Master the essential soft skills and assessment management concepts required for the CREST Practitioner Security Analyst (CPSA) certification. This appendix covers the non-technical aspects of penetration testing including client engagement, legal compliance, project scoping, risk communication, and professional reporting.
Topics Covered
- A1 Engagement Lifecycle - Understanding the phases of a penetration testing engagement from initial contact to final delivery
- A2 Law and Compliance - Legal frameworks, authorization requirements, and regulatory compliance in security testing
- A3 Scoping - Defining test boundaries, identifying targets, and establishing rules of engagement
- A4 Understanding, Explaining and Managing Risk - Risk assessment methodologies, communication strategies, and risk prioritization
- A5 Record Keeping, Interim Reporting and Final Results - Documentation standards, progress reporting, and professional report writing