Читать книгу CompTIA PenTest+ Certification For Dummies - Glen E. Clarke - Страница 55

During the pre-engagement activities, it is important to determine the target audience for the penetration test and the reason the pentest is being performed. Many companies state that the primary goal of the penetration test is to verify that their systems are secure by seeing how they hold up to real-world attacks. Another goal may be to see how the security team (known as the blue team) defends against the attacks, and to verify the effectiveness of the security controls in place (such as intrusion detection systems and firewalls). As a secondary goal, the company may need to be compliant to regulations stating that the company must have a penetration test performed regularly.

It is important to know why the pentest is being performed, but also who it is being performed for. The pentest report will need to be written to satisfy the goals of the pentest and be written to include information for the intended audience. For example, upper-level management may just want an executive summary that states how the company held up to the pentest, while the network administrators and security team may want more details on the vulnerabilities that still exist within their systems.