3·
3 months agoYour belief is wrong. That is not what a penetration test does. They are looking at it from the outside.
emergencycall
- 0 Posts
- 3 Comments
Joined 3 years ago
Cake day: June 12th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
A penetration test is not an audit and does not provide any such assurance that logs are not retained. The goal of a penetration test is to penetrate via vulnerabilities and misconfigurations, not validate public logging claims about a service
You need better logging. Try doing a packet capture with tcpdump then decrypt the HTTPS traffic. Because what you’ve described so far, especially before the edit makes no sense.
If you don’t have a DNS record pointing the subdomain to the IP address of the server, it shouldn’t be possible to resolve the IP for random Internet users. If this VHOST only exists in your Apache config file and nowhere else, it is private.