00x?? Test plan — Example — hackxpert.com/pentest
0. Document revision history
Version Revisor Date
1. Goal of the document
[Write down what you are trying to achieve with this document]
In this document we will describe the testing strategy including but not limited to:
- The features to be tested
- The methodology
- The roles and responsibilities
- The entry and exit criteria for testing
2. Who is this document for
[Write down the intended readers of the document in this section, this can be brief]
This document has been created to inform the security representative at “The XSS Rat” and the CEO of how testing will be conducted.
3. Project description
[Describe what the product you are testing does. What it’s functionalities are and who it’s intended audience is briefly.]
The project is a webshop that is partially completed intended to sell merchandise. Mock payments can be made but no action is taken such as reducing stock. The project is intended for the fans of the owner of the website and is a B2C website.
4. Testing objectives
[Write down what you want to achieve with testing. This can be brief and can be similar for most of your clients but make sure it’s adapted to every client.]
The objective of security testing of the product is to:
- define security goals through understanding security requirements of the applications;
- identify any potential security threats;
- Validate that the security controls operate as expected;
- eliminate the impact of security issues on the safety and integrity of the product;
- guarantee that the product will function correctly under malicious attacks;
5. Roles and responbilities
[Will the tester be operating alone? Who is to sign off on what document?]
| Project lead | — Oversee all documentation is complete and signed
- Initiate contact
