Assurance Playbook

Penetration Testing

Internal pre-flight guide

Assurance Index

Penetration Testing (Internal Pre-3P)

Purpose:

Run an internal pentest against a controlled staging environment to catch obvious implementation and configuration issues before you pay external firms to do it.
Produce clean artifacts (scope, logs, repro steps) that make third-party testing faster.

This is not a substitute for an independent pentest.

Inputs (Before You Start)

A staging environment that matches the intended pilot mode (Mode 1 or Mode 2 recommended):
- gateways, BB log, monitors, chain integration, trustee tooling (if applicable)
Synthetic test elections and synthetic voter credentials (no real voter data)
A written Rules of Engagement (RoE):
- scope, allowed techniques, time windows, stop conditions
- explicit prohibition on testing outside staging
Instrumentation:
- request logs, security events, rate limit events
- monitor alerts, BB/chain anchoring logs

What To Do

1. Validate the “Security Invariants” With Negative Tests

Run controlled tests that should fail:

Replay resistance:
- reuse challenges after use/expiry
Idempotency:
- reuse idempotency keys with different payloads
Uniqueness:
- attempt duplicate casts for the same nullifier (strict mode)
Integrity:
- mutate a signed object field and confirm verification fails
Availability safety:
- trigger rate limiting and confirm the client has a safe fallback (alternate gateway list, provisional path, clear user messaging)

Expected:

deterministic error codes and non-leaky error messages
no state corruption after failed requests

2. API Hardening Checks

Focus areas:

schema validation and unknown-field rejection
payload size limits (per endpoint)
request timeouts and backpressure behavior
consistent canonicalization before hashing/signing

Expected:

consistent behavior across gateway instances
no “best effort” parsing that could create inconsistent behavior

3. Configuration and Infrastructure Checks

Validate:

TLS configurations, certificate rotation, and trust store correctness
secret management (no keys in env/files where they should be HSM-backed)
network segmentation (polling-place clients have minimal outbound routes)
update controls (no code changes during voting windows)
logging:
- no PII leakage
- logs are tamper-evident and retained per policy

Expected:

documented configuration baselines and drift detection

4. Denial-of-Service and Degraded-Mode Drills (Safe)

Within staging, simulate load and failure:

elevated request rates against challenge/cast endpoints
partial dependency outages (BB unavailable, chain unavailable, monitor unavailable)
network partition scenarios for a subset of clients

Expected:

continuity behavior matches PRD principles:
- voters are not turned away solely due to network failure
- the system degrades to safe alternatives (queueing, alternate gateways, provisional paths)

Penetration Test Case Library (30 Tests)

Use these as a consistent internal baseline before paying for external pentesting.

Notes:

Run only against systems you own/control (staging).
Keep it deterministic: record exact inputs, timestamps, and expected error codes.
Prefer “invariant tests” over bug class fishing. This protocol has specific properties; try to break those properties and verify detection and safe failure.

Protocol / Invariants (PT01-PT14)

PT01. Challenge replay (single-use)

Steps: issue one challenge; perform a successful cast; attempt a second cast using the same challenge_id + challenge.
Expect: second cast rejected deterministically; no state corruption; no second receipt.
Evidence: request/response logs; challenge state (consumed); error code.

PT02. Challenge expiry

Steps: issue a short-lived challenge; wait past expires_at; attempt cast.
Expect: rejected as expired; retryable guidance to request a new challenge.
Evidence: gateway time source; error code; client guidance text.

PT03. Challenge mismatch

Steps: use a valid challenge_id but an incorrect challenge value in the cast request.
Expect: rejected as invalid proof / invalid challenge; no state change.
Evidence: error code; audit log entry with safe details (no secret disclosure).

PT04. Manifest mismatch (wrong manifest_id)

Steps: keep election_id and jurisdiction_id the same; alter manifest_id in the cast request.
Expect: rejected; no BB append; no anchor write.
Evidence: error code; absence of BB leaf and VoteChain anchor.

