Penetration Testing Planning and Scoping Online Training

This intermediate Penetration Testing Planning and Scoping prepares security technicians to decide what networks, applications, databases, accounts, people, controls and assets will be targeted in a given penetration test and define them for the testers.

Doing a penetration test without enough planning and scoping ahead of time would be a lot like walking back to the parking lot to make sure you locked your car doors, but then also checking the car door of every other car in the parking lot and every parking lot in the city. In other words, a penetration test is a good way to double-check your network's security posture but if you're not careful, you can waste a lot of time and money when you do it. You can include networks or devices you're not interested in, or you can check for vulnerabilities you've already identified or that you know aren't valid.

This Penetration Testing Planning and Scoping training covers how to identify stakeholders, gather information, assess needs, balance costs, and plan the scope of a penetration test.

For anyone who leads an IT team, this security training can be used to onboard new security technicians, curated into individual or team training plans, or as a penetration testing reference resource.

Penetration Testing Planning and Scoping: What You Need to Know

For any security technician looking to improve their proficiency with planning and scoping for pen testing, this security course covers topics such as:

Identifying stakeholders with input as to ideal scope of pen test
Incorporating the balance of pen test cost with security gains into determination of scope
Gathering sufficient information to adequately scope tests
Specifying limits and meaningful parameters on penetration tests

Who Should Take Penetration Testing Planning and Scoping Training?

This Penetration Testing Planning and Scoping training is considered specialist training, which means it was designed for security technicians with at least a year of experience with planning and scoping for pen testing and experienced pen testers looking to validate their security skills.

New or aspiring security technicians. If you're a brand new security technician, this Penetration Testing Planning and Scoping training could help make sure that your first penetration test isn't far more expensive than you'd anticipated. But if you're a completely new security technician, you probably won't be running a penetration test on your own. If you know you'll be running pen tests or a part of teams planning them, this training is a great start to your security technician career.

Experienced security technicians. This Penetration Testing Planning and Scoping training is perfect for experienced security technicians who are trying to move into penetration testing or who have recently started performing them in their job. Although you won't learn how to perform every part of a pen test with this training, you will become specialized in keeping your team's penetration tests inside parameters and on-target.

Skill:
Understanding the Need for Scope Planning
- 1. Overview
  1 min
- 2. Introduction to the Importance of Planning
  1 min
- 3. Identifying Target Audience
  4 mins
- 4. Specifying the Rules of Engagement
  7 mins
- 5. Defining Resources, Requirements, and Budgets
  6 mins
- 6. Explaining Timelines and Disclaimers
  4 mins
- 7. Defining Technical Constraints
  5 mins
- 8. Requesting Support Resources
  9 mins
- 9. Conclusion
  1 min
Skill:
Explaining Key Legal Concepts
- 1. Overview
  1 min
- 2. Legal Concepts Introduction
  2 mins
- 3. Identifying Legal Contracts
  4 mins
- 4. Considering Environmental and Location Factors
  4 mins
- 5. Obtaining Written Authorization
  3 mins
- 6. Obeying Corporate Policies
  3 mins
- 7. Conclusion
  1 min
Skill:
Properly Scoping an Engagement
- 1. Overview
  1 min
- 2. Introduction to Properly Scoping an Engagement
  1 min
- 3. Identifying Types of Assessments
  5 mins
- 4. Understanding Mergers and Partners
  3 mins
- 5. Selecting Targets
  6 mins
- 6. Targeting Considerations
  4 mins
- 7. Understanding Risk and Tolerance
  3 mins
- 8. Identifying Scope Creep and Schedule Impact
  4 mins
- 9. Identifying Threat Actors
  6 mins
- 10. Conclusion
  1 min
Skill:
Explain Compliance-Based Assessments
- 1. Overview
  1 min
- 2. Intro to Compliance Assessments
  1 min
- 3. Identifying Various Compliance-based Standards
  6 mins
- 4. Understanding Password Policies and Key Management
  3 mins
- 5. Handling Data Isolation and Limited Access
  2 mins
- 6. Conclusion
  1 min
Skill:
Standards, Compliance and the Ethical Hacker Mindset
- 1. Overview
  1 min
- 2. Regulatory Compliance
  12 mins
- 3. Legal Concepts
  6 mins
- 4. Standards and Methodologies
  13 mins
- 5. MITRE ATT&CK Framework
  9 mins
- 6. Ethical Hacker Mindset
  9 mins
- 7. Conclusion
  1 min

Loading transcripts...

Standards and Methodologies

Access all premium content with a free week!

Start a free week

Explore Features

Course overview

2 HOURS OF TRAINING

5 SKILLS

30 VIDEOS

0 VIRTUAL LABS

0 PRACTICE EXAMS

Bob Salmans

Nugget trainer since 2020

Read the full bio

What is it like to train with us?

Our learners say it best.

Helps me learn the skills I need when I need them

THOMAS S. | SYSTEMS ENGINEER & CONSULTANT

Read Reviews

Penetration Testing Planning and Scoping FAQs: Cost, Training, Value

What is meant by penetration testing planning and scoping?

Planning and scoping are two of the essential steps in doing a penetration test, as they lay out the expectations and parameters of the test. Penetration test planning involves strategizing the approach that will be taken, including defining objectives, determining timelines, and selecting the right methods. Penetration scoping delineates boundaries and depth: what systems, networks and vulnerabilities to test for. Good planning and scoping provides exceptionally valuable insights for networks.

What is the primary purpose of Pentesting?

The primary purpose of penetration testing (pentesting) is to identify vulnerabilities before a bad actor can find and exploit them. Penetration testing is done by simulating a real-world attack, usually without informing the network's cybersecurity team. This helps to assess the effectiveness of the network's security measures as well as their resilience against attacks. Penetration testing planning and scoping is a crucial part of the process, ensuring maximum accuracy and relevance.

Why would a company conduct a penetration test within their environment?

Penetration testing's best attribute is the reason a company would conduct one inside their own environment: they're proactive. Penetration tests reveal weaknesses in a network's security posture early, giving the security team time to address the vulnerability before anything has gone wrong. Like an army defending a castle, penetration tests reveal where the defenders should build higher walls, reinforce gates, and stockpile ammunition, and not find out during a siege.

Who should take this course on planning and scoping penetration tests?

This course covers a specific part of performing penetration tests, the planning and scoping phase. That means it's a good course for cybersecurity professionals who are hoping to get involved with pentests, as well as experienced cybersecurity professionals who want to brush up on that one part of the skill they've already developed. This course helps security analysts, ethical hackers and information security managers define test objectives, scope assessments and select methodologies.

Is this penetration testing planning and scoping course associated with any certifications?

This penetration testing planning and scoping course is primarily a skills-based course focused on giving you simulated experience planning and scoping a pen test. Because what you'll learn applies in multiple settings and is useful no matter what hardware or software combination the target network uses, it is helpful information if you're planning on earning the PenTest+ from CompTIA. Additionally, Security+ will be much easier after taking this course.

Related Courses

CompTIA PenTest+ (PT0-002)

CompTIA Security+ (SY0-601)

Enterprise Security Essentials

What is it like to train with us?

Our learners say it best.

Penetration Testing Planning and Scoping FAQs: Cost, Training, Value

Let's chat!