Statement of work

A statement of work (SOW) is the document that defines the deliverables, timeline, and terms of a penetration testing engagement. PenTest+ covers the SOW and contracts in engagement management.

All PT0-003 Terms

Rules of engagement

Rules of engagement (RoE) are the agreed constraints of a penetration test — scope, timing, targets, and permitted techniques.

Scope

Scope defines exactly which systems, networks, and applications are authorized targets of a penetration test.

Statement of work

A statement of work (SOW) is the document that defines the deliverables, timeline, and terms of a penetration testing engagement.

OSINT

OSINT (Open-Source Intelligence) is information gathered from publicly available sources during reconnaissance.

Reconnaissance

Reconnaissance is the phase of gathering information about a target using passive and active techniques.

Enumeration

Enumeration is the active process of extracting details such as hosts, services, users, and shares from a target.

Nmap

Nmap is an open-source network scanner used to discover hosts, ports, and services.

Vulnerability scanning

Vulnerability scanning is the use of automated tools to identify security weaknesses in targets.

Metasploit

Metasploit is a widely used exploitation framework for developing and executing exploit code against targets.

SQL injection

SQL injection is a web attack that inserts malicious SQL into a query to read or modify a database.

Social engineering

Social engineering is the manipulation of people into revealing information or performing actions that aid an attack.

Privilege escalation

Privilege escalation is the act of gaining higher permissions than initially granted on a compromised system.

Lateral movement

Lateral movement is the technique of moving from one compromised system to others within a network.

Persistence

Persistence is the establishment of continued access to a compromised system that survives reboots or credential changes.