapping)
Compliance: EU AI Act risk tier assessment, NIST AI RMF alignment review, OWASP LLM Top 10 (2023) gap analysis

OWASP LLM Top 10 2023 NIST AI RMF 1.0 EU AI Act (Risk Classification) MITRE ATLAS DPDP Act 2023

◼ PT — AI/ML Systems

AI/ML PT — Adversarial Model & Pipeline Exploitation

AI/ML PT involves controlled adversarial testing of model behaviour and ML infrastructure to confirm real-world attack viability. This is a rapidly evolving domain and engagement scopes must be defined with precision — model behavioural attacks are fundamentally different from infrastructure exploitation and require specialist expertise.

Prompt Injection (Direct & Indirect): Crafting inputs that override system prompts, manipulate LLM behaviour, exfiltrate context window data, or cause the model to perform unintended actions (OWASP LLM01)
Jailbreaking: Systematic attempts to bypass safety guardrails and content filters in LLMs using adversarial prompt engineering techniques (DAN, many-shot jailbreaking, etc.) — confirming that guardrail bypass is achievable
Training Data Extraction: Using membership inference and extraction attacks to reconstruct training data from model outputs (requires strict RoE limiting extracted data volume and type)
Model Inversion: Reconstructing input characteristics from model outputs — relevant for models trained on sensitive data (medical records, financial profiles)
Adversarial Examples: Crafting perturbed inputs that cause systematic model misclassification (relevant for image recognition, fraud detection, security monitoring ML models)
Supply Chain: Malicious Model Loading: Demonstrating pickle-based RCE through malicious model file loading (in isolated test environment only)
Agentic System Exploitation: Exploiting tool-calling, RAG retrieval, or agent orchestration mechanisms to achieve unintended actions in agentic LLM systems
MLOps Pipeline Exploitation: Exploiting misconfigured CI/CD pipelines to inject malicious code into training workflows or model serving infrastructure

⚠ Legal Warning — AI-Specific Considerations: Under the EU AI Act (applicable to India-based organisations deploying AI in the EU), adversarial testing of high-risk AI systems must be documented and may be subject to conformity assessment requirements. Under DPDP Act 2023, training data extraction attacks that surface personal data constitute a data breach. The RoE for AI/ML PT must specify: maximum data extraction volume, synthetic vs. real training data environment, and prohibition on publishing extracted data or model weights.

⚠ Emerging Domain Note: AI/ML security testing methodology is not yet standardised at the same maturity level as web or network PT. Engagements in this domain should reference MITRE ATLAS (Adversarial Threat Landscape for AI Systems) as the attack taxonomy, NIST AI RMF for risk framing, and OWASP LLM Top 10 for LLM-specific vulnerabilities. Testers must have demonstrated ML security expertise — applying traditional PT methodology to AI systems without domain specialisation creates significant risk of both false negatives and unintended model damage.

◼ VA Boundary — AI/ML Systems

Activity	Classification	Rationale
Reviewing LLM system prompt for injection vulnerability patterns	VA	Configuration/design review without active injection
Sending crafted prompts to override system prompt behaviour	PT	Active adversarial prompt injection
Reviewing model API for absence of rate limiting and input validation	VA	Control assessment without exploitation
Executing jailbreak sequences to confirm safety guardrail bypass	PT	Active exploitation of model safety controls
Reviewing Hugging Face model card for pickle-based model safety	VA	Supply chain risk assessment — documentation review
Loading a malicious pickle file to demonstrate RCE in test environment	PT	Active exploitation — requires isolated environment and RoE
Reviewing OWASP LLM Top 10 checklist against application design	VA	Design-level gap analysis — no active testing
Submitting membership inference queries to detect training data presence	GREY	Non-destructive statistical queries; may surface training data — classify as PT if sensitive data is targeted

◼ PT Boundary — AI/ML Systems

Any active prompt injection or jailbreaking attempt against a deployed LLM
Any adversarial example generation targeting production model behaviour
Any training data extraction or membership inference attack
Any agentic system manipulation that causes the AI agent to perform unintended actions
Any malicious model file loading or ML supply chain attack simulation

The RoE for AI/ML PT must additionally specify: the model version and deployment environment, maximum number of inference requests permitted (to prevent unintended model fine-tuning effects in online learning systems), data extraction volume caps, and researcher/tester qualification requirements.

⚙️

Domain 10 — IoT / OT / Embedded Systems

SCADA · ICS · IoT · Firmware

◼ VA — IoT/OT/Embedded

IoT/OT VA — Definition & Permitted Activities

IoT/OT/Embedded security VA is the highest-risk assessment domain due to the potential for physical harm, operational disruption, and safety system failure. VA in this domain must be conducted with extreme caution — many VA-level activities that are routine in IT environments may be dangerous or damaging in OT/ICS environments due to the real-time operational nature of these systems. The principle of least-disruptive assessment governs all OT VA activities.

Asset Inventory & Discovery: Passive network monitoring using OT-safe discovery tools (Claroty, Dragos, Nozomi Networks in passive sensor mode — NOT active scanning) to identify OT assets without sending crafted packets
Architecture Review: Network diagram analysis, IT/OT segmentation (Purdue Model level assessment), DMZ design review, historian and SCADA communication path analysis
Protocol Analysis (Passive): Monitoring industrial protocols (Modbus, DNP3, IEC 60870-5-104, PROFINET, EtherNet/IP, OPC-UA) via network tap without injecting traffic
Configuration Review (Offline/Provided): PLC/RTU configuration file review (where provided), HMI software configuration assessment, engineering workstation review
Firmware Analysis (Offline): Binary firmware extraction and analysis using Binwalk, FACT, Ghidra — identifying hardcoded credentials, backdoors, vulnerable components without running modified firmware on production devices
Physical Security: Visual inspection of physical access controls, console port exposure, debug port accessibility (JTAG, UART — without connecting)
Wireless: RF spectrum survey to detect unauthorised wireless devices, Zigbee/Z-Wave/LoRa protocol enumeration (passive)
Compliance: IEC 62443 security level assessment, NERC CIP compliance gap review (for energy sector), ISA/IEC 62443 SL-1 to SL-4 gap analysis

⚠ Critical OT Safety Warning: Active vulnerability scanning (Nmap, Nessus, etc.) against OT/ICS devices is explicitly prohibited in VA scope unless validated against an offline test environment with identical hardware. Many PLCs and industrial controllers will crash, lock up, or enter fail-safe states when receiving unsolicited network traffic. Under the IT Act Section 66F, disruption of systems related to critical infrastructure (power grids, water treatment, oil and gas, nuclear facilities) constitutes cyber terrorism. This is not a theoretical risk — documented incidents exist of ICS crashes caused by standard IT security scanners.

IEC 62443 (ISA/IEC) NIST SP 800-82 Rev3 NERC CIP (Energy Sector) MITRE ATT&CK for ICS OWASP IoT Security Testing Guide NCIIPC Critical Infrastructure Guidelines

◼ PT — IoT/OT/Embedded

IoT/OT PT — Controlled Adversarial Testing

OT/ICS PT is the most heavily constrained PT domain due to physical safety implications. In most cases, PT against live production OT systems is not recommended. Instead, PT should be conducted against: isolated lab replicas, offline test environments, or decommissioned equipment. Where live system PT is unavoidable (e.g., commissioned by critical infrastructure operators under regulatory mandate), it must follow NIST SP 800-82 and IEC 62443 testing guidelines with operations team co-presence and an immediate abort mechanism.

IoT Device PT (Consumer/Enterprise IoT — non-OT):
- Hardware exploitation: JTAG/UART debug port access for root shell, SPI/I2C flash extraction and analysis
- Firmware extraction from physical device (flash chip reading) and emulation for further analysis
- Bootloader security bypass (U-Boot unauthenticated console, secure boot bypass)
- Default credential exploitation on device web interfaces and telnet/SSH
- API backend PT (same as Domain 2 — APIs, but against the device's cloud backend)
- Radio protocol exploitation: Zigbee network join without authentication, Z-Wave S0 downgrade, BLE pairing bypass, WiFi deauthentication attacks
OT/ICS PT (Lab Environment Only):
- Modbus command injection to test for unauthorised register read/write (on isolated hardware)
- DNP3 protocol exploitation (authentication bypass, function code abuse)
- HMI exploitation (client-side attacks on engineering workstations)
- Historian server exploitation (OSIsoft PI, GE Proficy — known CVE exploitation in lab)
- SCADA software exploitation (WinCC, iFIX, Ignition — in isolated environment)
- Network zone bridging demonstration (confirming IT-to-OT lateral movement path)

