scope-worksheet.rtf

(40 KB) Pobierz

Scope Worksheet:

What are the target organization's biggest security concerns:

(Examples include disclosure of sensitive information, interruption of production processing, embarrassment due to website defacement, etc.)

_______________________________________________________________________

What specific hosts, network address ranges, or applications should be tested:

_______________________________________________________________________

What specific hosts, network address ranges, or applications should explicitly NOT be tested:

_______________________________________________________________________

List any third parties that own systems or networks that are in scope as well as which systems they own (written permission must have been obtained in advance by the target organization):

_______________________________________________________________________

Will the test be performed against a live production environment or a test environment:

______________________________________________________________________

Will the penetration test include the following testing techniques:

Ping sweep of network ranges: ____________________________________________

Port scan of target hosts: _________________________________________________

Vulnerability scan of targets: ______________________________________________

Penetration into targets: __________________________________________________

Application-level manipulation: ____________________________________________

Client-side Java/ActiveX reverse engineering: _________________________________

Physical penetration attempts: ______________________________________________

Social engineering of people: _______________________________________________

Other: _________________________________________________________________

_______________________________________________________________________

Will penetration test include internal network testing: ____________________________

If so, how will access be obtained: ___________________________________________

________________________________________________________________________

Are client/end-user systems included in scope: _________________________________

If so, how may clients be leveraged: __________________________________________

________________________________________________________________________

Is social engineering allowed: _______________________________________________

If so, how may it be used: __________________________________________________

________________________________________________________________________

Are Denial of Service attacks allowed: _____________________________________

Are Dangerous checks/exploits allowed: ____________________________________

______________________________________________________________

Signature of Primary Contact representing Target Organization

____________________________

Date

______________________________________________________________

Signature of Head of Penetration Testing Team

____________________________

Date

Plik z chomika:

wasylziomek

Inne pliki z tego folderu:

Kali-Linux-Revealed-1st-edition.pdf (10081 KB)
a-resource-guide.pdf (114 KB)
CEH Ethical Hacking Course.iso (3465722 KB)
CEH Exam practice questions 312-50.pdf (333 KB)
gray-hat-hacking.pdf (12500 KB)

scope-worksheet.rtf

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: