The original videos can also be found here
Purpose and goals of the pentest (the customer may not know or be wrong)
- What is running your business?
- attack vectors
- evaluate the controls
- potential vulnerabilities
- find real threats to the organization
- It must be a repeatable process and easy to explain
(the methodology is important)
- perhaps a security review can be done instead of a pentest
(A pentest in a really insecure place is not worthy)
- which targets how can you attack and how?
- what are you authorized to do versus real world?
- Open Source Security Testing Methodology
- Crime Prevention Through Environmental Design
Threat Source Analysis
- Funding, motivation and time
- reconnaissance (google maps :D )
- Wrap Up