Rules of Engagement - Checklist
Checkpoint | Contents |
| Description of this document. |
| Company name, contractor full name, job title. |
| Company name, pentesters full name. |
| Mailing addresses, e-mail addresses, and phone numbers of all client parties and penetration testers. |
| Description of the purpose for the conducted penetration test. |
| Description of the goals that should be achieved with the penetration test. |
| All IPs, domain names, URLs, or CIDR ranges. |
| Online conferences or phone calls or face-to-face meetings, or via e-mail. |
| Start and end dates. |
| Times of the day to test. |
| External/Internal Penetration Test/Vulnerability Assessments/Social Engineering. |
| Description of how the connection to the client network is established. |
| OSSTMM, PTES, OWASP, and others. |
| Users, specific files, specific information, and others. |
| Encryption, secure protocols |
| Configuration files, databases, and others. |
| Strong data encryption |
| Cases for contact, pentest interruptions, type of reports |
| Frequency of meetings, dates, times, included parties |
| Type, target readers, focus |
| Start and end dates |
| System damage, data loss |
| Signed contract, contractors agreement |
Last updated