Searching for something specific?
WHAT SORT OF PROCESS MIGHT WE UNDERGO FOR A SCOPING TEST RELATED TO PENETRATION TESTING?
This webpage was last updated in 2024
Excellent Question! Let us try answer that for you.
Each client’s technical status is unique, and so is their social status, as a matter of fact, and yes, social engineering is taken into consideration. For most of our services, we ask to have a consult to get to know a client first.
Here are some examples of points we might go through for Penetration testing.
Don't like to read?
General Scoping:
- What are the objectives of this testing?
- What are the primary functions and services provided by the website, PC, and server?
- Are there any critical business operations or data handled by these assets?
- Do you have any existing security policies or guidelines that should be adhered to during testing?
- Have any previous security assessments or pentests been conducted on these assets? If so, can you share the findings?
- Are there any specific areas or functionalities that you want us to focus on during the testing?
- Are there any areas that should be excluded from the testing scope?
- Are there any specific deadlines or timeframes for the completion of the testing and reporting?
- Are there any restrictions on the testing times, such as only during business hours or off-hours?
- Who will be the primary point of contact for coordination and communication during the engagement?
- Are there any types of testing that should be explicitly excluded from the scope, such as DDoS attacks, social engineering, or physical security tests?
- Are there any specific systems, applications, or data that should not be tested?
External (Website) Scoping:
- What is the URL of the website to be tested?
- Are there any subdomains or additional web applications associated with this website?
- What technologies and frameworks are used to build the website (e.g., CMS, programming languages)?
- Are there any APIs or third-party integrations involved?
- How many different user roles are there on the website (e.g., admin, user, guest)?
- Are there specific accounts that can be used for testing different user roles?
Internal (2 IPs) Scoping:
- What is the operating system and version running on the PC?
- Are there any specific applications or software installed that are critical for business operations?
- What is the purpose and role of the server in your infrastructure?
- What operating system and version is the server running?
- Are there any specific services or applications running on the server that need to be tested?
- Are there multiple servers or instances that should be included in the scope?
- Will remote access (e.g., RDP) be provided for the internal testing of the PC?
- Will SSH access be provided for testing the server?
- Are there any network segmentation or firewall rules that need to be considered during the testing?
- Can a Parrot OS Linux box be set up in the internal network for testing purposes? If so, please provide details on how access to this box will be granted and any specific configurations or restrictions to be aware of (SSH preferably).
- Are there any specific indicators of compromise or suspicious activities that need to be investigated during the digital forensics process for the server and PC?
Do you need help with PENETRATION TESTING? You can contact us on action@cyberdefenders.co.za or whatsapp +27795018735, or use our Immediate Action Request Form.
Disclaimer: While we make every effort to ensure the information on this website is accurate, we cannot accept liability for incorrect or outdated information or information applied to a situation without a formal consultation having taken place. If you are in need of cyber safety or related services, it is best that you book a consultation with our team so we can assess your unique situation and ensure we are dispensing the most up to date and most appropriate advice for you.
Our job and the services we offer are to assess, consult, prepare, roll out, and support individuals and businesses. If you have any requests for any cyber safety services, please use our Immediate Action Request Form, and you will get a response within 4 working hours.