In This Chapter

Setting security testing goals

Selecting which systems to test

Developing your testing standards

Examining hacking tools

As an information security professional, you must plan your security assessment efforts before you start. A detailed plan doesn’t mean that your testing must be elaborate. It just means that you’re clear and concise about what to do. Given the seriousness of ethical hacking, you should make this process as structured as possible.

Even if you test only a single web application or workgroup of computers, be sure to take the critical steps of establishing your goals, defining and documenting the scope of what you’ll be testing, determining your testing standards, and gathering and familiarizing yourself with the proper tools for the task. This chapter covers these steps to help you create a positive environment so you can set yourself up for success.