Scoping criteria

We will now see an example questionnaire for the scoping criteria. First, we will start with questions that will be derived from a white-box tester only to gain intimate knowledge of the network for testing:

• What are the subnets and/or IP addresses in the scope of this test?
• Are there any systems that are out of scope?
• Are there security devices within the network? (This is important because these devices may block access into an environment, and that will prevent testing the system correctly)
• Is there any type of important data held or transferred within the environment?

Finally, if the penetration tester is using more of a black-box mentality, then these questions will be relevant for them, as well as the white-box testers:

• Is guest access in scope as well?
• Which corporate SSIDs are in scope?
• What are the physical locations in scope for the test (if there are multiple locations)? Are all locations/networks dedicated, or are they shared with another company (for example, shared hosting or some cloud environments)?