David/veylant
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7dfb4e84f4
veylant/docs/pentest-scope.md
David 6b1ba49922 First commit
2026-02-23 13:35:04 +01:00

156 lines
5.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Veylant IA — Pentest Scope & Rules of Engagement
**Sprint 12 / Milestone 5 — Grey Box Assessment**
**Planned window:** 2026-06-09 → 2026-06-20 (2 weeks)
---
## 1. Objectives
Validate the security posture of the Veylant IA platform before the Go/No-Go production decision (Sprint 13). Identify vulnerabilities rated CVSS ≥ 7.0 (High) and confirm that:
- Authentication and authorisation cannot be bypassed
- PII pseudonyms cannot be extracted or reversed from API responses alone
- Multi-tenant isolation holds (tenant A cannot read tenant B's data)
- Rate limiting and circuit breakers withstand realistic abuse patterns
- The Playground public endpoint cannot be leveraged for further attacks
---
## 2. Target Scope
### In Scope
| Component | URL / Host | Port(s) |
|-----------|-----------|---------|
| Proxy API (staging) | `api-staging.veylant.ai` | 443 (HTTPS) |
| PII sidecar | `api-staging.veylant.ai` (via proxy only) | — |
| Admin API | `api-staging.veylant.ai/v1/admin/*` | 443 |
| Public Playground | `api-staging.veylant.ai/playground` | 443 |
| Keycloak IAM | `auth-staging.veylant.ai` | 443 |
| Kubernetes cluster (read-only namespace scan) | Staging cluster only | — |
| PostgreSQL (via proxy only — no direct DB access) | — | — |
### Out of Scope
- Production environment (`api.veylant.ai`) — **strictly off-limits**
- ClickHouse and Redis (no public exposure; internal network only)
- HashiCorp Vault (managed externally by ops team)
- Physical infrastructure
- Social engineering / phishing against employees
- DoS/DDoS against production or shared infrastructure
---
## 3. Assessment Type
**Grey Box** — the pentester receives:
| Provided | Not provided |
|---------|-------------|
| Keycloak credentials for 4 test accounts (admin, manager, user, auditor roles) | Go source code |
| OpenAPI 3.1 spec (`/docs/openapi.yaml`) | Database schema |
| Integration guide (`docs/integration-guide.md`) | Internal network access |
| Admin guide (`docs/admin-guide.md`) | Vault tokens |
---
## 4. Priority Attack Surfaces
### 4.1 Authentication & JWT
- JWT algorithm confusion (HS256 vs RS256)
- Expired or malformed token acceptance
- Missing claims (`tenant_id`, `roles`) — fail-safe behaviour
- OIDC issuer URL substitution
### 4.2 Multi-Tenant Isolation
- Access to another tenant's audit logs via `/v1/admin/logs?tenant_id=…`
- Cross-tenant policy mutation via `/v1/admin/policies`
- GDPR erasure of another tenant's user
### 4.3 RBAC Bypass
- Privilege escalation from `user``admin` via role manipulation
- Auditor accessing `/v1/chat/completions` (should 403)
- Requesting a restricted model as a `user`-role token
### 4.4 PII Service
- Submitting payloads designed to extract or brute-force pseudonyms
- Bypassing PII with Unicode homoglyphs, zero-width chars, etc.
- Injecting prompt content that survives anonymization
### 4.5 Public Playground (`/playground/analyze`)
- Rate limit bypass (spoofed IPs, X-Forwarded-For header)
- SSRF via crafted `text` content
- Data exfiltration via error messages
### 4.6 Injection
- SQL injection in filter params (`/v1/admin/logs?provider=`, etc.)
- Header injection (newline in model name, etc.)
- Path traversal in admin endpoints
### 4.7 Security Headers
- CSP bypass for dashboard routes
- CORS misconfiguration (verify allowed origins enforcement)
- HSTS preload validity
---
## 5. Rules of Engagement
1. **No DoS against production** — load must remain under 5 req/s against staging
2. **No data exfiltration** — do not extract real user data; staging test data only
3. **No social engineering** — testing of technical controls only
4. **Scope boundary** — immediately stop and notify contact if production is inadvertently reached
5. **Disclosure** — all findings disclosed within 24h of discovery to security contact
6. **Credential handling** — provided test credentials must not be shared; rotated post-pentest
---
## 6. Contacts
| Role | Name | Contact |
|------|------|---------|
| Security contact (pentest lead) | TBD | security@veylant.ai |
| Technical contact | David (CTO) | david@veylant.ai |
| Keycloak credential issuance | Ops team | ops@veylant.ai |
---
## 7. Timeline
| Date | Milestone |
|------|-----------|
| 2026-06-09 | Kick-off call; credentials provided |
| 2026-06-09→13 | Reconnaissance & automated scanning |
| 2026-06-14→18 | Manual exploitation & chaining |
| 2026-06-19 | Debrief call; preliminary findings shared |
| 2026-06-26 | Final report delivered |
| 2026-06-30 | Remediation deadline for Critical/High |
---
## 8. Deliverables
The pentester must deliver:
1. **Executive summary** (12 pages, non-technical, CVSS risk heatmap)
2. **Technical report** — one section per finding:
- CVSS v3.1 score + vector
- Reproduction steps (curl/code)
- PoC for Critical and High severity
- Recommended remediation
3. **Retest report** — confirm fixes after remediation (within 1 week of fixes)
**Format:** PDF + raw findings in Markdown (for import into Linear backlog)
---
## 9. Acceptance Criteria for Sprint 13 Go/No-Go
| Criterion | Target |
|-----------|--------|
| Critical findings | 0 open |
| High findings | 0 open (or accepted with compensating controls) |
| Medium findings | < 3 open, all with mitigation plan |
| Report delivered | 7 days before Sprint 13 review |
Reference in New Issue View Git Blame Copy Permalink