LPTv4 Module 15 Pre Penetration Testing Checklist NoRestriction PDF

ECSA/LPT
EC Council
EC-Council
Module XV
Pre-Penetration Testing
Checklist
List of Steps
1
2
3
4
5
6
7
8
Gather information about the clients organization history and background

Visit the client organization premises to become familiar with the surroundings, car park,
facilities, restaurants
List the client organization
organizationss penetration testing requirements
Obtain penetration testing permission from the companys stakeholders
Obtain detailed proposal of test and services that are proposed to be carried out
Identify the office space/location your team would be working on for this project
Obtain temporary identification cards from the organization for the team members involved in
the process
Identify
Id if who
h will
ill be
b leading
l di the
h penetration
i testing
i project
j
((chief
hi f penetration
i tester))
EC-Council
Copyright by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
List of Steps (contd)

9
Request from the client organization for previous penetration testing report/ vulnerability
assessment reports (if possible)
10
Prepare rules of engagement that lists the companys Core competencies/ limitations/
timescales
11
Hire a lawyer who understands information technology and can handle your penetration testing
legal documents
12
13
14
4
15
16
EC-Council
Prepare penetration testing legal document and get it vetted with your lawyer
Prepare Non-disclosure Agreement (NDA) and have the client sign them
Obtain (if possible) liability insurance from a local insurance firm
Identify your core competencies/limitations
Allocate
All
a budget
b d
ffor the
h penetration
i testing
i project
j
(X amount off dollars)
d ll )

17
Prepare a tiger team
18
List the security tools that you will be using for the penetration testing project
19
List the hardware and software requirements for the penetration testing project
20
Identify the clients security compliance requirements
21
List the servers, workstations, desktops, and network devices that need to be tested
22
Identify the type of testing that would be carried out - Black Box or White Box testing
23
Identify
de t y tthee type o
of test
testing
g tthat
at wou
would
d be ca
carried
ed out - a
announced/
ou ced/ u
unannounced
a ou ced
24
Identify local equipment required for pen test
25
Identify
Id tif local
l l manpower required
i d ffor pen ttestt
EC-Council

26
27
28
8
29
30
31
32
33
List the contact details of key personnel of the client organization who will be in charge of the
penetration testing project
Obtain the contact details of the key person at the client company during an emergency
Points of contacts during an emergency
List the tests that WILL NOT BE carried out at the client network
Identify the purpose of the test you are carrying out at the client organization
Identify the network topology in which the test would be carried out
Obtain special permission if required from local law enforcement agency
List
Li k
known waivers/exemptions
i
/
i
EC-Council

34
List the contractual constraints in the penetration testing agreement
35
Identify the reporting timescales with the client organization
36
3
Identify the list of penetration testers required for this project
37
Negotiate per day per hour fee that you will be charging for the penetration testing project
38
Draft the timeline for the p

penetration testing
gp
project
j
39
Draft a quotation for the services that you be providing to the client organization
40
Identify how the final penetration testing report will be delivered to the client organization
41
Identify the reports to be delivered after the pen test
42
Identify the information security administrator of the client organization who will be helping you
in the penetration testing assignment (if possible)
EC-Council
Step 1: Gather Information about Client

Organizations
g
Historyy and Background
g
Penetration testing assesses the security model of the organization as a
whole.
Before starting the penetration testing for an organization and gather
some information about that company.
Search
S
h the
h websites
b i
and
d gather
h the
h hi
history and
db
background
k
d off the
h client
li
organization which you are going to perform the penetration testing.
EC-Council
Step 2: Visit the Client Organization Premises

to become Familiar with the Surroundings,
Parking Facilities,
Parking,
Facilities Restaurants
Visit the premises of the client organization for more
information on its physical infrastructure.
Check for facilities like car parking levels, restaurant, restroom,

lift, club, swimming pool.
Make yourself comfortable with all the facilities so that you will
not face difficulty while checking for the physical security of the
client organization as a part of your assignment (in case the
client wants you to do it).
EC-Council
Step 2: Visit the Client Organization Premises

to become Familiar with the Surroundings,
Parking Facilities,
Parking,
Facilities and Restaurants (contd)
(cont d)
Examine the work areas where most employees
p y
would utilize the
equipment.
Check the network equipment room where the routing set up is secured.
secured
Alternately check the server room

