This week, my lecturer, Sir Kalpin taught the class more on the procedures of Penetration Testing. In order to not break the law or cause any harm to ourselves and the client’s system, we must first:

• Make a written agreement signed by both party
• Confirm that the system we are going to penetration test is our client’s, or at least confirm that our client have the legal rights over the system

After completing the above steps, then we proceed to target scoping which is also very important. We must make an agreement with our client on what’s going to be tested, this step is important in order to avoid breaking the client’s system due to no backup or recovery. Some examples might be, if the system is a running system and we don’t do target scoping agreement first, then we try to do DDos attack, then the server may breakdown and furthermore, if the client don’t have the backup this will cause many losses.