1. Plan

A sound plan for your Penetration Test will help to keep you focused throughout the process.

Understand the client's scope

Understand why your client wants a Penetration test. Primarily, answer the popular 5 Ws and H (Who, What, Why, Where, When, and How). Understanding their motivation and requirements will help you choose a strategy, set realistic timelines, meet expectations, outline limitations and request additional information you may need.

Choose a strategy

Once you understand your client's requirements, you can choose an appropriate strategy. Typically, there are four (4) strategies :

White Box - Client shares several confidential details to help identify and enumerate targets and infrastructure.

Grey Box - Client shares LIMITED confidential details about targets (IPs, domains, minimal infrastructure details).

Black Box - The Client does not share confidential identifying details about targets (real world attacking scenario).