When you conduct penetration tests on a client’s network, you need to have a written contract that defines the scope, limits, and boundaries for conducting the pen test or other tests or campaigns (such as phishing campaigns).

When you conduct penetration tests on a client’s network, you need to have a written contract that defines the scope, limits, and boundaries for conducting the pen test or other tests or campaigns (such as phishing campaigns). The rules of engagement become a mutual agreement between the pen tester and the organization that defines what you are allowed to do and not do, and it defines the impact that you can have on the network as a result of your pen testing activities.

Leave a comment

Your email address will not be published. Required fields are marked *