Before any penetration test, we have the pre-engagement phase. This is where contracts are signed, scope is defined, and rules are established. Without this, even ethical hacking becomes illegal.
📝 PRE-ENGAGEMENT
This is the phase where both the customer and a representative from your company would sit down and discuss about the legal requirements and the "Rules Of Engagement".
⚖️ RULES OF ENGAGEMENT
Methodology: How testing will be conducted
Timeline: Start and end dates
Milestones: Key delivery points
Goals: Objectives of the test
Liabilities: Who is responsible for what
Scope: What is included/excluded
All must be mutually agreed upon before testing begins.
📅 MILESTONES
Before starting a penetration test, it's good practice to set up milestones so that your project is delivered as per the dates given in the rules of engagement.