# Veylant IA — Pentest Scope & Rules of Engagement **Sprint 12 / Milestone 5 — Grey Box Assessment** **Planned window:** 2026-06-09 → 2026-06-20 (2 weeks) --- ## 1. Objectives Validate the security posture of the Veylant IA platform before the Go/No-Go production decision (Sprint 13). Identify vulnerabilities rated CVSS ≥ 7.0 (High) and confirm that: - Authentication and authorisation cannot be bypassed - PII pseudonyms cannot be extracted or reversed from API responses alone - Multi-tenant isolation holds (tenant A cannot read tenant B's data) - Rate limiting and circuit breakers withstand realistic abuse patterns - The Playground public endpoint cannot be leveraged for further attacks --- ## 2. Target Scope ### In Scope | Component | URL / Host | Port(s) | |-----------|-----------|---------| | Proxy API (staging) | `api-staging.veylant.ai` | 443 (HTTPS) | | PII sidecar | `api-staging.veylant.ai` (via proxy only) | — | | Admin API | `api-staging.veylant.ai/v1/admin/*` | 443 | | Public Playground | `api-staging.veylant.ai/playground` | 443 | | Keycloak IAM | `auth-staging.veylant.ai` | 443 | | Kubernetes cluster (read-only namespace scan) | Staging cluster only | — | | PostgreSQL (via proxy only — no direct DB access) | — | — | ### Out of Scope - Production environment (`api.veylant.ai`) — **strictly off-limits** - ClickHouse and Redis (no public exposure; internal network only) - HashiCorp Vault (managed externally by ops team) - Physical infrastructure - Social engineering / phishing against employees - DoS/DDoS against production or shared infrastructure --- ## 3. Assessment Type **Grey Box** — the pentester receives: | Provided | Not provided | |---------|-------------| | Keycloak credentials for 4 test accounts (admin, manager, user, auditor roles) | Go source code | | OpenAPI 3.1 spec (`/docs/openapi.yaml`) | Database schema | | Integration guide (`docs/integration-guide.md`) | Internal network access | | Admin guide (`docs/admin-guide.md`) | Vault tokens | --- ## 4. Priority Attack Surfaces ### 4.1 Authentication & JWT - JWT algorithm confusion (HS256 vs RS256) - Expired or malformed token acceptance - Missing claims (`tenant_id`, `roles`) — fail-safe behaviour - OIDC issuer URL substitution ### 4.2 Multi-Tenant Isolation - Access to another tenant's audit logs via `/v1/admin/logs?tenant_id=…` - Cross-tenant policy mutation via `/v1/admin/policies` - GDPR erasure of another tenant's user ### 4.3 RBAC Bypass - Privilege escalation from `user` → `admin` via role manipulation - Auditor accessing `/v1/chat/completions` (should 403) - Requesting a restricted model as a `user`-role token ### 4.4 PII Service - Submitting payloads designed to extract or brute-force pseudonyms - Bypassing PII with Unicode homoglyphs, zero-width chars, etc. - Injecting prompt content that survives anonymization ### 4.5 Public Playground (`/playground/analyze`) - Rate limit bypass (spoofed IPs, X-Forwarded-For header) - SSRF via crafted `text` content - Data exfiltration via error messages ### 4.6 Injection - SQL injection in filter params (`/v1/admin/logs?provider=`, etc.) - Header injection (newline in model name, etc.) - Path traversal in admin endpoints ### 4.7 Security Headers - CSP bypass for dashboard routes - CORS misconfiguration (verify allowed origins enforcement) - HSTS preload validity --- ## 5. Rules of Engagement 1. **No DoS against production** — load must remain under 5 req/s against staging 2. **No data exfiltration** — do not extract real user data; staging test data only 3. **No social engineering** — testing of technical controls only 4. **Scope boundary** — immediately stop and notify contact if production is inadvertently reached 5. **Disclosure** — all findings disclosed within 24h of discovery to security contact 6. **Credential handling** — provided test credentials must not be shared; rotated post-pentest --- ## 6. Contacts | Role | Name | Contact | |------|------|---------| | Security contact (pentest lead) | TBD | security@veylant.ai | | Technical contact | David (CTO) | david@veylant.ai | | Keycloak credential issuance | Ops team | ops@veylant.ai | --- ## 7. Timeline | Date | Milestone | |------|-----------| | 2026-06-09 | Kick-off call; credentials provided | | 2026-06-09→13 | Reconnaissance & automated scanning | | 2026-06-14→18 | Manual exploitation & chaining | | 2026-06-19 | Debrief call; preliminary findings shared | | 2026-06-26 | Final report delivered | | 2026-06-30 | Remediation deadline for Critical/High | --- ## 8. Deliverables The pentester must deliver: 1. **Executive summary** (1–2 pages, non-technical, CVSS risk heatmap) 2. **Technical report** — one section per finding: - CVSS v3.1 score + vector - Reproduction steps (curl/code) - PoC for Critical and High severity - Recommended remediation 3. **Retest report** — confirm fixes after remediation (within 1 week of fixes) **Format:** PDF + raw findings in Markdown (for import into Linear backlog) --- ## 9. Acceptance Criteria for Sprint 13 Go/No-Go | Criterion | Target | |-----------|--------| | Critical findings | 0 open | | High findings | 0 open (or accepted with compensating controls) | | Medium findings | < 3 open, all with mitigation plan | | Report delivered | ≥ 7 days before Sprint 13 review |