Penetration Test - Planning and Scoping(4)
SET EXPECTATIONS
- Impact
- The result of testing
- Report vulnerabilities
- Remediation
- How should client respond?
- Disclaimers
- Point-in-time assessment
- Comprehensiveness
- Enterprise/division/department, etc.
TECHNICAL CONSTRAINTS
- Any technical limitations that reduce test scope
- Production (live) components
- Out-of-service devices
- Can‘t access
- Physical/geographic access limitations
- Legal/regulatory/out of scope
QUICK REVIEW
- Document expected impact of pen tests
- Provide an estimate of remediation activities
- Specify any technical constraints
Penetration Test - Planning and Scoping(4)