Penetration Testing and Network Defense by Andrew Whitaker, Daniel P. Newman

Chapter 3. Creating a Test Plan

Failing to prepare is preparing to fail.

—John Wooden (Former head coach, UCLA men’s basketball team)

As with all great projects, success comes with having a solid methodical plan. Penetration testing is not about jumping into a security assessment project by running several tools at random. Penetration testing is about creating a methodical, step-by-step plan that details exactly what you are going to do, when you are going to do it, and how.

This chapter outlines the steps needed to create a methodical plan, from narrowing the scope of the project, to using the Open-Source Security Testing Methodology Manual (OSSTMM), and finally to writing up the testing report.