This paper covers the importance of providing pent-testing services that comply with laws and corporate governance. Most pent-testing services may or may not provide the proper structure for execution. Some of these services provide good testing scenarios of what and how to test, but fail to provide the supporting documentation, communication, and legal counsel throughout the process. This document will present a real-life pent-test, from start to finish and provide the best practices used and required for legal compliance with laws and corporate governance. In addition, the case study will provide the business dynamics, the technical objectives required for the test, and countermeasures for an organization.
The body of the paper will cover the testing preparation, methodology, and execution. The appendix will provide the documentation and artifacts supporting the legal and technical requirements. All the information provided in this paper has been changed to protect the identity of the client used as an example for the case study.
The body of the paper will cover the testing preparation, methodology, and execution. The appendix will provide the documentation and artifacts supporting the legal and technical requirements. All the information provided in this paper has been changed to protect the identity of the client used as an example for the case study.
