In IT security - primarily in offensive IT security - the term "scope" is used quite frequently. This term describes the extent and objective of a project or investigation. The client of a penetration test usually defines the scope together with the pentest provider - this can be a web application, an IP address, or a certain number of IT systems that are precisely defined. In the context of physical security, the scope can be, for example, a building or premises that is being checked for vulnerabilities.
Through the exact definition of a project's scope, it can be ensured that the often limited resources are used effectively.
Examples of Scope in IT Security
- All web applications on a specific server
- An entire ASN or CIDR
- The API of an application
- The internal network of a company
- The external network of a company
- An iOS or Android application
- The Darknet (in the context of OSINT or Darknet Intelligence)
- A specific building or premises (physical security)
- A specific vehicle (e.g., a car or an airplane)
- A specific person or group of people (Context: Phishing)
- A company as a whole (Context: Red Teaming, eASM, ...)
Thank you for your feedback! We will review it and optimize this content.
