- BackTrack 4: Assuring Security by Penetration Testing
- Shakeel Ali Tedi Heriyanto
- 524字
- 2021-04-09 21:21:00
Part II. Penetration Testers Armory
Chapter 3. Target Scoping
Target Scoping is defined as an empirical process for gathering target assessment requirements and characterizing each of its parameters to generate a test plan, limitations, business objectives, and time schedule. This process plays an important role in defining clear objectives towards any kind of security assessment. By determining these key objectives one can easily draw a practical roadmap of what will be tested, how it should be tested, what resources will be allocated, what limitations will be applied, what business objectives will be achieved, and how the test project will be planned and scheduled. Thus, we have combined all of these elements and presented them in a formalized scope process to achieve the required goal. Following are the key concepts which will be discussed in this chapter:
- Gathering client requirements deals with accumulating information about the target environment through verbal or written communication.
- Preparing test plan depends on different sets of variables. These may include shaping the actual requirements into structured testing process, legal agreements, cost analysis, and resource allocation.
- Profiling test boundaries determines the limitations associated with the penetration testing assignment. These can be a limitation of technology, knowledge, or a formal restriction on the client's IT environment.
- Defining business objectives is a process of aligning business view with technical objectives of the penetration testing program.
- Project management and scheduling directs every other step of the penetration testing process with a proper timeline for test execution. This can be achieved by using a number of advanced project management tools.
It is highly recommended to follow the scope process in order to ensure test consistency and greater probability of success. Additionally, this process can also be adjusted according to the given situation and test factors. Without using any such process, there will be a greater chance of failure, as the requirements gathered will have no proper definitions and procedures to follow. This can lead the whole penetration testing project into danger and may result in unexpected business interruption. Paying special attention at this stage to the penetration testing process would make an excellent contribution towards the rest of the test phases and clear the perspectives of both technical and management areas. The key is to acquire as much information beforehand as possible from the client to formulate a strategic path that reflects multiple aspects of penetration testing. These may include negotiable legal terms, contractual agreement, resource allocation, test limitations, core competencies, infrastructure information, timescales, and rules of engagement. As a part of best practices, the scope process addresses each of the attributes necessary to kickstart our penetration testing project in a professional manner.
As we can see in the preceding screenshot, each step constitutes unique information that is aligned in a logical order to pursue the test execution successfully. Remember, the more information that is gathered and managed properly, the easier it will be for both the client and the penetration testing consultant to further understand the process of testing. This also governs any legal matters to be resolved at an early stage. Hence, we will explain each of these steps in more detail in the following section.
- Creo Parametric 8.0中文版基礎入門一本通
- 持續演進的Cloud Native:云原生架構下微服務最佳實踐
- 性能測試從零開始
- 創意UI:Photoshop玩轉移動UI設計
- Photoshop CC 2018實用教程
- Protel DXP 2004 SP2原理圖與PCB設計(第4版)
- VMware虛擬化與云計算:vSphere運維卷
- Photoshop CC超級學習手冊
- 3ds Max/VRay室內設計材質、燈光與建模速查超級手冊
- Premiere Pro 2022從新手到高手
- Spring Web Flow 2 Web Development
- SolidWorks 2008機械設計一冊通
- InDesign平面設計案例教程:從設計到印刷
- Maya建模技術解析
- 計算機·手機生活應用