Validating ranges directly with the client promotes coverage while preventing out-of-scope testing. Automated discovery may include unrelated segments, relying on a public source can be outdated or incomplete, and performing a targeted DNS sweep alone risks missing segments that are not captured by name records.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to confirm address blocks with the client before a security test?
Open an interactive chat with Bash
What is the risk of using automated discovery for active hosts in security testing?
Open an interactive chat with Bash
Why are open databases or DNS sweeps insufficient for determining test scope?