Penetration Test - Planning and Scoping(4)

Penetration Test - Planning and Scoping(4)

SET EXPECTATIONS

  • Impact
    • The result of testing
    • Report vulnerabilities
    • Remediation
      • How should client respond?
  • Disclaimers
    • Point-in-time assessment
      • Only valid now
    • Comprehensiveness
      • Enterprise/division/department, etc.

TECHNICAL CONSTRAINTS

  • Any technical limitations that reduce test scope
  • Production (live) components
  • Out-of-service devices
  • Can't access
    • Physical/geographic access limitations
    • Legal/regulatory/out of scope

QUICK REVIEW

  • Document expected impact of pen tests
  • Provide an estimate of remediation activities
  • Specify any technical constraints
posted @ 2020-07-20 20:19  晨风_Eric  阅读(103)  评论(0编辑  收藏  举报