⚠ Legal Warning — OT/ICS PT: Any disruption to operational technology systems supporting power generation, water treatment, oil and gas, transportation, healthcare, or nuclear operations carries criminal liability under IT Act Section 66F (India), the Critical Infrastructures Protection Act provisions, and equivalent national cybersecurity laws. Under NCIIPC guidelines, testing of Critical Information Infrastructure (CII) requires NCIIPC coordination. PT against live OT without NCIIPC awareness in India is inadvisable regardless of client authorisation.

◼ VA Boundary — IoT/OT/Embedded

Activity	Classification	Rationale
Passive network monitoring of OT protocol traffic via network tap	VA	Non-intrusive observation — no traffic injection
Active Nmap scan against PLC/RTU devices	PT	DANGEROUS: may cause device crash; requires isolated environment and OT engineer co-presence
Offline firmware binary analysis (extracted image provided)	VA	Static analysis of provided artefact — no device interaction
Extracting firmware from physical device via JTAG	PT	Physical hardware interaction — exploitation of debug interface
Reviewing device web interface for default credentials	VA	Identification of credential risk without login attempt
Logging into device interface with default admin:admin credentials	PT	Active authentication exploitation
Identifying unencrypted Modbus traffic via passive capture	VA	Protocol analysis — observation only
Injecting Modbus commands into OT network traffic	PT	Active ICS protocol attack — live OT environment strictly prohibited without special authorisation
Reviewing JTAG/UART port exposure on physical device (visual inspection)	VA	Physical observation without connecting
Connecting JTAG adapter to obtain debug shell access	PT	Hardware exploitation — PT activity

◼ PT Boundary — IoT/OT/Embedded

Any traffic injection into OT/ICS networks (even for testing purposes)
Any authentication attempt against production OT devices
Any physical hardware interface connection (JTAG, UART, SPI) without hardware-specific RoE
Any radio protocol attack in operating frequency bands (must comply with Wireless Telegraphy Act / DoT regulations in India)
Any firmware modification on production or operational devices

IoT/OT PT requires: dedicated hardware test environment provision in the RoE, OT engineering team co-presence during testing, defined system state monitoring and abort triggers (e.g., process alarm thresholds), Wireless Telegraphy authorisation for RF testing, and — for Critical Information Infrastructure in India — NCIIPC coordination prior to engagement.

➕

Domain 11 — Additional Enterprise Attack Surfaces

Social Engineering · Mobile · CI/CD · Physical · Supply Chain

11A — Social Engineering & Phishing

◼ VA

VA scope: Email gateway security configuration review (SPF, DKIM, DMARC, sandboxing), phishing simulation platform configuration review, security awareness programme gap analysis, OSINT-based staff profile enumeration (LinkedIn, WHOIS, breach database correlation — passive), pretexting scenario design documentation review.

◼ PT

PT scope: Spear phishing campaigns against target employees (credential harvesting, malware delivery simulation), vishing (voice phishing) against help desk, pretexting for physical access, business email compromise (BEC) simulation. MANDATORY: Social engineering PT requires individual-level or role-level written authorisation from HR and Legal (not just IT). Without this, employees may have legal recourse. Under DPDP Act 2023, phishing simulations that capture employee credentials must operate under data processor agreements and data must be deleted post-engagement.

⚠ Legal Boundary: Simulated phishing that misleads employees into believing a real data breach has occurred may constitute harassment or cause psychological harm. RoE must specify debrief procedures and prohibit punitive use of simulation results against individual employees.

