Question

In: Computer Science

What document should be signed prior to beginning a pen test?

What document should be signed prior to beginning a pen test?

Solutions

Expert Solution

According to The Penetration Testing Execution Standard Documentation, Release 1.1 following are the documents which should be signed prior to conducting any penetration testing.?

1. Metrics For Time Estimation:  

For a tester it should be well documented and signed statement of work specifying of amount of work and hours required if you reached the deadline of testing or incase if additional testing is required after deadline of testing.

2. Scoping Meeting:

There can be situation and cases when the scoping meeting will happen after the contract has been signed. And there can be case when scope related topic can be discussed before contract signed, but they nearly imapcts however, for those conditions it is required that a non-disclosure agreement be signed before any deep scoping meetings happen.

3. Additional Support Based Hourly Rate :

For any additional work done out of the scope It is recommended to have a signed and counter-signed Statement of Work (SOW).

4.Permission to test :

This is the most important documents which is recommended for conducting a penetration test which is known as Permission to Test document. This document defines the scope and has a signature which acknowledges awareness of the activities of the testers. And it must mention neatly that testing may lead to loose the system stability and all these situation will be handelled by the tester to not crash systems in the process. It is necessary that testing does not start until this document is signed by the customer. It also mentions that even in process of testing if system got crashes or go unstable tester will not be liable.

5. Protecting Yourself :

It is recommended by the guidelines that before begining the penetration test a tester cover all his bases with clients and discuss the possible situations can happen with client, tester and provider.

It is recommended to have a contract or statement of work to be signed by both client and provider that the actions taken on the system in process of testing are on behalf of client.

For additional information it is recommended to have a clear understanding and study of the documentation The Penetration Testing Execution Standard Documentation, Release 1.1.


Related Solutions

What is the difference between the wilcoxon signed test and the normal sign test?
What is the difference between the wilcoxon signed test and the normal sign test?
What should be included on a Design Overlays and DesignRationale on a document for a...
What should be included on a Design Overlays and Design Rationale on a document for a website?
What are the benefits of Pen Testing?
What are the benefits of Pen Testing?
WILCOXON SIGNED RANK TEST (a)2 Describe the Wilcoxon signed rank test briefly. How does it do...
WILCOXON SIGNED RANK TEST (a)2 Describe the Wilcoxon signed rank test briefly. How does it do it? (b)2 State the null and the alternative hypothesis. (c)2 State the assumptions. (d)2 State the formula for the test statistic. (e)2 State the rejection rule with (How to reject the null hypothesis) (f)5 Give an real life example of how we can use the Wilcoxon signed rank test (with calculations).
When should a beginning balance be used for a new account, and what date should be used for the beginning balance?
When should a beginning balance be used for a new account, and what date should be used for the beginning balance? Using Quickbooks online
Prior to testing for sulfur, nitrogen and halogens, the sodium fusion test is used. What is...
Prior to testing for sulfur, nitrogen and halogens, the sodium fusion test is used. What is the effect of inadequate heating in the sodium fusion test? Does it have something to do with making sure all the contents are completely charred and if so why? Thank you :)
As a nurse what are the three baseline assessmens you should obtain prior to the administration...
As a nurse what are the three baseline assessmens you should obtain prior to the administration of pain medication?
Write up a document explaining the Markowitz model and Black-Litterman model. The document should be in...
Write up a document explaining the Markowitz model and Black-Litterman model. The document should be in PDF format. Note that Word 2010 and 2013 can save in / print to PDF format. About 500-1000 words (2-4 pages double-spaced) is fine. You can use the example in the Excel template if you feel that helps you explain more clearly. Note that detailed mathematical explanations or derivations are not required. The document should explain i) what the Markowitz model would suggest that...
what tools did you obtain prior to beginning the focused assessment on a virtual client who...
what tools did you obtain prior to beginning the focused assessment on a virtual client who has a musculoskeletal health alteration
Advair -What is the difference between albuterol and Advair? -What physical assessments should be done prior...
Advair -What is the difference between albuterol and Advair? -What physical assessments should be done prior to administering this medication? -What assessments should be done to ascertain whether a patient is developing signs and symptoms of toxicity?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT