2.2. Project Planning and Workflow
As you plan your project, create a workflow to be sure that you cover all aspects of the assignment. The workflow in Figure 2.1 shows the stages, more or less, that any physical test will follow. Although vague, the chart in Figure 2.1 can easily be imported into your own project management methodology.
Figure 2.1. A physical test workflow.
When the planning phase is concluded, the paper output of each stage will make up part of the project document set.
There are a number of phases involved in preparing for an engagement. Some are unavoidable and some are open to interpretation. However, I take the following approach because it's thorough and leaves as little as possible to chance:
Receiving the assignment – At this stage, contracts have been signed and certain legal formalities observed.
Negotiating the Rules of Engagement – These define what you can and can't do during testing and their purpose is usually to limit testers to a certain scope.
Performing Preliminary Research – You are now ready to pursue the initial information-gathering phase. This will take many forms:
Determining Risk – It's important to accurately gauge the risk a project poses both to the company and to the team members executing it.
Writing a Test Plan – A formal (but flexible) test plan is a good idea from both project management and legal perspectives.
Gathering Equipment ...
Get Unauthorised Access: Physical Penetration Testing For IT Security Teams now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