11B — Mobile Applications (iOS & Android)

◼ VA

VA scope: Static application analysis (APK/IPA analysis using MobSF, jadx, Frida-based static hooking analysis), OWASP MASVS/MASTG compliance review, certificate pinning implementation review, application permission model review, sensitive data at rest/in transit analysis (metadata only — not decrypting protected data), third-party SDK security review.

◼ PT

PT scope: Runtime manipulation (Frida-based hooking to bypass certificate pinning, root/jailbreak detection bypass), traffic interception (MitM via Burp with pinning bypass), authentication token theft from device storage, deep link exploitation, inter-app communication (Intent) exploitation on Android, keychain/keystore exploitation on iOS.

OWASP MASVS 2.0 OWASP MASTG NIST SP 800-163

11C — CI/CD Pipelines & DevSecOps Supply Chain

◼ VA

VA scope: GitHub/GitLab/Bitbucket repository secret scanning (TruffleHog, GitLeaks — for exposed credentials), branch protection policy review, CI/CD pipeline configuration review (GitHub Actions, Jenkins, GitLab CI, Azure DevOps), container image scanning (Trivy, Grype — CVE mapping), Infrastructure-as-Code (IaC) security scanning (Checkov, tfsec, Semgrep), dependency vulnerability scanning (Snyk, OWASP Dependency-Check), SBOM generation and third-party component risk review.

◼ PT

PT scope: Pipeline injection (injecting commands via vulnerable pipeline configuration — e.g., GitHub Actions expression injection), secrets extraction from CI environment variables, artifact tampering to inject malicious code into build outputs, dependency confusion attack simulation, container escape from CI runner environments, exploitation of OIDC token misconfiguration in cloud-connected pipelines.

⚠ Supply Chain Risk: CI/CD PT is a high-blast-radius activity — a successful pipeline injection during testing can affect all downstream artifact consumers. PT against CI/CD pipelines must be performed in isolated pipeline environments cloned from production, never against production build pipelines, unless the client has explicitly accepted production deployment risk in the RoE.

11D — Physical Security Testing

◼ VA

VA scope: Physical security policy review, CCTV coverage gap analysis (from documentation/floor plans), access control system configuration review (badge reader placement, tailgating prevention design), server room and data centre physical access review (policy and documentation-based), visitor management process review.

◼ PT

PT scope: Tailgating attempts to breach access-controlled zones, badge cloning (HID/RFID clone attacks using authorised test equipment), lock picking and physical bypass of door controls (where explicitly in scope), dropping rogue devices (HID devices, network taps) — requires on-person authorisation letter at all times. CRITICAL: Physical PT testers must carry a signed, timestamped authorisation letter identifying them as security testers. Without this document, physical access attempts are criminal trespass. Premises security personnel must have an escalation contact available 24/7.

11E — Third-Party / Supply Chain Risk (Vendor VAPT)

◼ VA

VA scope: Third-party vendor security questionnaire review (SIG Lite, CAIQ), vendor SOC 2 Type II and ISO 27001 certificate review, publicly available security posture assessment (Bitsight, SecurityScorecard, UpGuard — passive scanning of vendor perimeter), contractual security obligation review (DPA, MSA security clauses), fourth-party risk identification.

◼ PT

Performing PT against vendor systems requires explicit written authorisation from the vendor — client authorisation alone is insufficient. If the vendor's systems are part of an integrated platform serving the client, a three-party RoE (client, vendor, testing team) is required. PT of vendor systems without vendor authorisation constitutes an attack on a third party's computer systems regardless of the client's data processing relationship with the vendor.

Part IV · Grey-Zone Reference

Consolidated Grey-Zone Activity Index

The following activities are consistently misclassified in enterprise engagements. This index provides definitive classification guidance with explicit tipping points. Tester teams should review this section before commencing any engagement where activity classification is ambiguous.

