Scribd Logo
Upload

Welcome to Scribd!

  • 5 Rules of Engagement

    Uploaded by

    lagib78166
    9 views1 page
    This document outlines a checklist of items to include in rules of engagement (RoE) for a penetration test. It lists contact information, purpose, scope, methodology, objectives, evidence handling, reporting requirements, limitations of liability, and permission to conduct the test. The RoE defines the parameters of the penetration test including what can and cannot be tested, how findings will be reported and handled, and what is expected from both the client and testers.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    ODT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document outlines a checklist of items to include in rules of engagement (RoE) for a penetration test. It lists contact information, purpose, scope, methodology, objectives, evidence handling, reporting requirements, limitations of liability, and permission to conduct the test. The RoE defines the parameters of the penetration test including what can and cannot be tested, how findings will be reported and handled, and what is expected from both the client and testers.

    Copyright:

    © All Rights Reserved
    Download as ODT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views1 page

    5 Rules of Engagement

    Uploaded by

    lagib78166
    This document outlines a checklist of items to include in rules of engagement (RoE) for a penetration test. It lists contact information, purpose, scope, methodology, objectives, evidence handling, reporting requirements, limitations of liability, and permission to conduct the test. The RoE defines the parameters of the penetration test including what can and cannot be tested, how findings will be reported and handled, and what is expected from both the client and testers.

    Copyright:

    © All Rights Reserved
    Download as ODT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    5.

    Rules of Engagement (RoE)


    Rules of Engagement – Checklist
    Checkpoint Contents
    ☐ Introduction Description of this document.

    ☐ Contractor Company name, contractor full name, job title.

    ☐ Penetration Testers Company name, pentesters full name.

    ☐ Contact Information Mailing addresses, e-mail addresses, and phone numbers of all client parties and penetration testers.

    ☐ Purpose Description of the purpose for the conducted penetration test.

    ☐ Goals Description of the goals that should be achieved with the penetration test.

    ☐ Scope All IPs, domain names, URLs, or CIDR ranges.

    ☐ Lines of Communication Online conferences or phone calls or face-to-face meetings, or via e-mail.

    ☐ Time Estimation Start and end dates.

    ☐ Time of the Day to Test Times of the day to test.

    ☐ Penetration Testing Type External/Internal Penetration Test/Vulnerability Assessments/Social Engineering.

    ☐ Penetration Testing Locations Description of how the connection to the client network is established.

    ☐ Methodologies OSSTMM, PTES, OWASP, and others.

    ☐ Objectives / Flags Users, specific files, specific information, and others.

    ☐ Evidence Handling Encryption, secure protocols

    ☐ System Backups Configuration files, databases, and others.

    ☐ Information Handling Strong data encryption

    ☐ Incident Handling and Reporting Cases for contact, pentest interruptions, type of reports

    ☐ Status Meetings Frequency of meetings, dates, times, included parties

    ☐ Reporting Type, target readers, focus

    ☐ Retesting Start and end dates

    ☐ Disclaimers and Limitation of Liability System damage, data loss

    ☐ Permission to Test Signed contract, contractors agreement

    You might also like