Pre-Attack Phase: Scope of a Penetration Test Flashcards
General notes:
Video header:
The scope of the penetration test should be defined to ensure that requirements are fulfilled and objectives are met.
- always be sure to map out the entirety of the work you’ll be doing so that you can properly price it. Much, much more often than not, things will seem more easily accomplishable on the surface than they are in actuality, so always be certain of your pay to work ratio or you might end up trapping yourself into a contract that’ll force you into an absolutely heinous amount of labor for very unsubstantial pay.
- if you back out of a contract, then that’s a definite mark on your professional reputation which can cost you an inordinate amount of work down the line. This is a competitive industry, you need to be careful.
Deliverables:
This is your final report. The result of all your labor and findings clearly laid out for the viewing of your client so that they might benefit from the work you’ve done within their system. Without full actionable documentation, there is no reason for someone to hire you, because if they can’t view your findings, then they have no way of benefiting from those findings, and as such, there is no benefiting in hiring you.
Functionality:
This is a verification that the system you are pen-testing works as intended.
Technical Structure:
The overlaying design of the project (created by you), usually presented through diagrams.
- you’ll need to clearly present the data you’ve accumulated through the testing to your client, and it’s a very good idea to set up a technical structure so that all aspects of the project are able to be easily understood (or as easy to understand as possible).