Chapter 3. Creating a Test Plan

Failing to prepare is preparing to fail.

—John Wooden (Former head coach, UCLA men’s basketball team)

As with all great projects, success comes with having a solid methodical plan. Penetration testing is not about jumping into a security assessment project by running several tools at random. Penetration testing is about creating a methodical, step-by-step plan that details exactly what you are going to do, when you are going to do it, and how.

This chapter outlines the steps needed to create a methodical plan, from narrowing the scope of the project, to using the Open-Source Security Testing Methodology Manual (OSSTMM), and finally to writing up the testing report.

Step-by-Step Plan

Every good penetration test ...

Get Penetration Testing and Network Defense now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.