PT05. Cross-election binding failure

Steps: attempt to cast with election_id that does not match the active manifest.
Expect: rejected; no state change.
Evidence: error code; logs show binding mismatch without leaking sensitive internals.

PT06. Cross-jurisdiction binding failure

Steps: attempt to cast with jurisdiction_id that does not match the active manifest.
Expect: rejected; no state change.
Evidence: error code; logs show binding mismatch.

PT07. Idempotency replay (same body)

Steps: submit a valid cast request with an idempotency key; then resend the identical request with the same idempotency key.
Expect: deterministic same outcome; no double-write to BB/VoteChain; no second receipt.
Evidence: idempotency store entry; event counts unchanged.

PT08. Idempotency key body mismatch

Steps: reuse the same idempotency key with a request body that differs by one field.
Expect: deterministic mismatch error; must not accept under ambiguity.
Evidence: stored request hash; mismatch response; no BB/VoteChain writes.

PT09. Nullifier reuse (strict mode)

Steps: cast once successfully; attempt a second cast with the same nullifier under strict rules.
Expect: rejected or routed to flagged/provisional handling per policy; must not become counted twice.
Evidence: uniqueness oracle results; fraud flag records; tally input set.

PT10. Nullifier derivation mismatch

Steps: provide a nullifier that does not match the required derivation for the credential/election.
Expect: rejected as invalid proof/integrity mismatch.
Evidence: error code; verifier logs.

PT11. Eligibility proof invalid

Steps: submit a cast with an invalid eligibility proof (proof fails verification).
Expect: rejected; must not consume nullifier; must not append to BB.
Evidence: error code; no BB leaf; no anchor write.

PT12. Ballot validity proof invalid (suite-specific)

Steps: submit a ballot that fails validity proof (or encodes an invalid ballot structure).
Expect: rejected; no BB append; no anchor write.
Evidence: error code; safe validation logs.

PT13. Receipt tamper (offline verification)

Steps: take a valid receipt; alter one field; verify offline.
Expect: signature and/or linkage checks fail deterministically.
Evidence: verifier output; failed check name; reason.

PT14. Receipt cross-election swap

Steps: try verifying a receipt under a different election/manifest context.
Expect: fails binding/linkage checks.
Evidence: verifier output and mismatch explanation.

Bulletin Board / Non-Equivocation (PT15-PT21)

PT15. STH signature verification

Steps: tamper with an STH signature or key id (kid) in a controlled dataset; verify.
Expect: verification fails; monitors treat as critical.
Evidence: monitor logs; alert event; preserved artifacts.

PT16. Inclusion proof mismatch

Steps: modify one inclusion proof path hash; verify.
Expect: inclusion verification fails.
Evidence: verifier output; failing proof step.

PT17. Anchor mismatch

Steps: construct a receipt with a bb_leaf_hash that has no corresponding VoteChain anchor.
Expect: anchor check fails; receipt overall fails.
Evidence: verifier output; missing anchor evidence.

PT18. Split-view STH simulation

Steps: simulate two observers receiving different STHs for the same tree size (controlled staging).
Expect: monitors detect inconsistency; alert; preserve evidence.
Evidence: both STHs; signatures; proof transcripts; alert record.

PT19. Missing consistency proof

Steps: force a condition where a consistency proof cannot be fetched or is omitted.
Expect: monitors treat as high severity; evidence preserved.
Evidence: monitor logs; error classification; alert.

PT20. Invalid consistency proof

Steps: provide a malformed/invalid consistency proof (controlled).
Expect: verification fails; alert.
Evidence: proof bytes/hash; verifier output.

PT21. BB append-only enforcement

Steps: attempt to delete/modify an existing BB entry in staging (administrative simulation).
Expect: detection through anchor mismatch or monitor checks; evidence preserved.
Evidence: anchors before/after; monitor divergence report.

