Читать книгу CompTIA Pentest+ Certification For Dummies - Glen E. Clarke - Страница 63

It is important to identify the types of environments that are included within the penetration test. For example, some penetration tests may only include networking assets on the on-premises network, while other penetration tests may only test the web applications used by the company. Following is a list of common environments to include or exclude in a penetration test:

 Network: The network environment could include assets on the local area network (LAN), the wide area network (WAN), and public Internet resources such as DNS servers, web servers, and email servers that are hosted on-premises.

 Applications: A penetration test may include applications used by the company. This could be web applications (websites) running inside the LAN or they could be Internet applications. Many applications make calls to APIs, so check into whether testing of the API is to be included in the pentest.

 Cloud: Many businesses today have moved to hosting their assets in the cloud, such as email servers, web servers, and database servers. Determine if any assets are in the cloud and if these assets should be tested. If there are cloud assets, be sure to get authorization from the cloud provider to perform the pentest on those assets.