1. Plan

A sound plan for your Penetration Test will help to keep you focused throughout the process.

Understand the client's scope

Understand why your client wants a Penetration test. Primarily, answer the popular 5 Ws and H (Who, What, Why, Where, When, and How). Understanding their motivation and requirements will help you choose a strategy, set realistic timelines, meet expectations, outline limitations and request additional information you may need.

Choose a strategy

Once you understand your client's requirements, you can choose an appropriate strategy. Typically, there are four (4) strategies :

White Box - Client shares a fair amount of identifying details about targets and infrastructure.

Grey Box - Client shares LIMITED identifying details about targets (IPs, domains, minimal infrastructure details).

Black Box - The Client does not share any identifying details about targets (real world attacking scenario).

Hybrid - A mixture of 2 or 3 of the above, in line with the requirements of your client.