An essential step to complete is the plan; also, the concept of what we are trying to achieve and how we are going to get there will be discussed. This is one of the areas that many do not spend enough time on. As we discussed in Chapter 1, Introducing Penetration Testing, we cannot take six to nine months in planning, like a potential attacker would more than likely do, for our abstract methodology. Having said that, we can spend a great deal of time planning the architectures we want to build for our advanced pen testing labs. So, we will start with what goes into the plan. The plan we are going to discuss consists of the areas mentioned in the following sections.
Are we trying to test a web application, an application, a device, or something else? This is where we start to identify what our virtualized environment is going to require; also, we identify how we are going to configure and build the required components.