Filename: comptia-pentestplus-pt0001-1-1-1-planning_an_engagement.

md
Show Name: PenTest+ (PT0-001)
Topic Name: Planning and Scoping
Episode Name: Planning an Engagement
Description: In this episode, Daniel and Wes explore the importance of planning
for a Pentest Engagement; running down a list of items and tasks that help you to
be prepared for an upcoming engagement. Here specifically they talk about budgets
and understanding your target audience.

================================================================================

Planning an Engagement
Key Concept: Importance of planning for an engagement*

• Budget

Hopefully, funds have been budgeted for pentest as part of SDLC

Pentests can run from $4k to $20k+

Cost/Benefit analysis

Should be done by both...

Testers

Attempts to...

Minimize expenses
Maximize profit
All while providing a quality assessment service

Client

Attempts to...

Minimize expenses
Maximize quality/depth of assessment service
All while fairly compensating testers

Helps decide which tools and depth of assessment to provide

Manual pen test

1 week? 2 weeks?

Automated test
Both

Factors that affect the cost of a pentest

System complexity
Expertise of tester(s)
Site visits/travel
Remediation services

• Understanding the target audience

What is the underlying "DNA" of the company/organization?

Compliance/Regulated

Medical
Payment
Financial
Academic

Private

Well defined business type?

Who in the client org will you be addressing?

C-levels
Mid-level management
IT
End users

Are there any subset exclusions?

If performing a network pentest, you may not need to include the Web dev group