Preparing for the Pen Test
IN THIS CHAPTER
Taking care of upfront tasks
Determining the requirements of a test
Choosing a scan type and the appropriate tools
Knowing when and how to not go through with it
Becoming familiar with types of attacks and a pen tester’s tools are necessary early steps to using those tools to protect a company’s assets against hackers and their nefarious intentions. Before you dive into the testing, assessing, and preventing, however, there are certain preparatory tasks to take care of.
In addition to knowing what attack type you’re exploring and what tools you need to use to do that, you must understand your role, which systems you’re testing (or not), and what the stakeholder’s goals and expectations are. I cover all of that in this chapter and more, including what to do if you have to end a test before it even gets started.
Handling the Preliminary Logistics
Before you get to the part where you will do any pen testing, you must work out certain logistical details, including getting permission to do the tests. This section highlights and explains ...