API Hardening / Parsing / Canonicalization (PT22-PT27)

PT22. Unknown field rejection

Steps: add unknown top-level fields to cast requests and manifests.
Expect: strict rejection (or strict ignore, if the spec says so); behavior must be consistent across nodes.
Evidence: response; logs; conformance result.

PT23. Type confusion

Steps: send wrong JSON types for critical fields (numbers where strings are required, arrays vs objects).
Expect: deterministic schema failure; no partial processing.
Evidence: error code; no state changes.

PT24. Malformed base64url inputs

Steps: provide malformed base64url strings in fields like signatures/hashes.
Expect: deterministic rejection; no crashes; no high CPU loops.
Evidence: response; error classification; metrics.

PT25. Canonicalization drift

Steps: submit logically-equivalent JSON with different key orders/whitespace; verify hashing/signing behavior stays stable.
Expect: canonicalization produces identical bytes; signatures verify identically.
Evidence: computed hashes; signature verification outputs.

PT26. Duplicate JSON keys

Steps: test parser behavior with duplicated keys (language-dependent).
Expect: explicit rejection or deterministic handling with conformance-defined rules.
Evidence: parser logs; conformance result; documented behavior.

PT27. Payload size limits

Steps: send oversized requests (cast, proof fetch, discovery endpoints).
Expect: clean rejection with bounded resource usage.
Evidence: response; server CPU/mem; rate limit telemetry.

Availability / Overload / Safe Failure (PT28-PT30)

PT28. Overload behavior (retry + alternate gateways)

Steps: induce overload in staging; observe client/server behavior.
Expect: explicit retry guidance (backoff/jitter), optional alternate gateway list, and no silent failure loops.
Evidence: error codes; client UX; metrics.

PT29. Degraded dependency handling

Steps: take BB or VoteChain anchoring offline in staging during voting window simulation.
Expect: defined degraded mode behavior; continuity goals met; auditable reconciliation plan.
Evidence: incident timeline; audit anchors; reconciliation report.

PT30. Slow-client resource exhaustion protection

Steps: simulate slow or stalled clients to ensure server timeouts and per-connection limits prevent resource exhaustion.
Expect: bounded impact; other clients remain served; alerts fire.
Evidence: server metrics; connection counts; timeout logs.

What To Expect (Common Findings)

Inconsistent canonicalization across services.
Payload size / timeout defaults that enable cheap DoS.
Missing audit anchors for some artifacts.
Error responses that leak internals (stack traces, key IDs, validation detail).
Rate limiting that unintentionally creates disenfranchisement risk.

”Bypass” Mindset (Safe Guidance)

Focus on whether invariants hold under edge conditions:

race conditions:
- can two gateway instances accept conflicting states before finalization?
partial failure:
- can an attacker cause inconsistent BB views to different clients without detection?
downgrade pressure:
- can clients be pushed into a less-verified path under outage?

Do not write payload-level exploit recipes in repo docs.

How To Patch

When a pentest finding occurs:

Reproduce in a minimal fixture.
Patch the enforcement point:
- gateway validation, BB append-only checks, monitor alerting, chaincode rules
Add a regression test:
- unit test for parsing/canonicalization
- integration test for the invariant (replay/uniqueness/non-equivocation)
Update conformance vectors if the bug indicates spec ambiguity.
Retest and record the evidence link in the assurance index.

What To Hand Off To Third Parties

Staging architecture + access approach (accounts, VPN, allowlists)
RoE from internal test, plus what you already tested
Logs and artifacts for any fixed issues (before/after)
Open issues you want them to focus on (high-risk areas)

We the People

of the United States

in Order to form a more perfect Union, establish Justice, insure domestic Tranquility, provide for the common defence, promote the general Welfare, and secure the Blessings of Liberty to ourselves and our Posterity, do ordain and establish this Constitution for the United States of America.

