Читать книгу CompTIA Pentest+ Certification For Dummies - Glen E. Clarke - Страница 79
Scheduling
ОглавлениеWhen discussing the details of the pentest with the customer during the pre-engagement phase, be sure to determine when the penetration test is to occur. Generally, pentests are scheduled to occur during any of the following timeframes:
During work hours (for example, 8 a.m. to 5 p.m.)
After work hours (for example, 6 p.m. to 6 a.m.)
On weekends (for example, 8 a.m. to 12 a.m.)
Be sure your emergency contacts are readily available during the penetration testing hours so that you can contact the appropriate person should any issues arise during the penetration test.
When preparing the budget, be sure to have a schedule set up for how long it will take to perform the penetration test. Table 2-1 illustrates a sample schedule, but know that the schedule will vary depending on the size of the organization being assessed and the number of resources you have available to perform the penetration test.
TABLE 2-1 A Sample Pentest Schedule
| Activity | Activity Name | Duration(Days) |
|---|---|---|
| 1 | Initial preparation | 3 |
| 2 | Planning and scoping | 3 |
| 3 | Kick-off meeting | 1 |
| 4 | Initial assessment of environment | 3 |
| 5 | Information gathering | 5 |
| 6 | Vulnerability assessment | 5 |
| 7 | Exploitation of systems | 5 |
| 8 | Physical security assessment | 3 |
| 9 | Wireless security assessment | 3 |
| 10 | Post-exploitation | 3 |
| 11 | Clean-up | 3 |
| 12 | Report preparation | 5 |
| 13 | Report delivery and project closing | 1 |
