![]() ![]() In that case, the scope would only include that application, with all other assets and infrastructure falling out of scope. The organization running the engagement defines the scope, usually with assistance from their vendor or bug bounty provider, to make sure it is accurate.įor example, the purpose of an engagement may be to test a specific, newly-launched application. The purpose of defining an engagement’s scope is to focus testers’ energy on the assets, attack vectors, and vulnerability types that most concern the organization. In penetration testing and bug bounty, scope defines the boundaries of an engagement-what is and isn’t to be included in testing. If you’re already familiar with Burp Suite and the general idea of scope in software testing, skip down and start reading the section that covers Scope Management. This post will start with the basics of defining scope and how ethical hackers and testers use it in their testing workflow. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |