O'Reilly logo

Penetration Testing Services Procurement Guide by CREST

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

A STRUCTURED APPROACH FOR PROCURING PENETRATION TESTING SERVICES

Stage A – Determine the business requirements for testing

  • Overview
  • Evaluate the drivers for conducting a penetration test
  • Identify target environment
  • Define the purpose of the penetration test
  • Produce requirements specification

Stage B – Agree testing scope

  • Overview
  • Determine testing style (eg. black, grey or white box testing)
  • Agree testing type (eg. web application or infrastructure testing)
  • Identify testing constraints
  • Produce scope statement

Stage C – Establish a management assurance framework

  • The need for a management assurance framework
  • Establish an assurance process
  • Define and agree contracts
  • Understand and mitigate risks
  • Introduce change management
  • Agree a problem resolution ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required