Article I — The Legislative Branch

Section 1

All legislative Powers herein granted shall be vested in a Congress of the United States, which shall consist of a Senate and House of Representatives.

Section 2 — The House of Representatives

The House of Representatives shall be composed of Members chosen every second Year by the People of the several States, and the Electors in each State shall have the Qualifications requisite for Electors of the most numerous Branch of the State Legislature.

No Person shall be a Representative who shall not have attained to the Age of twenty five Years, and been seven Years a Citizen of the United States, and who shall not, when elected, be an Inhabitant of that State in which he shall be chosen.

Representatives and direct Taxes shall be apportioned among the several States which may be included within this Union, according to their respective Numbers, which shall be determined by adding to the whole Number of free Persons, including those bound to Service for a Term of Years, and excluding Indians not taxed, three fifths of all other Persons.

The actual Enumeration shall be made within three Years after the first Meeting of the Congress of the United States, and within every subsequent Term of ten Years, in such Manner as they shall by Law direct. The Number of Representatives shall not exceed one for every thirty Thousand, but each State shall have at Least one Representative.

When vacancies happen in the Representation from any State, the Executive Authority thereof shall issue Writs of Election to fill such Vacancies.

The House of Representatives shall chuse their Speaker and other Officers; and shall have the sole Power of Impeachment.

Section 3 — The Senate

The Senate of the United States shall be composed of two Senators from each State, chosen by the Legislature thereof, for six Years; and each Senator shall have one Vote.

Immediately after they shall be assembled in Consequence of the first Election, they shall be divided as equally as may be into three Classes. The Seats of the Senators of the first Class shall be vacated at the Expiration of the second Year, of the second Class at the Expiration of the fourth Year, and of the third Class at the Expiration of the sixth Year, so that one third may be chosen every second Year.

No Person shall be a Senator who shall not have attained to the Age of thirty Years, and been nine Years a Citizen of the United States, and who shall not, when elected, be an Inhabitant of that State for which he shall be chosen.

The Vice President of the United States shall be President of the Senate, but shall have no Vote, unless they be equally divided.

The Senate shall chuse their other Officers, and also a President pro tempore, in the Absence of the Vice President, or when he shall exercise the Office of President of the United States.

The Senate shall have the sole Power to try all Impeachments. When sitting for that Purpose, they shall be on Oath or Affirmation. When the President of the United States is tried, the Chief Justice shall preside: And no Person shall be convicted without the Concurrence of two thirds of the Members present.

Judgment in Cases of Impeachment shall not extend further than to removal from Office, and disqualification to hold and enjoy any Office of honor, Trust or Profit under the United States: but the Party convicted shall nevertheless be liable and subject to Indictment, Trial, Judgment and Punishment, according to Law.

Section 4 — Elections

The Times, Places and Manner of holding Elections for Senators and Representatives, shall be prescribed in each State by the Legislature thereof; but the Congress may at any time by Law make or alter such Regulations, except as to the Places of chusing Senators.

The Congress shall assemble at least once in every Year, and such Meeting shall be on the first Monday in December, unless they shall by Law appoint a different Day.

Section 5 — Rules of Proceedings

Each House shall be the Judge of the Elections, Returns and Qualifications of its own Members, and a Majority of each shall constitute a Quorum to do Business; but a smaller Number may adjourn from day to day, and may be authorized to compel the Attendance of absent Members, in such Manner, and under such Penalties as each House may provide.

Each House may determine the Rules of its Proceedings, punish its Members for disorderly Behaviour, and, with the Concurrence of two thirds, expel a Member.

Each House shall keep a Journal of its Proceedings, and from time to time publish the same, excepting such Parts as may in their Judgment require Secrecy; and the Yeas and Nays of the Members of either House on any question shall, at the Desire of one fifth of those Present, be entered on the Journal.

