Penetration Test - Planning and Scoping(2)

TARGET AUDIENCE AND ROE

• Know your target audience
  • Who is sponsoring the pen test?
  • What is the purpose of the test?
• Rules of engagement - governs the pen tester‘s activities
  • Schedule - start, stop, temporal restrictions
  • Team composition, location, access
• Test scope
  • Technical/physical/personnel
  • Target limits (inclusion, invasiveness, etc.)

Communication - How, When, Why

COMMUNICATION ESCALATION PATH

• Risks of pen testing
  • Crashing devices, services, whole servers
  • Corrupting data
  • Degrading performance
  • Terms of Service(TOS)/regulation/legislation violation
• Communication escalation path
  • Who to contact if thins go wrong
  • Communication expectations(content, trigger, frequency)

QUICK REVIEW

• Know who is sponsoring the pen test and why
• Know what kind of tests can you execute and what is off-limits
• Understand pen test risks
• Plan to communicate and know who to call and when

Penetration Test - Planning and Scoping(2)

原文：https://www.cnblogs.com/keepmoving1113/p/13341306.html