当前位置:首页 > 编程语言 > Penetration Test - Planning and Scoping(2)

Penetration Test - Planning and Scoping(2)

2021-01-18 21:17

阅读:659

标签:Plan   man   off   stand   osi   rms   hat   exec   ora   

Penetration Test - Planning and Scoping(2)

TARGET AUDIENCE AND ROE

  • Know your target audience
    • Who is sponsoring the pen test?
    • What is the purpose of the test?
  • Rules of engagement - governs the pen tester‘s activities
    • Schedule - start, stop, temporal restrictions
    • Team composition, location, access
  • Test scope
    • Technical/physical/personnel
    • Target limits (inclusion, invasiveness, etc.)

Communication - How, When, Why

COMMUNICATION ESCALATION PATH

  • Risks of pen testing
    • Crashing devices, services, whole servers
    • Corrupting data
    • Degrading performance
    • Terms of Service(TOS)/regulation/legislation violation
  • Communication escalation path
    • Who to contact if thins go wrong
    • Communication expectations(content, trigger, frequency)

QUICK REVIEW

  • Know who is sponsoring the pen test and why
  • Know what kind of tests can you execute and what is off-limits
  • Understand pen test risks
  • Plan to communicate and know who to call and when

Penetration Test - Planning and Scoping(2)

标签:Plan   man   off   stand   osi   rms   hat   exec   ora   

原文地址:https://www.cnblogs.com/keepmoving1113/p/13341306.html

上一篇:"services \"kubernetes-dashboard\" not found"

下一篇:ASP.NET MVC之从控制器传递数据到视图

文章来自:搜素材网编程语言模块,转载请注明文章出处。
文章标题:Penetration Test - Planning and Scoping(2)
文章链接:http://soscw.com/index.php/essay/43821.html

评论

亲,登录后才可以留言!

热门文章

推荐文章

最新文章

置顶文章

关于我们 | 版权声明 | 常见问题 | 素材投稿 | 联系我们 | 网站地图 |
搜素材网素材除本站原创外均由用户分享,若发现权利被侵害,请联系及时联系我们,我们会在第一时间进行处理。
特别说明:本站所有资源除本站原创外仅供学习与参考,请勿用于商业用途,如有侵犯您的版权请联系客服服务QQ:点击这里给我发消息
Copyright © 2024 soscw.com 搜素材网素材网版权所有 蜀ICP备18015633号-1