Section 6 — Compensation and Privileges

The Senators and Representatives shall receive a Compensation for their Services, to be ascertained by Law, and paid out of the Treasury of the United States. They shall in all Cases, except Treason, Felony and Breach of the Peace, be privileged from Arrest during their Attendance at the Session of their respective Houses, and in going to and returning from the same; and for any Speech or Debate in either House, they shall not be questioned in any other Place.

No Senator or Representative shall, during the Time for which he was elected, be appointed to any civil Office under the Authority of the United States, which shall have been created, or the Emoluments whereof shall have been encreased during such time; and no Person holding any Office under the United States, shall be a Member of either House during his Continuance in Office.

Section 7 — Revenue Bills, Legislative Process

All Bills for raising Revenue shall originate in the House of Representatives; but the Senate may propose or concur with Amendments as on other Bills.

Every Bill which shall have passed the House of Representatives and the Senate, shall, before it become a Law, be presented to the President of the United States; If he approve he shall sign it, but if not he shall return it, with his Objections to that House in which it shall have originated, who shall enter the Objections at large on their Journal, and proceed to reconsider it.

If after such Reconsideration two thirds of that House shall agree to pass the Bill, it shall be sent, together with the Objections, to the other House, by which it shall likewise be reconsidered, and if approved by two thirds of that House, it shall become a Law. But in all such Cases the Votes of both Houses shall be determined by yeas and Nays, and the Names of the Persons voting for and against the Bill shall be entered on the Journal of each House respectively.

If any Bill shall not be returned by the President within ten Days (Sundays excepted) after it shall have been presented to him, the Same shall be a Law, in like Manner as if he had signed it, unless the Congress by their Adjournment prevent its Return, in which Case it shall not be a Law.

Every Order, Resolution, or Vote to which the Concurrence of the Senate and House of Representatives may be necessary (except on a question of Adjournment) shall be presented to the President of the United States; and before the Same shall take Effect, shall be approved by him, or being disapproved by him, shall be repassed by two thirds of the Senate and House of Representatives, according to the Rules and Limitations prescribed in the Case of a Bill.

Section 8 — Powers of Congress

The Congress shall have Power To lay and collect Taxes, Duties, Imposts and Excises, to pay the Debts and provide for the common Defence and general Welfare of the United States; but all Duties, Imposts and Excises shall be uniform throughout the United States;

To borrow Money on the credit of the United States;

To regulate Commerce with foreign Nations, and among the several States, and with the Indian Tribes;

To establish an uniform Rule of Naturalization, and uniform Laws on the subject of Bankruptcies throughout the United States;

To coin Money, regulate the Value thereof, and of foreign Coin, and fix the Standard of Weights and Measures;

To provide for the Punishment of counterfeiting the Securities and current Coin of the United States;

To establish Post Offices and post Roads;

To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries;

To constitute Tribunals inferior to the supreme Court;

To define and punish Piracies and Felonies committed on the high Seas, and Offences against the Law of Nations;

To declare War, grant Letters of Marque and Reprisal, and make Rules concerning Captures on Land and Water;

To raise and support Armies, but no Appropriation of Money to that Use shall be for a longer Term than two Years;

To provide and maintain a Navy;

To make Rules for the Government and Regulation of the land and naval Forces;

To provide for calling forth the Militia to execute the Laws of the Union, suppress Insurrections and repel Invasions;

To provide for organizing, arming, and disciplining, the Militia, and for governing such Part of them as may be employed in the Service of the United States, reserving to the States respectively, the Appointment of the Officers, and the Authority of training the Militia according to the discipline prescribed by Congress;

To exercise exclusive Legislation in all Cases whatsoever, over such District (not exceeding ten Miles square) as may, by Cession of particular States, and the Acceptance of Congress, become the Seat of the Government of the United States, and to exercise like Authority over all Places purchased by the Consent of the Legislature of the State in which the Same shall be, for the Erection of Forts, Magazines, Arsenals, dock-Yards, and other needful Buildings;

To make all Laws which shall be necessary and proper for carrying into Execution the foregoing Powers, and all other Powers vested by this Constitution in the Government of the United States, or in any Department or Officer thereof.

Section 9 — Limits on Congress

The Migration or Importation of such Persons as any of the States now existing shall think proper to admit, shall not be prohibited by the Congress prior to the Year one thousand eight hundred and eight, but a Tax or duty may be imposed on such Importation, not exceeding ten dollars for each Person.

The Privilege of the Writ of Habeas Corpus shall not be suspended, unless when in Cases of Rebellion or Invasion the public Safety may require it.

No Bill of Attainder or ex post facto Law shall be passed.

No Capitation, or other direct, Tax shall be laid, unless in Proportion to the Census or enumeration herein before directed to be taken.

No Tax or Duty shall be laid on Articles exported from any State.

No Preference shall be given by any Regulation of Commerce or Revenue to the Ports of one State over those of another: nor shall Vessels bound to, or from, one State, be obliged to enter, clear, or pay Duties in another.

No Money shall be drawn from the Treasury, but in Consequence of Appropriations made by Law; and a regular Statement and Account of the Receipts and Expenditures of all public Money shall be published from time to time.

No Title of Nobility shall be granted by the United States: And no Person holding any Office of Profit or Trust under them, shall, without the Consent of the Congress, accept of any present, Emolument, Office, or Title, of any kind whatever, from any King, Prince, or foreign State.

Section 10 — Limits on States

No State shall enter into any Treaty, Alliance, or Confederation; grant Letters of Marque and Reprisal; coin Money; emit Bills of Credit; make any Thing but gold and silver Coin a Tender in Payment of Debts; pass any Bill of Attainder, ex post facto Law, or Law impairing the Obligation of Contracts, or grant any Title of Nobility.

No State shall, without the Consent of the Congress, lay any Imposts or Duties on Imports or Exports, except what may be absolutely necessary for executing it's inspection Laws: and the net Produce of all Duties and Imposts, laid by any State on Imports or Exports, shall be for the Use of the Treasury of the United States; and all such Laws shall be subject to the Revision and Controul of the Congress.

No State shall, without the Consent of Congress, lay any Duty of Tonnage, keep Troops, or Ships of War in time of Peace, enter into any Agreement or Compact with another State, or with a foreign Power, or engage in War, unless actually invaded, or in such imminent Danger as will not admit of delay.

Article II — The Executive Branch

Section 1 — The President

The executive Power shall be vested in a President of the United States of America. He shall hold his Office during the Term of four Years, and, together with the Vice President, chosen for the same Term, be elected, as follows:

Each State shall appoint, in such Manner as the Legislature thereof may direct, a Number of Electors, equal to the whole Number of Senators and Representatives to which the State may be entitled in the Congress: but no Senator or Representative, or Person holding an Office of Trust or Profit under the United States, shall be appointed an Elector.

No Person except a natural born Citizen, or a Citizen of the United States, at the time of the Adoption of this Constitution, shall be eligible to the Office of President; neither shall any Person be eligible to that Office who shall not have attained to the Age of thirty five Years, and been fourteen Years a Resident within the United States.

In Case of the Removal of the President from Office, or of his Death, Resignation, or Inability to discharge the Powers and Duties of the said Office, the Same shall devolve on the Vice President, and the Congress may by Law provide for the Case of Removal, Death, Resignation or Inability, both of the President and Vice President, declaring what Officer shall then act as President, and such Officer shall act accordingly, until the Disability be removed, or a President shall be elected.

The President shall, at stated Times, receive for his Services, a Compensation, which shall neither be encreased nor diminished during the Period for which he shall have been elected, and he shall not receive within that Period any other Emolument from the United States, or any of them.

