Chapter 3

Developing Your Security Testing Plan

IN THIS CHAPTER

Bullet Setting security testing goals

Bullet Selecting which systems to test

Bullet Developing your testing standards

Bullet Examining hacking tools

As an IT or information security professional, you must plan your security assessment efforts before you start. Making a detailed plan doesn’t mean that your testing must be elaborate — just that you’re clear and concise about what to do. Given the seriousness of vulnerability and penetration testing, you should make this process as structured as possible.

Even if you test only a single web application or workgroup of computers, be sure to take the critical steps of establishing your goals, defining and documenting the scope of what you’ll be testing, determining your testing standards, and gathering and familiarizing yourself with the proper tools for the task. This chapter covers these steps to help you create a positive environment to set yourself up for success.

Establishing Your Goals

You can’t hit a target you can’t see. Your testing plan needs goals. The main goal of vulnerability and ...

Get Cybersecurity All-in-One For Dummies now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial