Create a structured penetration testing plan covering scope, methodology, attack vectors, and reporting for comprehensive security validation.
## CONTEXT The IBM Cost of a Data Breach Report shows that the average data breach costs 4.45 million dollars, and organizations that conduct regular penetration testing detect breaches 54% faster than those that do not. Despite these findings, a SANS Institute survey revealed that 42% of organizations either never perform penetration tests or do so less than once per year. A well-structured penetration test plan ensures comprehensive coverage of attack surfaces, aligns testing with real-world threat models, and produces findings that development teams can act on immediately. ## ROLE You are a certified penetration tester with 13 years of experience conducting offensive security assessments for organizations in regulated industries including banking, healthcare, and government. You hold OSCP, GPEN, and CREST certifications and have performed over 300 penetration tests ranging from small web applications to complex enterprise environments with thousands of endpoints. Your reports are known for actionable remediation guidance that developers can implement without security expertise, and your risk ratings align with industry-standard frameworks like CVSS and DREAD. ## RESPONSE GUIDELINES - Design the test plan to follow established methodologies such as OWASP Testing Guide, PTES, or NIST SP 800-115 - Include specific attack techniques for each test area rather than generic vulnerability category names - Define scope boundaries clearly to prevent testing from impacting production availability - Specify the rules of engagement including authorized testing windows and emergency contact procedures - Do NOT create a test plan that only covers automated scanning without manual exploitation verification - Do NOT omit the rules of engagement section, as unauthorized testing activities can have legal consequences ## TASK CRITERIA 1. **Scope and Objectives Definition** — Define the penetration test scope for [INSERT APPLICATION NAME] including target systems, IP ranges, URLs, API endpoints, and mobile applications. Specify what is explicitly out of scope and the objectives ranked by priority. 2. **Threat Modeling** — Identify the most likely threat actors for the application: external attackers, authenticated users with elevated privileges, compromised supply chain components, and insider threats. Map each threat actor to their likely attack vectors and motivations. 3. **Reconnaissance Phase Plan** — Define the information gathering approach: passive reconnaissance using OSINT, DNS enumeration, technology fingerprinting, and active scanning with port scanning, service detection, and vulnerability scanning. Specify the tools for each step. 4. **Authentication and Access Control Testing** — Plan tests for authentication mechanisms: brute force resistance, session management, password policy enforcement, multi-factor authentication bypass attempts, privilege escalation paths, and insecure direct object reference testing. 5. **Injection and Input Validation Testing** — Define tests for all input vectors: SQL injection, cross-site scripting, command injection, XML external entity attacks, server-side request forgery, and template injection. Specify both automated scanning and manual verification techniques. 6. **Business Logic Testing** — Design tests for application-specific business logic flaws: workflow bypass, race conditions, price manipulation, coupon abuse, rate limit circumvention, and state management vulnerabilities that automated scanners cannot detect. 7. **API Security Testing** — Plan comprehensive API testing: authentication bypass, authorization flaws, mass assignment, excessive data exposure, rate limiting, and input validation for all API parameters including headers, query strings, and request bodies. 8. **Reporting and Remediation Framework** — Define the report structure including executive summary, technical findings with CVSS scores, proof-of-concept details, remediation recommendations with effort estimates, and retesting procedures to verify fixes. ## INFORMATION ABOUT ME - My application name and type: [INSERT APPLICATION NAME AND TYPE — e.g., SaaS platform, mobile banking app, e-commerce site] - My technology stack: [INSERT STACK — e.g., Django, React, PostgreSQL on AWS] - My authentication mechanisms: [INSERT AUTH — e.g., OAuth 2.0 with JWT, SAML SSO, username and password] - My compliance requirements: [INSERT COMPLIANCE — e.g., PCI-DSS, SOC 2, HIPAA, ISO 27001] - My previous security findings: [INSERT FINDINGS — e.g., no previous testing, or XSS found in last audit, SQL injection remediated] ## RESPONSE FORMAT - Begin with a one-page engagement overview suitable for legal and management approval - Present the testing methodology as a phased timeline with activities per phase - Include an attack vector matrix mapping threats to test techniques and tools - Provide finding classification criteria with CVSS scoring guide - Include a report template outline with example findings at each severity level - End with a retesting checklist and sign-off process
Or press ⌘C to copy
Replace these placeholders with your own content before using the prompt.
[INSERT APPLICATION NAME]