Infrastructure Scoping

Infrastructure

Details

  1. What are the objectives of the assessment?

  2. Who will act as a secondary contact?

  3. Are there any constraints?

  4. Is the test going to be executed from unauthenticated blackbox or authenticated perspective whitebox?

  5. Is active exploitation of vulnerabilities permitted?

  6. What are the IP addresses and host names of the systems in scope?

  7. What are the operating system/s?

  8. Are there any sensitive systems that require a different a less aggressive approach?

  9. Standard user credentials and admin/root level credentials are needed

  10. Are the systems reachable from Vodafone UK Corporate network? If not can the project set up a jumphost or kali within the network?

  11. Any HLD? (High Level Design)

PreviousGeneral Scoping ThoughtsNextAPI Scoping

Last updated