Before he enter on the Execution of his Office, he shall take the following Oath or Affirmation:—"I do solemnly swear (or affirm) that I will faithfully execute the Office of President of the United States, and will to the best of my Ability, preserve, protect and defend the Constitution of the United States."

Section 2 — Powers of the President

The President shall be Commander in Chief of the Army and Navy of the United States, and of the Militia of the several States, when called into the actual Service of the United States; he may require the Opinion, in writing, of the principal Officer in each of the executive Departments, upon any Subject relating to the Duties of their respective Offices, and he shall have Power to grant Reprieves and Pardons for Offences against the United States, except in Cases of Impeachment.

He shall have Power, by and with the Advice and Consent of the Senate, to make Treaties, provided two thirds of the Senators present concur; and he shall nominate, and by and with the Advice and Consent of the Senate, shall appoint Ambassadors, other public Ministers and Consuls, Judges of the supreme Court, and all other Officers of the United States.

The President shall have Power to fill up all Vacancies that may happen during the Recess of the Senate, by granting Commissions which shall expire at the End of their next Session.

Section 3 — Duties of the President

He shall from time to time give to the Congress Information of the State of the Union, and recommend to their Consideration such Measures as he shall judge necessary and expedient; he may, on extraordinary Occasions, convene both Houses, or either of them, and in Case of Disagreement between them, with Respect to the Time of Adjournment, he may adjourn them to such Time as he shall think proper; he shall receive Ambassadors and other public Ministers; he shall take Care that the Laws be faithfully executed, and shall Commission all the Officers of the United States.

Section 4 — Impeachment

The President, Vice President and all civil Officers of the United States, shall be removed from Office on Impeachment for, and Conviction of, Treason, Bribery, or other high Crimes and Misdemeanors.

Article III — The Judicial Branch

Section 1 — Federal Courts

The judicial Power of the United States, shall be vested in one supreme Court, and in such inferior Courts as the Congress may from time to time ordain and establish. The Judges, both of the supreme and inferior Courts, shall hold their Offices during good Behaviour, and shall, at stated Times, receive for their Services, a Compensation, which shall not be diminished during their Continuance in Office.

Section 2 — Jurisdiction

The judicial Power shall extend to all Cases, in Law and Equity, arising under this Constitution, the Laws of the United States, and Treaties made, or which shall be made, under their Authority;—to all Cases affecting Ambassadors, other public Ministers and Consuls;—to all Cases of admiralty and maritime Jurisdiction;—to Controversies to which the United States shall be a Party;—to Controversies between two or more States;—between a State and Citizens of another State;—between Citizens of different States;—between Citizens of the same State claiming Lands under Grants of different States, and between a State, or the Citizens thereof, and foreign States, Citizens or Subjects.

In all Cases affecting Ambassadors, other public Ministers and Consuls, and those in which a State shall be Party, the supreme Court shall have original Jurisdiction. In all the other Cases before mentioned, the supreme Court shall have appellate Jurisdiction, both as to Law and Fact, with such Exceptions, and under such Regulations as the Congress shall make.

The Trial of all Crimes, except in Cases of Impeachment, shall be by Jury; and such Trial shall be held in the State where the said Crimes shall have been committed; but when not committed within any State, the Trial shall be at such Place or Places as the Congress may by Law have directed.

Section 3 — Treason

Treason against the United States, shall consist only in levying War against them, or in adhering to their Enemies, giving them Aid and Comfort. No Person shall be convicted of Treason unless on the Testimony of two Witnesses to the same overt Act, or on Confession in open Court.

The Congress shall have Power to declare the Punishment of Treason, but no Attainder of Treason shall work Corruption of Blood, or Forfeiture except during the Life of the Person attainted.

Article IV — The States

Section 1 — Full Faith and Credit

Full Faith and Credit shall be given in each State to the public Acts, Records, and judicial Proceedings of every other State. And the Congress may by general Laws prescribe the Manner in which such Acts, Records and Proceedings shall be proved, and the Effect thereof.

