The scope of this testing includes the following:
1. United Nations National Drug Control System (UNNDS) portal application and external client web portal;
2. Infrastructure within the DMZ that supports the application;
3. NGA-DMZ SFTP Portal.
Both penetration testing and application vulnerability assessment are required as part of this security testing engagement.
Threats to information confidentiality, integrity and availability are to be considered during testing. The key threat vectors to be considered are:
Unknown external parties;
Authorised external users; and