As an ethical hacker when you perform a pentest, you must follow some rules and process step by step to be efficient, below the different phases shortly explained.
The first step of a penetration test is to write an agreement, a kind of pre-engagement about the legal requirements and the rules of the test. It must be signed by both parties before starting the analysis. Some important informations have to be defined with your client:
- the scope: ip range, URL, server…
- the method used: white/grey/black box
- the start date and the end date
- the forbidden techniques: denial of service, social engineering…
> Read the agreement example by TrueSec