Recently the question came up, “Why should I worry about and scan internal
applications?” Here is a short list that enumerates some of the more important
- Intranet apps increasingly have a funny way of becoming externally accessible over time, even if restricted to just business partners. Also, perhaps those business partners are not going to want to use those Intranet apps unless they are properly tested.
- Internal machines / PCs could become infected with malware, which could then be used as a foothold to hack insecure Intranet Apps. And internal apps tend to not be patched as often as well, making this even easier than it normally would be.
- The Insider Threat is always a possibility. Insecure Intranet Apps could be hacked directly, from within the network.
- Due to code reuse, some or all of the systems could have vulnerabilities. These systems could be reused on other externally facing systems.
- Things like DNS rebinding, Pixel Perfect Timing attacks, CSRF, and so on all allow an attacker to force your browser to do bad things.
- RFC1918 cache poisoning can allow malicious partners to leverage attacks against your internal networks if you connect to them via a VPN.
- Single sign-on between internal devices using things like NTLM, which are very common in internal environments, means that a vulnerability in one app may allow an attacker to attack many other internal applications using the victim’s browser.
- Compliance may mandate that your systems that touch customer’s PII be tested as regularly as external applications are.
All things to ponder as you are outlining what should be in scope for testing. If you are relying on a firewall as your only means of protecting your internal apps, then this list is probably something you should consider.