IN THIS CHAPTER

Taking care of upfront tasks

Determining the requirements of a test

Choosing a scan type and the appropriate tools

Knowing when and how to not go through with it

Becoming familiar with types of attacks and a pen tester’s tools are necessary early steps to using those tools to protect a company’s assets against hackers and their nefarious intentions. Before you dive into the testing, assessing, and preventing, however, there are certain preparatory tasks to take care of.

In addition to knowing what attack type you’re exploring and what tools you need to use to do that, you must understand your role, which systems you’re testing (or not), and what the stakeholder’s goals and expectations are. I cover all of that in this chapter and more, including what to do if you have to end a test before it even gets started.

Handling the Preliminary Logistics

Before you get to the part where you will do any pen testing, you must work out certain logistical details, including getting permission to ...