Section 2 — Privileges and Immunities

The Citizens of each State shall be entitled to all Privileges and Immunities of Citizens in the several States.

A Person charged in any State with Treason, Felony, or other Crime, who shall flee from Justice, and be found in another State, shall on Demand of the executive Authority of the State from which he fled, be delivered up, to be removed to the State having Jurisdiction of the Crime.

No Person held to Service or Labour in one State, under the Laws thereof, escaping into another, shall, in Consequence of any Law or Regulation therein, be discharged from such Service or Labour, but shall be delivered up on Claim of the Party to whom such Service or Labour may be due.

Section 3 — New States and Federal Property

New States may be admitted by the Congress into this Union; but no new State shall be formed or erected within the Jurisdiction of any other State; nor any State be formed by the Junction of two or more States, or Parts of States, without the Consent of the Legislatures of the States concerned as well as of the Congress.

The Congress shall have Power to dispose of and make all needful Rules and Regulations respecting the Territory or other Property belonging to the United States; and nothing in this Constitution shall be so construed as to Prejudice any Claims of the United States, or of any particular State.

Section 4 — Guarantee to States

The United States shall guarantee to every State in this Union a Republican Form of Government, and shall protect each of them against Invasion; and on Application of the Legislature, or of the Executive (when the Legislature cannot be convened) against domestic Violence.

Article V — Amendment Process

The Congress, whenever two thirds of both Houses shall deem it necessary, shall propose Amendments to this Constitution, or, on the Application of the Legislatures of two thirds of the several States, shall call a Convention for proposing Amendments, which, in either Case, shall be valid to all Intents and Purposes, as Part of this Constitution, when ratified by the Legislatures of three fourths of the several States, or by Conventions in three fourths thereof, as the one or the other Mode of Ratification may be proposed by the Congress; Provided that no Amendment which may be made prior to the Year One thousand eight hundred and eight shall in any Manner affect the first and fourth Clauses in the Ninth Section of the first Article; and that no State, without its Consent, shall be deprived of its equal Suffrage in the Senate.

Article VI — Supremacy Clause

All Debts contracted and Engagements entered into, before the Adoption of this Constitution, shall be as valid against the United States under this Constitution, as under the Confederation.

This Constitution, and the Laws of the United States which shall be made in Pursuance thereof; and all Treaties made, or which shall be made, under the Authority of the United States, shall be the supreme Law of the Land; and the Judges in every State shall be bound thereby, any Thing in the Constitution or Laws of any State to the Contrary notwithstanding.

The Senators and Representatives before mentioned, and the Members of the several State Legislatures, and all executive and judicial Officers, both of the United States and of the several States, shall be bound by Oath or Affirmation, to support this Constitution; but no religious Test shall ever be required as a Qualification to any Office or public Trust under the United States.

Article VII — Ratification

The Ratification of the Conventions of nine States, shall be sufficient for the Establishment of this Constitution between the States so ratifying the Same.

What is a "Legislative Day"?

Penetration Testing

Penetration Testing (Internal Pre-3P)

Inputs (Before You Start)

What To Do

1. Validate the “Security Invariants” With Negative Tests

2. API Hardening Checks

3. Configuration and Infrastructure Checks

4. Denial-of-Service and Degraded-Mode Drills (Safe)

Penetration Test Case Library (30 Tests)

Protocol / Invariants (PT01-PT14)

Bulletin Board / Non-Equivocation (PT15-PT21)

API Hardening / Parsing / Canonicalization (PT22-PT27)

Availability / Overload / Safe Failure (PT28-PT30)

What To Expect (Common Findings)

”Bypass” Mindset (Safe Guidance)

How To Patch

What To Hand Off To Third Parties

Introduction

Committee Review

Floor Debate

Other Chamber

Conference

Presidential Action

Theme

Font

Privacy