Specifications include, but are not limited to: The City of Springfield provides essential services to the citizens of Springfield. The Information Systems department ensures that the computer, telecommunications, data network, and security systems are installed, maintained, and made available so City departments can provide those services. 2.1 An external and internal network penetration test to include web application penetration testing. 2.2 Test segmentation of Point of Interaction (“POI”) devices from the rest of the network to verify that Requirement 11 under PCI-DSS is met. 2.3 Attempt to find information disclosure vulnerabilities from verbose error reporting and from metadata to assist in further exploitation attempts. 2.4 Attempt to bypass security mechanisms in place and bypass authentication. 2.5 Attempt to enumerate both administrative and user account usernames and gain additional access to the network and web applications with brute force techniques. 2.6 Attempt to discover weaknesses in network services by enumerating information regarding versioning and configuration flaws. 2.7 Test SSL/TLS for vulnerabilities and weaknesses. 2.8 Attempt to exploit the discovered vulnerabilities to gain further access and disclose sensitive information. 2.9 Provide a “findings report” upon completion of the work within fourteen (14) days after the conclusion of the testing along with a session with the City to describe the findings. 2.10 Bidder may submit an hourly rate to provide the following optional services at the request of the City: 2.10.1 Social Engineering Testing 2.10.2 Post-testing consultation time (separate of section 2.9 above) 2.10.3 Any subsequent or remediation testing
