Step 1: Target Scoping
These are most likely the step when we first want to scop our target.
1. Gathering Client Requirements
Gathering client requirements provide a practical guideline on what information should be gathered from a client or customer in order to conduct the penetration testing successfully. Covering the data on types of penetration testing, infrastructure information, organization profile, budget outlook, time allocation, and the type of deliverables are some of the most important areas that should be cleared at this stage.
2. Preparing Test Plan
Preparing a test plan combines structured testing process, resource allocation, cost analysis, non-disclosure agreement, penetration testing contract, and rules of engagement. All these branches constitute a step-by-step process to prepare a formal test plan which should reflect the actual client requirements, legal and commercial prospects, resource and cost data, and the rules of engagement. Additionally, we have also provided an exemplary type of checklist which can
be used to ensure the integrity of a test plan.
3. Profiling Test Boundaries
Profiling test boundaries provides a guideline on what type of limitations and restrictions may occur while justifying the client requirements. These can be in the form of technology limitation, knowledge limitation, or other infrastructure restrictions posed by the client to control the process of penetration testing. These test boundaries can clearly be identified from the client requirements. There are certain procedures which can be followed to overcome these limitations.
4. Defining Business Objectives
Defining business objectives focus on key benefits that a client may get from the penetration testing service. This section provides a set of general objectives that is structured according to the assessment criteria and the industry achievement.
5. Project Management and Scheduling
Project management and scheduling is a vital part of a scope process. Once all the requirements have been gathered and aligned according to the test plan, it's time to allocate proper resources and timescale for each identified task.
The purpose of target scoping itself is to specify our target so that we can focus only on a particular target.
These are most likely the step when we first want to scop our target.
1. Gathering Client Requirements
Gathering client requirements provide a practical guideline on what information should be gathered from a client or customer in order to conduct the penetration testing successfully. Covering the data on types of penetration testing, infrastructure information, organization profile, budget outlook, time allocation, and the type of deliverables are some of the most important areas that should be cleared at this stage.
2. Preparing Test Plan
Preparing a test plan combines structured testing process, resource allocation, cost analysis, non-disclosure agreement, penetration testing contract, and rules of engagement. All these branches constitute a step-by-step process to prepare a formal test plan which should reflect the actual client requirements, legal and commercial prospects, resource and cost data, and the rules of engagement. Additionally, we have also provided an exemplary type of checklist which can
be used to ensure the integrity of a test plan.
3. Profiling Test Boundaries
Profiling test boundaries provides a guideline on what type of limitations and restrictions may occur while justifying the client requirements. These can be in the form of technology limitation, knowledge limitation, or other infrastructure restrictions posed by the client to control the process of penetration testing. These test boundaries can clearly be identified from the client requirements. There are certain procedures which can be followed to overcome these limitations.
4. Defining Business Objectives
Defining business objectives focus on key benefits that a client may get from the penetration testing service. This section provides a set of general objectives that is structured according to the assessment criteria and the industry achievement.
5. Project Management and Scheduling
Project management and scheduling is a vital part of a scope process. Once all the requirements have been gathered and aligned according to the test plan, it's time to allocate proper resources and timescale for each identified task.
The purpose of target scoping itself is to specify our target so that we can focus only on a particular target.
No comments:
Post a Comment