上QQ阅读APP看书，第一时间看更新

Scoping

This component defines what will be tested. Here, the key is in finding a balance between time, cost, and the goals of the business. It's important to note that everything agreed upon during the scope must be clearly documented and all legal implications must be considered.

During this component, you will ask questions such as the following:

What is the number of IP address ranges or systems that will be tested?
Does the penetration test cover physical security, wireless networks, application servers, social engineering, and so on?
What is off-limits for the penetration test? The business might have mission-critical systems that could lead to loss of revenue if these are affected by the penetration test.
Will the penetration test be onsite or offsite?
Are there any third-party servers that are in the scope of the penetration test?
Are you performing a white-box, grey-box, or black-box penetration test?

The questions listed do not cover everything, and the questions will vary per client. To get a more comprehensive list of the type of questions you should consider, you can refer to the PTES Standard at http://www.pentest-standard.org/index.php/Pre-engagement.

White-box testing gives you complete open access to systems, code, network diagrams, and so on. It provides more comprehensive results that are not available to average attackers.

Grey-box testing gives you some sort of information about the internal systems; the aim is to obtain information from the viewpoint of an attacker who has already breached the system.

Black-box testing does not provide you with any information or access to the network. This type of test is more practical, as you simulate an external attacker.

While you work on scoping your penetration test, be very careful of scope creep. Scope creep is any additional work that is not agreed upon during the initial scope. It introduces risks to your penetration test, which can lead to loss of revenue for you, an unsatisfied client, and even legal implications. Scope creep is a trap that you can easily fall into.

Keep in mind the cost of a penetration test when in the scoping phase. Penetration test prices vary depending on what needs to be tested. For example, testing a complex web application will require a lot more time and effort, therefore the cost will be a lot more when compared to a simple network penetration test. The regularity with which you conduct the penetration test is another factor that affects the cost.