• Perform remote blackbox penetration test against target IP addresses to be provided by RSA following successful negotiation and execution of awarded contract • All network level security tests must be performed with no authentication and will emulate a real attacker • Perform blackbox web-application Security Review for the https://mso.rsa-al.gov application “MSO” • Perform two phase targeted attack (Unauthenticated and Authenticated) on applications within target DMZ • Perform traditional recon on hosts in scope identifying known and unknown vulnerabilities through manual and automated tools and techniques • Perform blackbox web-application Security Review for the https://ess.rsa-al.gov application “ESS” • Perform two phase targeted attack (Unauthenticated and Authenticated) on applications within target DMZ • Perform traditional recon on hosts in scope identifying known and unknown vulnerabilities through manual and automated tools and techniques • Social Engineering (targeted emails, email attachments and luring victims to external websites) as approved by RSA Security • Provide wireless security testing services at the RSA HQ Building located at 201 South Union Street Montgomery, AL 36104 • Provide a daily report of each ongoing test(s) to the Security Manager • Provide detail reports at the end of each test with sample code input and outputs to ensure development team can determine how to fix the issue • Contact RSA’s Security Manager immediately in the event a high risk vulnerability is identified and confirmed for remediation • Provide a time table and schedule of events • Provide retesting services within 3 months of the initial test ensure noted deficiencies have been remediated or risk has been accepted • Provide general cybersecurity best practice consulting from time to time if requested by RSA.
