Please enable JavaScript.
Coggle requires JavaScript to display documents.
Pen test Project (Planning & Scoping) (Scoping (Preminger Approach…
Pen test Project (Planning & Scoping)
Start with a strategy
Planning
Impacts
Contraints
Technical Constraints
Scoping
Goal-based Assessment
Objectives-based Assessment
Considerations
Compliance-based
Preminger Approach
Targets
Users/Internal/Physical/External
Supply Chain
Watch out for scope creep
Always keep an eye on this
More work = increase in scope
Rules of Engagement
Know your target audience
Project Management
Test Scope
Physical
Technical
Personal
Target Limitations
Pentesting Risks
Communication Path
Resources
What does each party provide?
Protect the findings
Support Resources
Budget
Each section cost?
More Tests = More Money!
Impacts resources
Architectural Diagram
Diagrams of Networks, etc
Legal Groundwork
Contracts
Master Service Agreement
Non-Disclosure Agreement
Environmental Differences
Local Resources
Written Authorisation
Obtain authorised signature
Third Party Permission when necessary
Resource Permission
Project Strategy Risks
White-Listed?
WAF?
NAC?
Security Exceptions
Black-Listed?
Black Box?
Grey Box?
White Box?
Schedule
Limit?
When?
How?