ILT-U-1887
External Interface Security Assessment. GB 44495 (Clause 7.1 & 8.3) Phase 1 – Foundation Level
| What is expected to be determined | Method applied |
| Identification of all externally accessible interfaces (Wi-Fi, Bluetooth, USB) and recognition of possible access vectors | Wireless scanning, Bluetooth discovery, physical inspection, basic reconnaissance techniques |
| Detection of exposed network services, including open ports, running services, and communication protocols | Port scanning, service fingerprinting, protocol interaction |
| Evaluation of authentication mechanisms, including identification of weak or default credentials and ability to gain unauthorized access | Authentication attempts, credential testing, service interaction (e.g., SSH, HTTP) |
| Ability to exploit identified vulnerabilities and determine the level of access obtained and system control achieved | Service interaction, command execution, payload execution, USB-based interaction |
| Identification of missing or weak interface protection mechanisms (e.g., lack of encryption, insecure pairing, absence of access control) | Traffic observation, configuration analysis, interface interaction testing |
| Ability to collect and present evidence supporting findings, ensuring reproducibility and traceability | Structured reporting, inclusion of logs, screenshots, and command outputs |
| Ability to analyze vulnerabilities, determine root causes, assess impact, and propose appropriate mitigation measures | Technical analysis, risk reasoning, mapping findings to security principles |
Related products
ILT-U-2045
Testing of Requirements for quality of Ready to Use Software Product (RUSP) / COTS Software
ILT-U-1746
Remote gambling and software technical standards (RTS) RTS 7 – Generation of random outcomes
ILT-U-802
Mobile Application Security Proficiency Test. Aligned with the App Defense Alliance Mobile Application Security Testing Approach
