Rules of engagement
During your business meeting with the client (target organization), ensure that both you and the client understand the RoE prior to the actual penetration test. The RoE is simply a document created by the service provider (penetration tester) that outlines what types of penetration test are to be conducted, as well as some other specifics. These include the area of the network to be tested, as well as the targets on the network, such as servers, networking devices, and workstations. To put it simply, the RoE defines the manner in which the penetration test should be conducted and indicate any boundaries in relation to the target organization.
Ensure that you have obtained key contact information for the person within the ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access