⚖️

Grey-Zone Activity Classification Reference

Activity	Default Classification	Tipping Point to PT
OSINT / Passive Reconnaissance Shodan, Censys, LinkedIn enumeration, breach database correlation	VA	Using OSINT intelligence to directly conduct an attack (e.g., using breach credential to authenticate) → PT
Automated DAST Scanning ZAP, Burp Suite scan mode, Nikto	VA	Scanner configured to actively exploit findings (Burp Suite's active scan with exploit confirmation) → PT
Fuzzing Sending malformed/random inputs to identify crashes or unexpected behaviour	CONTEXT-DEPENDENT	Coverage-guided fuzzing to identify crash paths (VA if no exploitation). Using crash to achieve RCE → PT. Fuzzing OT/ICS devices → ALWAYS PT (safety risk)
DNS Zone Transfer `dig AXFR @nameserver domain.com`	VA	Using zone transfer results to identify attack targets and proceeding to exploit → PT. Zone transfer itself is a protocol test — VA.
Directory Brute-Forcing Dirsearch, Gobuster, Feroxbuster	VA	Accessing discovered sensitive directories/files to read their contents → PT
Credential Stuffing / Spraying Attempts Testing known breach credentials against login portals	PT	Always PT — active authentication attack. No number of "passive" framing changes this classification.
BloodHound / AzureHound Collection LDAP-based AD/Entra enumeration	GREY	Collection with authorised credentials = grey (acceptable as VA if explicitly agreed). Using attack paths to exploit = PT.
Responder / LLMNR Listening Passive mode: observing LLMNR traffic without responding	VA	Responding to LLMNR queries to capture NTLM hashes = PT (active credential interception)
SQLi Error Probes via Scanner Sending `'`, `1=1` payloads to detect SQLi	VA	Sending `UNION SELECT`, `SLEEP()`, or OUT FILE payloads to confirm exploitation → PT
S3 Public Bucket Listing `aws s3 ls s3://public-bucket`	GREY	Listing contents (VA if agreed). Downloading data files → PT (data access). Must be explicitly agreed in RoE even if technically public.
LLM Prompt Testing Sending unusual prompts to identify injection potential	VA	Systematic adversarial prompts designed to extract context window data or bypass safety guardrails → PT
GraphQL Introspection	VA	Using introspection results to access hidden endpoints or test authorisation controls → PT
IMDSv1 Endpoint Access Accessing `http://169.254.169.254/`	PT	Always PT — IMDS access from within a cloud instance retrieves live IAM credentials. Requires explicit RoE.
Network Port Scanning (Internal) Nmap SYN scan within authorised internal ranges	VA	Using scan results to target and exploit services → PT. Scanning OT/ICS devices → ALWAYS PT (safety risk). Must verify OT device exclusion list before scan.
Physical Badge Cloning Reading badge RF signal	PT	Always PT — involves use of specialised equipment to clone access credentials. Reading the RF signal passively without intent to clone = grey, but impractical distinction in practice.

📌

Practitioner's Summary — Non-Negotiable Principles

The following principles supersede all other guidance in this document and must be treated as absolute constraints across all domains, all engagement types, and all jurisdictions:

No written RoE = No PT. This is a legal absolute, not a best practice recommendation. Any exploitation activity without a signed RoE is an unauthorised intrusion, regardless of client verbal authorisation, existing relationship, or good faith intent.
Scope is a legal boundary, not a technical constraint. The ability to reach a system does not create the right to test it. IP adjacency, shared infrastructure, and network connectivity to out-of-scope systems do not authorise testing.
VA stops at confirmation of impact. The moment an action confirms that a vulnerability is exploitable by producing a measurable effect (data retrieved, access granted, command executed), the VA boundary has been crossed. This is true regardless of the tool used.
Cloud testing requires cloud provider compliance, not just client authorisation. AWS, Azure, and GCP each have testing policies that operate independently of client authorisation. Violation of these policies may result in account suspension regardless of the client relationship.
OT/ICS systems must never be actively scanned or tested in production without a safety engineer present and an immediate abort mechanism. This is a safety requirement, not a security preference.
Personal data accessed during VAPT is subject to DPDP Act 2023 and GDPR obligations. The testing context does not create a lawful basis for processing personal data beyond what is strictly necessary. RoEs must address data minimisation, synthetic data use, and evidence destruction procedures.
Classification uncertainty = treat as PT. When any activity falls in a grey zone and the tester is uncertain of its classification, it must be treated as PT-level and proceed only with written RoE authorisation.