Professional Documents
Culture Documents
SANS
SANS
SANS
Scope Worksheet:
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
2
What specific hosts, network address ranges, or applications should explicitly NOT be tested:
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
List any third parties that own systems or networks that are in scope as well as which systems
they own (written permission must have been obtained in advance by the target organization):
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
3
Will the test be performed against a live production environment or a test environment:
______________________________________________________________________
Other: _________________________________________________________________
_______________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
4
______________________________________________________________
Signature of Primary Contact representing Target Organization
____________________________
Date
______________________________________________________________
Signature of Head of Penetration Testing Team
____________________________
Date