Alternately,
room.
Inspect the area where the testing team carries out its work.
EC-Council
Step 3: List the Client Organizations

g Requirements
q
Penetration Testing
Requirements of a penetration test vary with different clients.
clients
Penetration testing requirement depend on the nature of work

work, criticality of
data, legal issue, and business model of the client organization.
A client
li t organization
i ti may ask
k th
the penetration
t ti ttester
t tto
conduct some or all the tests listed below:
EC-Council
Internal/external
/
testing
g
Whitebox/Blackbox testing
Announced/unannounced testing
Testing according to the number of IPs
Physical/security policy testing
Testing a particular server/service
Step 4: Obtain Penetration Testing

Permission from the Companys
p y Stakeholders
A corporate stakeholder is a party who affects,
affects or can be affected by,
by the
company's actions.
A narrowly
l defined
d fi d list
li t off stakeholders
t k h ld
might
i ht iinclude:
l d
Employees.
Customers
Customers.
Shareholders.
Investors.
The company stakeholders must give a go ahead for your penetration

test. Request the client organization to obtain permission from the
stakeholders in order to avoid future litigations.
EC-Council
Step 5: Obtain Detailed Proposal of Test and

Services that are Proposed
p
to be carried out
The nature and intensityy of a p
penetration test should be mentioned in
detailed by the client organization.
Ask
A
k th
the client
li t to
t submit
b it a detailed
d t il d proposall ffor th
the penetration
t ti ttestt th
thatt
is to be carried out.
The proposall sheet
Th
h t should
h ld li
listt th
the number
b off IPs
IP that
th t need
d tto b
be ttested;
t d
the type of test; the number of tests that need to be carried out,
specifying the test details.
EC-Council
Step 6: Identify the Office Space/Location

your Team would be Working in for this
Project
Penetration testing is a time consuming process (depending on the
client organizations testing requirements).
You need to make sure that the space provided for you and your team at
the office premises of the client organization is comfortable, spacious,
and airy.
The location should have easy access to restrooms, cafeteria and should
have restricted access for other employees of the client organization.
organization
EC-Council
Step 7: Obtain Temporary Identity Cards

from the Organization for the Team who
are Involved in the Process
After getting the physical location to carry out the test process, request
the
h organization
i i to provide
id the
h temporary id
identity
i card
d to all
ll the
h
penetration testers.
Use this identity card as access card to get into the company.
Make sure that all the testers who are involved in the penetration testing
at the clients
client s organization contains an unique identity or access card.
card
EC-Council
Step 8: Identify who will be Leading the

Penetration Testing Project (Chief
P
Penetration
t ti T
Tester)
t )
Your penetration testing team should have a mix
of qualified professional from different domains.
The testing team will be lead by a chief

penetration tester who will lead the project and
b a point
be
i off contact for
f the
h management off the
h
client organization.
The chief penetration tester plays a key role in

delivering the project, handling issues related to
testing and maintaining the team.
team
EC-Council
Step 9: Request from the Client Organization for

Previous Penetration Testing Report/ Vulnerability
Assessment Reports ( If Possible)
Organizations retain a copy of the penetration testing report for future
reference.
Requestt the
R
th client
li t organization
i ti for
f previous
i
penetration
t ti ttesting
ti reportt
so that you will have a clear idea of the problems that existed in the past.
Most of the organizations will not be willing to share their penetration
test report with you.
TRY YOUR LUCK!
EC-Council
Step 10: Prepare Rules of Engagement that

Lists the Companys Core Competencies/
Limitations/ Timescales
Identify the core competency of the client
organization:
Core competency is something that a firm can do well and that meets the following
three conditions specified by Hamel and Prahalad (1990):
It provides customer benefits.
It is hard for competitors to imitate.
It can be leveraged widely to many products and markets.
Identify limitation of the client organization:

