WHITE PAPER: How To Define The Scope of A Pentest?

Defining the scope of a pentest is a delicate step. What will be the target of the pentest? Which functional and technical aspects should be tested first? What depth and frequency of testing is recommended?

The objective of this white paper is to provide you with various information to help you define a pentest strategy that suits the challenges of your industry, your organisation and your systems and applications. 

We have gathered all key elements from our discussions with around 200 client companies of all sizes and from all sectors of activity. Each element has to be analysed according to your business context. You will then be able to determine a scope for your future security audits.

Making choices upstream will allow you to be more effective during your exchanges with the partner in charge of the pentest. However, discussion remains essential, as it is by confronting your internal viewpoint with the external viewpoint of a specialised third party that you will reach the best choices in order to validate your security audit project.