Defining the scope of pentesting

Before we get into pentesting, the scope of pentesting should be defined. The following points should be taken into account while defining the scope:

• You should develop the scope of the project by consulting with the client. For example, if Bob (the client) wants to test the entire network infrastructure of the organization, then pentester Alice would define the scope of pentesting by taking this network into account. Alice will consult Bob on whether any sensitive or restricted areas should be included or not.
• You should take into account time, people, and money.
• You should profile the test boundaries on the basis of an agreement signed by the pentester and the client.
• Changes in business practice might affect the scope. For example, the addition of a subnet, new system component installations, the addition or modification of a web server, and so on, might change the scope of pentesting.

The scope of pentesting is defined in two types of tests:

• A non-destructive test: This test is limited to finding and carrying out the tests without any potential risks. It performs the following actions:
  • Scans and identifies the remote system for potential vulnerabilities
  • Investigates and verifies the findings
  • Maps the vulnerabilities with proper exploits
  • Exploits the remote system with proper care to avoid disruption
  • Provides a proof of concept
  • Does not attempt a Denial-of-Service (DoS) attack
• A destructive test: This test can produce risks. It performs the following actions:
  • Attempts a DoS attack and a buffer overflow attack, which have the potential to bring down the system