Wrapping Up the Engagement
The delivery of a penetration testing report is certainly a major milestone in the engagement, and clients often consider it the end of the project. However, the work of a penetration tester isn’t concluded simply because they’ve delivered a report. Testers must complete important post-report delivery activities before closing out the project.
Post-Engagement Cleanup
Penetration testers use a wide variety of tools and techniques as they work their way through a client network. These activities often leave behind remnants that may themselves compromise security by their very presence. During the engagement, testers should clearly document any changes they make to systems, and they should revisit that documentation at the conclusion of the test to ensure that they completely remove any traces of their work.
CompTIA highlights three important post-engagement cleanup activities:
- Removing shells installed on systems during the penetration test
- Removing...