Awesome-Mirrors/cyber-security-resources
1
0
Fork 0
mirror of https://github.com/The-Art-of-Hacking/h4cker.git synced 2024-10-01 01:25:43 -04:00
Code Issues Packages Projects Releases Wiki Activity
b91930a8ed
cyber-security-resources/methodology/scoping.md
Omar Santos ba135a6ee7
Update scoping.md
2023-10-12 11:28:58 -04:00

60 lines
2.2 KiB
Markdown
Raw Blame History

# Planning and Scoping a Penetration Testing Assessment
### Planning Phase
#### Initial Client Meeting
- **Objective**: Understand what the client aims to achieve with the penetration test.
- **Key Questions**:
- What are the key assets you're concerned about?
- What types of attacks or threats are you most concerned with?
- Do you have any compliance requirements (e.g., PCI-DSS, HIPAA)?
#### Documentation Review
- **Objective**: Review existing documentation to understand the network topology, application architecture, and other relevant details.
- **Key Deliverables**:
- Network diagrams
- Application architecture diagrams
- Previous vulnerability assessments or pen test reports
#### Legal and Compliance Checks
- **Objective**: Ensure that all legal requirements are met and permissions are granted.
- **Key Deliverables**:
- Signed contract
- Non-disclosure agreement (NDA)
- Permission to test forms
### Scoping Phase
#### Define Scope
- **Objective**: Clearly outline what is in-scope and out-of-scope.
- **Key Deliverables**:
- List of target IP addresses
- List of target applications
- User roles for testing authenticated areas
#### Determine Timeframe
- **Objective**: Decide the duration of the test.
- **Key Questions**:
- When will the test start and end?
- Are there any blackout periods during which testing should not occur?
#### Resource Allocation
- **Objective**: Decide who will perform the test and what tools will be used.
- **Key Deliverables**:
- Names and credentials of the penetration testers
- List of tools that will be used
#### Success Criteria
- **Objective**: Define what will constitute a successful test.
- **Key Deliverables**:
- Expected outcomes
- Metrics for success (e.g., percentage of high-risk vulnerabilities identified)
#### Finalize Plan
- **Objective**: Consolidate all the above information into a formal test plan.
- **Key Deliverables**:
- Penetration Test Plan document
- Client approval on the plan
By spending ample time on planning and scoping, you're laying a solid foundation for a successful penetration test. This ensures that both the client and the testing team have clear expectations and guidelines, reducing the likelihood of misunderstandings or scope creep.
Reference in New Issue View Git Blame Copy Permalink