Your rules of engagement should list points that limit your testing ability due to
restrictions (if any) from the client organization.
List the timescale:

Time
i
scale
l iis the
h time
i
iin which
hi h the
h organization
i i carry out iits operation.
i
Tester
should be ready for a flexible timing which will not affect the organization.
EC-Council
Step 11: Hire a Lawyer who Understands

Information Technology and can Handle
your Penetration Testing Legal Documents
Hire a lawyer who can understand technology and
related matters.
A legal document related to the penetration testing

needs to be signed by you before you start your
penetration testing assignment. Get the document
vetted by your lawyer before you sign.
A lawyer who understands information technology and

risks associated with the penetration testing will be
able to render his/her professional service more
efficiently.
EC-Council
Step 12: Prepare PT Legal Document

get Vetted with yyour Lawyer
y
and g
After getting
Aft
tti legal
l l document
d
t from
f
the
th client
li t
organization, study it with the help of lawyer.
Based on the document given by the organization,

prepare
p
p
ap
penetration testing
g document and check it
with the lawyer you have appointed.
This document contains information related to legal

aspects of testing and the scope of the project.
EC-Council
Step 13: Prepare Non Disclosure

Agreement (NDA) and have the Client Sign
them
A non-disclosure
di l
agreementt is
i an agreementt th
thatt contains
t i confidential
fid ti l
information.
Your lawyer should vet the NDA form before you ask the client to sign.
Include clauses which will highlight the fact that you and your team will
not disclose any information divulged by the client during the course of
penetration test.
The NDA should also be aimed at protecting your interests.
EC-Council
Step 14: Obtain ( if possible) Liability

Insurance from a Local Insurance Firm
Try to
T
t obtain
bt i a liability
li bilit insurance
i
from
f
th
the llocall iinsurance company
to protect your interest incase there the client organization files a
lawsuit against you for bringing their network down during the
penetration test.
EC-Council
Step 15: Identify your Core

Competencies/Limitations
Identify the core competencies and limitations of the tester who is going
to perform
f
the
h test.
Core competencies of the tester mainly
contains:
Network Management
Program Management
Data Administration
Risk Management
Limitations of penetration testers:

Configuration problems.
No technical knowledge of new acquired technologies by the client.
F example,
For
l you might
i h b
be proficient
fi i
iin Wi
Windows
d
Pl
Platform
f
b
but will
ill
not be in Sun Solaris.
EC-Council
Step 16: Allocate a Budget for the Penetration

Testing
g Project
j
( X amount of $ )
Prepare a b
P
budget
d
that
h contains
i the
h cost off expenses required
i d to
perform the testing.
Budget includes:
EC-Council
Traveling
T
li expenses for
f official
ffi i l purposes.
Lodging expenses.
Food expenses.
Stationaryy expenses.
p
Expenses spent for entire team.
Step 17: Prepare a Tiger Team

A tiger team consists of licensed penetration testers taken from different
disciplines.
Thi team
This
t
mainly
i l consists
i t of:
f
Database penetration testers.

Firewall penetration testers.
testers
Cisco penetration testers.
Oracle penetration testers.
Report writers, and so on.
This tiger team is managed by the chief penetration tester.
EC-Council
Step 18: List the Security Tools that you

will be using for the Penetration Testing
Project
Tools required to perform the penetration
testing are:
Port scanner (i.e., Nmap, Firewalk, Superscan).
Vulnerability scanners (i.e., Nessus, SAINTexploit and Metasploit,
X-scan).
Application scanners (i.e., Appscan, Webinsect).
Firewall
Fi
ll tools
t l (i
(i.e., Fi
Firestarter,
t t Fwlogwatch).
F l
t h)
Sniffers (i.e., Wireshark, Kismet).
VPN/tunneling tools.
Access control tools.
tools
EC-Council

