Skip to content

Authorize Assets

1. Navigate to External Assets

Now that Asset Discovery has been completed, navigate to External Assets to review and authorize assets for external pentesting.

Screenshot

2. Click on the Asset Group

Click the external asset group with the “Done” Asset Discovery Status.

Screenshot

3. Review Asset Discovery

You can check Asset Discovery results and see what has been found.

Screenshot

Rerun Asset Discovery on a routine basis to have the most up-to-date information on the status of your assets.

4. Review (Sub-)domains to Authorize Assets

Review discovered (sub-)domains identified during Asset Discovery. To authorize assets for a pentest, select the asset, click Take Action, and then Authorize for Pentest.

Screenshot

Only authorize the assets you are legally permitted to pentest. You are responsible for accurately defining the scope of the Services for both internal and external testing. See Terms and Conditions for more information.

4.1 Asset IP Resolution

During an external pentest, NodeZero uses the asset’s IP Resolution to determine if an asset stays in scope for the pentest. IP Resolution may be marked as Dynamic or Static. By default, assets are set to Static IP Resolution.

Static vs Dynamic IP Resolution

Static IP Resolution indicates the IP address resolved from the domain name is not expected to change. Assets labeled Static will be removed from scope if the asset resolves to a different IP address during the External Pentest than it did during the Asset Discovery.

Dynamic IP Resolution indicates the IP address resolved from the domain name may be expected to change over time. Assets labeled Dynamic will remain in scope even if the IP address changes between the Asset Discovery and the External Pentest. An example of a Dynamic asset IP would be AWS assets for which the resolved IP address is controlled by AWS and may change between pentests.

5. Configured IPs

On the Configured IPs tab, view reachable IP addresses in the Asset Group configuration. To authorize an IP address for a pentest, select the IP address, click Take Action, and then Authorize for Pentest.

Screenshot

6. Accounts

To add or remove Git or AWS accounts, edit the asset group configuration by clicking the menu button in the top right of the asset group.

Screenshot