46 lines
1.1 KiB
Markdown
46 lines
1.1 KiB
Markdown
|
|
||
|
## Target Audience
|
||
|
|
||
|
- Identify targets of the engagement
|
||
|
- Identify scope and size of the engagement
|
||
|
|
||
|
|
||
|
## Objective
|
||
|
|
||
|
Asses reasons for the assessment. Security, risk assessments, customer personal data protection, etc.
|
||
|
|
||
|
|
||
|
## Compliance
|
||
|
|
||
|
Establish guidelines (or necessity) for compliance with internal and external regulations.
|
||
|
Example: PCI DSS
|
||
|
|
||
|
## Resources
|
||
|
|
||
|
1. Define budgeting requirements for the campaign.
|
||
|
2. Identify target's accessibility:
|
||
|
- Physical access
|
||
|
- Remote access
|
||
|
- Tooling required
|
||
|
|
||
|
## Communication Plan
|
||
|
|
||
|
1. Aquire Trusted Agent(s) within the company for trusted communication
|
||
|
2. Establish communication guidelines and information access control rules during engagement (who knows what)
|
||
|
|
||
|
|
||
|
## Product/Report
|
||
|
|
||
|
Establish reporting guidelines
|
||
|
[Report Template](./templates/pentest-report-template.md)
|
||
|
|
||
|
|
||
|
## Technical Constraints
|
||
|
|
||
|
Identify and establish all technical restrictions during the engagement. What parts of the infrastructure is tested and what is out of scope.
|
||
|
|
||
|
## Comprehensiveness
|
||
|
|
||
|
Identify specifics on the engagement, what parts of the infrastructure is tested, what type of vulnerabilities, etc.
|
||
|
|