Project (cont
(contd)
d)
The list of penetration tools required to
perform
f
th
the ttesting
ti are as ffollows:
ll
Cryptography tools.
DNS tools.
Fingerprint/OS detection tools (i.e., queso, siphon-v.666, and
Winfingerprint).
Hijacking tools (i.e., pasvagg.pl, sw-mitm tool).
HTML tools (i.e., WebSnake).
IDS tools (i.e., AIDE, HostSentry, Logcheck, PortSentry, Snort,
Swatch, Tripwire).
Miscellaneous tools (i.e.,
(i e Copernic,
Copernic Genius
Genius, and ucd-snmp).
ucd-snmp)
NetBIOS Tools (i.e., enum, nbnbs, NetBios Auditing Tool).
Network Management/Monitoring Tools (i.e., analyzer, cheops,
ciscoconf, IP-Watcher, ipaudit, iplog, netsaint, and sting).
Novell tools.
EC-Council

Project (cont
(contd)
d)
NT-specific tools (i.e., ELDump, NetViewX, WsSes)
Password tools (i.e., ChkLock, MakePWL, ZipPassword)
Packet tools (i.e., isic, nemesis, NeoTrace, SendIP)
Phone tools (i.e., THC-PBX, ToneLoc)
Ping tools (i
(i.e.,
e icmpquery
icmpquery, sping
sping, netping
netping, Visual Route)
Promiscuous mode detection tools (i.e., CommView, sentinel)
R
Remote
tools
l
Root kits
Steganography
St
h tools
t l (i
(i.e., Bli
Blindside,
d id gifshuffle,
if h ffl Hid
Hide4PGP,
PGP JPHIDE and
d
JPSEEK, SteganoGifPaletteOrder , Steganos, Stego, wbStego)
EC-Council
Step 19: List the Hardware and Software

Requirements for the Penetration Testing Project
The configuration mentioned below is meant for a laptop.
Ideal hardware configuration includes:
Intel Core Duo Processor.

Processor
2 GHZ speed.
2 GB RAM.
120 GB storage capacity.
Ideal software configuration includes:
EC-Council
IIS server.
Application servers.
Ms-Office 2007.
Operating systems: Windows 2003 Server
Server, Vista
Vista, Linux and
Macintosh.
Step 20: Identify the Clients Security

Compliance
p
Requirements
q
Major requirements for client security compliance are:
Administrative procedures.
procedures
Physical safeguards.
Technical security services.
Technical
ec ca secu
securityy
mechanism.
Standards.
EC-Council
Step 21: List the Servers, Workstations, Desktops

and Network Devices that need to be Tested
Servers that need to be tested includes:
IIS servers.
servers
Application servers:
Client application server.
Web application server.
Windows servers.
servers
Unix/Linux servers.
Workstations and desktops required to test includes:

Number of workstations per department incase there are multiple
departments within the organization.
Some network devices that need to be tested are:
EC-Council
Routers.
Hubs.
Switches.
Modems.
d
Network load balancers.
Step 22: Identify the Type of Testing that would be

carried out - Black Box or White Box Testing
The two basic tests

typically performed are:
White box testing.

Black box testing.
Whit box
White
b ttesting:
ti
Is carried out with a complete knowledge on the

infrastructure such as IP address range of the
t
target
t network
t
k and
d network
t
kd
devices,
i
OS version,
i
etc.
Is also called a complete-knowledge test.
Black box testing:
Is carried out with out any prior knowledge on the

infrastructure.
Is
I also
l called
ll d zero-knowledge
k
l d testing.
t ti
EC-Council
Step 23: Identify the Type of Testing that would be

carried out - Announced/ Unannounced
Testing can be done in the following ways:
Announced
Unannounced
Announced: An announced testing is done by an proper

announcement to the employees/administrative heads of the
organization before starting the test.
Unannounced: In this p
process,, testing
g is carried out with out anyy
giving any information to the employees/administrative head of
organization.
EC-Council
Step 24: Identify Local Equipments

q
for Pen Test
Required
The list of local equipments
q p
required
q
to perform
p
the penetration test is as follows:
Category5 (CAT5) taps and speed
b e taps/co
taps/converter
e te
Fibre
Local Internet access:
Filtered
Unfiltered
Downloads/exports
D
l d /
t allowed
ll
d
Separate allocation of office space for the testing team

