Читать книгу CompTIA Pentest+ Certification For Dummies - Glen E. Clarke - Страница 49

EXAM OBJECTIVES

Understanding key legal concepts

Scoping the project and identifying the rules of engagement

Defining targets and ensuring acceptance to risk

Scheduling and handling scope creep

Good penetration testers know that before starting a penetration test, they must spend time with the customer scoping out the project and setting the rules of engagement. Planning and scoping is a critical phase of the pentest process, as too often penetration testers dive right into trying to compromise systems without giving any thought to the ramifications of their actions. Not planning the penetration test properly can result in crashing the customer’s systems or network (causing loss in production and revenue) and triggering intrusion detection systems. A lack of planning can also create legal problems due to a failure to obtain proper authorization to perform the penetration test.

In this chapter, you learn the importance of planning for the penetration test by jumping into the first phase of the CompTIA penetration testing process: planning and scoping.