- BackTrack 4: Assuring Security by Penetration Testing
- Shakeel Ali Tedi Heriyanto
- 524字
- 2021-04-09 21:21:00
Part II. Penetration Testers Armory
Chapter 3. Target Scoping
Target Scoping is defined as an empirical process for gathering target assessment requirements and characterizing each of its parameters to generate a test plan, limitations, business objectives, and time schedule. This process plays an important role in defining clear objectives towards any kind of security assessment. By determining these key objectives one can easily draw a practical roadmap of what will be tested, how it should be tested, what resources will be allocated, what limitations will be applied, what business objectives will be achieved, and how the test project will be planned and scheduled. Thus, we have combined all of these elements and presented them in a formalized scope process to achieve the required goal. Following are the key concepts which will be discussed in this chapter:
- Gathering client requirements deals with accumulating information about the target environment through verbal or written communication.
- Preparing test plan depends on different sets of variables. These may include shaping the actual requirements into structured testing process, legal agreements, cost analysis, and resource allocation.
- Profiling test boundaries determines the limitations associated with the penetration testing assignment. These can be a limitation of technology, knowledge, or a formal restriction on the client's IT environment.
- Defining business objectives is a process of aligning business view with technical objectives of the penetration testing program.
- Project management and scheduling directs every other step of the penetration testing process with a proper timeline for test execution. This can be achieved by using a number of advanced project management tools.
It is highly recommended to follow the scope process in order to ensure test consistency and greater probability of success. Additionally, this process can also be adjusted according to the given situation and test factors. Without using any such process, there will be a greater chance of failure, as the requirements gathered will have no proper definitions and procedures to follow. This can lead the whole penetration testing project into danger and may result in unexpected business interruption. Paying special attention at this stage to the penetration testing process would make an excellent contribution towards the rest of the test phases and clear the perspectives of both technical and management areas. The key is to acquire as much information beforehand as possible from the client to formulate a strategic path that reflects multiple aspects of penetration testing. These may include negotiable legal terms, contractual agreement, resource allocation, test limitations, core competencies, infrastructure information, timescales, and rules of engagement. As a part of best practices, the scope process addresses each of the attributes necessary to kickstart our penetration testing project in a professional manner.
As we can see in the preceding screenshot, each step constitutes unique information that is aligned in a logical order to pursue the test execution successfully. Remember, the more information that is gathered and managed properly, the easier it will be for both the client and the penetration testing consultant to further understand the process of testing. This also governs any legal matters to be resolved at an early stage. Hence, we will explain each of these steps in more detail in the following section.
- 中文版AutoCAD 2016從入門到精通
- Photoshop CC超級學習手冊
- Cinema 4D電商美工與視覺設計案例教程(培訓教材版)
- SPSS 28.0統計分析從入門到精通(升級版)
- 剪映視頻后期剪輯零基礎入門到精通
- 輕松玩轉3D One AI
- Adobe創意大學Photoshop CS5 產品專家認證標準教材
- 人人都能玩賺AI繪畫
- 音樂制作7天速成:Cubase編曲教程
- Photoshop 2020實戰從入門到精通(超值版)
- 剪映:零基礎輕松掌握手機剪輯短視頻
- Maya Paint Effect 特效應用手冊
- EJB 3.1 Cookbook
- Oracle Modernization Solutions
- Illustrator CS6平面設計案例教程(微課版)