24 hours power availability with generator facility
cafeterias, bakeries
bakeries, confectionaries
confectionaries, and
Places for refreshment like cafeterias
so on.
EC-Council
Step 25: Identify Local Manpower

q
for Pen Test
Required
The list of local manpower requirements to perform
th penetration
the
t ti ttesting
ti iis as ffollows:
ll
EC-Council
Application administrator.
Database administrator.
Network administrator.
Operating system administrator.
Step 26: List the Contact Details of Key Personnel

of the Client Organization who will be in Charge of
the Penetration Testing Project
A keyy p
personnel will be appointed
pp
byy the organization
g
to take lead of the
project from their side.
Some important contact details include the risk manager, database
administrator, network administrator, or a system administrator.
The contact details may include:
EC-Council
Name of the personnel.

Department
Department.
Role.
Mobile number.
Email address.
address
Office contact number.
Step 27: Obtain the Contact Details of the

Key Personnel for Approaching in case of
an Emergency
Gather the contact details from the key personnel for approaching
him/her in case of emergency.
Emergency situations include fire, electric breakdown, etc.
EC-Council
Step 28: Points of Contacts During an

g
y
Emergency
Note the contact details of p
penetration testers:
EC-Council
Risk manager
Database administrator
Local security officer
System administrator
Networking administrator
I t
Internet
t Service
S i Provider
P id (ISP)
Step 29: List the Tests that will not be

carried out at the Client Network
The type
yp and timeline for the tests to be conducted depend
p
on the
client organization.
You cannot expect a ecommerce company to allow a DoS service
test on their website.
EC-Council
Step 30: Identify the Purpose of the Test you

are carrying out at the Client Organization
The
h main purpose off the
h test is to:
EC-Council
Safeguard the organization from failure.

P
Preventing
i fi
financial
i l lloss through
h
h ffraud.
d
Identifying the key vulnerabilities.
Improving the security of technical systems.
Step 31: Identify the Network Topology in

which the Test would be carried out
Network topologies include:
Bus.
Star.
St
Mesh.
Ring .
Tree.
Tree
EC-Council
Step 32: Obtain Special Permission if Required

from Local Law Enforcement Agency
Testers usually work on an intranet to test the network,
network but if we want to
perform the test outside a network then we have to obtain special
permission from the local law enforcement agency.
Sign-in
EC-Council
Step 33: List known

Waivers/Exemptions
/
p
A waiver is the voluntaryy relinquishment
q
or surrender of some known
right or privilege. While a waiver is often in writing, sometimes a
person's actions can act as a waiver. An example of a written waiver is
a disclaimer, which becomes a waiver when accepted. Other names for
waivers
i
are exculpatory
l t
clauses,
l
releases,
l
or h
hold
ld h
harmless
l
clauses.
l
Sometimes the elements of "voluntary" and "known" are established by

a legal fiction. In this case, it is presumed one knows his or her rights
and that those rights are voluntarily relinquished if they are not
asserted
t d att th
the ti
time.
EC-Council
Step 34: List the Contractual Constraints in

the Penetration Testing
g Agreement
g
Check
Ch
k for
f service
i level
l l agreements
t iin th
the project
j t th
thatt may
affect scope of the test.
Accept an waiver or privilege letter to perform this testing
from the contractual partners.
EC-Council
Step 35: Identify the Reporting Timescales

with the Client Organization
g
Identify
d if the
h reporting
i timescales
i
l ffrom the
h client
li
organization.
i i
This reporting timescales include:

Normal timescale for project.
Local requested timescale for project.
Distribution list of the project.
EC-Council
Step 36: Identify the List of Penetration

Testers Required
q
for this Project
j
Different testers required to perform this
testing are as follows:
Database penetration testers
Firewall penetration testers
Application penetration testers
EC-Council
Step 37: Negotiate per Day/per Hour Fee

that you will be Charging for the
Penetration Testing Project
Based on the work performed by the team of testers, negotiate the fee
either hourly based or daily based.
Salary negotiation will be handled by the chief penetration tester and it

will be distributed as p
per the rules of the client organization.
g
EC-Council
Step 38: Draft the Timeline for the

g Project
j
Penetration Testing
Based on the size of the organizations and number of IPs to be tested,
tested
prepare a timeline for the completion of testing.
This timeline draft into three parts:

