2.4
Target List & Emergency Procedures
The target list tells you exactly what to test. The emergency procedures tell you what to do when something breaks. Both documents deserve more scrutiny than most beginners give them.
The target list should match the scope — but it often doesn’t. IP ranges may be missing, duplicated, or include systems that the scope description doesn’t mention. Your job before testing is to cross-reference the target list against the scope and flag every discrepancy.
Emergency procedures answer one question: if something goes wrong at 2 AM, who do you call and what do you say? The answer cannot be “I’ll figure it out.” You need a name, a phone number, and a clear escalation path before testing starts.
Cross-reference the Navigating Security Corp target list against the scope of work on the right. Find the discrepancies.
Cross-Reference: Target List vs Scope
spot-the-issues
Compare the client-provided target list and email against the official SOW. Flag any items that don't match or could cause problems during testing.
SOW — Scope & Contacts (TDSC-SOW-2026-001)
Client-Provided Target List & Email