Many penetration tests start out using the request for proposal $($RFP$)$ process to hire a person or organization to complete the pen test. While you are not responding to the RFP$,$ you will be using it to complete written documentation to support the process.

You can either assume that you are completing this on your own as an independent penetration tester, or that you are part of a larger organization that completes pen testing. If you are part of a larger organization, there are multiple resources that can be drawn upon for completing a pen test. For example, you may have someone that specializes in perimeter testing while someone else focuses on web application testing.

Structured Testing Process that will be used

Resource Allocation

Non$-$Disclosure Agreement

Penetration testing Contract

Rules of Engagement

Test Plan Checklist $($Your checklist should be a written document answering the questions from page $78-79$ of the $3$rd edition textbook and page $457$ of the $4$th edition textbook.$)$

Use resources provided in the learning modules or your own resources to complete this. Please note that SANS is a great source for templates that just need to be customized to meet your own needs.

Choose from one of the following RFP$\text{'}$s$.$ If you find another RFP you would like to use, please email it to the instructor for approval.

RFP Joliet Junior College.pdf

Security$\_$Penetration$\_$Testing$\_$RFP$\_$City of Memphis.pdf

penetrationtestingRFP$\_$OakLawn.pdf