Stating
g time of the p
project
j
Project milestones
Project completion
A timeline is the total time required to finish the project.
EC-Council
Step 39: Draft a Quotation for the Services that

you be Providing to the Client Organization
Prepare
p
aq
quotation that contains the details of services that you
y are
going to provide for the client organization.
Quotation
Q
i iincludes
l d the
h totall services
i
ffor performing
f
i the
h test iin the
h
organization like size and scope of the project.
List the services in the form of quotation that includes all the amenities
that are required to perform the test.
EC-Council
Step 40: Identify how the Final Penetration

Testing Report will be Delivered to the Client
Organization
The final report is prepared based on the test performed in the
organization.
Discuss with the client organization about the report format that they
expect you to give at the end of your penetration test.
Reports can be given in any of the below listed formats:
PDF
HTML
Hard copy
EC-Council
Step 41: Identify the Reports to be

Delivered After Pen Test
The various
Th
i
reports provided
id d after
f completion
l i off
the penetration testing process are as follows:
Network test reports

Client-side test reports
Web application test reports
EC-Council
Step 42: Identify the Information Security Administrator of

the Client Organization who will be helping you in the
Penetration Testing Assignment ( if possible)
Identify an administrator who is responsible for securing information in the

organization.
During the assignment of penetration testing, take the help of the information
security administrator .
EC-Council
You Are Ready to Start the

Penetration Test
Get Readyy for the Drive
EC-Council

LPTv4 Module 15 Pre Penetration Testing Checklist NoRestriction PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

LPTv4 Module 15 Pre Penetration Testing Checklist NoRestriction PDF

Uploaded by

Copyright:

Available Formats

ECSA/LPT

Gather information about the clients organization history and background

List of Steps (contd)

List of Steps (contd)

Prepare a tiger team

Identify the clients security compliance requirements

Identify local equipment required for pen test

List of Steps (contd)

List of Steps (contd)

List the contractual constraints in the penetration testing agreement

Identify the reporting timescales with the client organization

Identify the list of penetration testers required for this project

Draft the timeline for the p

Identify the reports to be delivered after the pen test

Step 1: Gather Information about Client

Step 2: Visit the Client Organization Premises

Check for facilities like car parking levels, restaurant, restroom,

Step 2: Visit the Client Organization Premises

Alternately check the server room

Step 3: List the Client Organizations

Penetration testing requirement depend on the nature of work

Step 4: Obtain Penetration Testing

The company stakeholders must give a go ahead for your penetration

Step 5: Obtain Detailed Proposal of Test and

Step 6: Identify the Office Space/Location

Step 7: Obtain Temporary Identity Cards

Step 8: Identify who will be Leading the

The testing team will be lead by a chief

The chief penetration tester plays a key role in

Step 9: Request from the Client Organization for

Step 10: Prepare Rules of Engagement that

Identify limitation of the client organization:

List the timescale:

Step 11: Hire a Lawyer who Understands

A legal document related to the penetration testing

A lawyer who understands information technology and

Step 12: Prepare PT Legal Document

Based on the document given by the organization,

This document contains information related to legal

Step 13: Prepare Non Disclosure

Step 14: Obtain ( if possible) Liability

Step 15: Identify your Core

Limitations of penetration testers:

Step 16: Allocate a Budget for the Penetration

Step 17: Prepare a Tiger Team

Database penetration testers.

This tiger team is managed by the chief penetration tester.

Step 18: List the Security Tools that you

Step 18: List the Security Tools that you

Step 18: List the Security Tools that you

Step 19: List the Hardware and Software

Intel Core Duo Processor.

Ideal software configuration includes:

Step 20: Identify the Clients Security

Step 21: List the Servers, Workstations, Desktops

Workstations and desktops required to test includes:

Some network devices that need to be tested are:

Step 22: Identify the Type of Testing that would be

The two basic tests

White box testing.

Is carried out with a complete knowledge on the

Black box testing:

Is carried out with out any prior knowledge on the