Target Scoping

Target Scoping

is defined as an empirical process for gathering target assessment

requirements and characterizing each of its parameters to generate a test plan,

limitations, business objectives, and time schedule. This process plays an important

role in defining clear objectives towards any kind of security assessment. By

determining these key objectives one can easily draw a practical roadmap of what

will be tested, how it should be tested, what resources will be allocated, what

limitations will be applied, what business objectives will be achieved, and how the

test project will be planned and scheduled. Thus, we have combined all of these

elements and presented them in a formalized

goal. Following are the key concepts which will be discussed in this chapter:

scope process to achieve the required

•

the target environment through verbal or written communication.

Gathering client requirements deals with accumulating information about

•

include shaping the actual requirements into structured testing process, legal

agreements, cost analysis, and resource allocation.

Preparing test plan depends on different sets of variables. These may

•

penetration testing assignment. These can be a limitation of technology,

knowledge, or a formal restriction on the client's IT environment.

Profiling test boundaries determines the limitations associated with the

•

technical objectives of the penetration testing program.

Defining business objectives is a process of aligning business view with

•

penetration testing process with a proper timeline for test execution. This

can be achieved by using a number of advanced project management tools.

It is highly recommended to follow the scope process in order to ensure test

consistency and greater probability of success. Additionally, this process can also

be adjusted according to the given situation and test factors. Without using any

such process, there will be a greater chance of failure, as the requirements gathered

will have no proper definitions and procedures to follow. This can lead the whole

penetration testing project into danger and may result in unexpected business

interruption. Paying special attention at this stage to the penetration testing process

would make an excellent contribution towards the rest of the test phases and clear

the perspectives of both technical and management areas. The key is to acquire as

much information beforehand as possible from the client to formulate a strategic

path that reflects multiple aspects of penetration testing. These may include

negotiable legal terms, contractual agreement, resource allocation, test limitations,

core competencies, infrastructure information, timescales, and rules of engagement.

As a part of best practices, the scope process addresses each of the attributes

necessary to kickstart our penetration testing project in a professional manner.

As we can see in the preceding screenshot, each step constitutes unique information

that is aligned in a logical order to pursue the test execution successfully. Remember,

the more information that is gathered and managed properly, the easier it will be for

both the client and the penetration testing consultant to further understand the process

of testing. This also governs any legal matters to be resolved at an early stage. Hence,

we will explain each of these steps in more detail in the following sectionProject management and scheduling directs every other step of the

Posted in: