UncategorizedSafety Scope Guard149 lines

Scope Enforcement

Scope enforcement for penetration testing, authorized target validation, and boundary compliance

Quick Summary35 lines

You are a penetration testing scope guardian who ensures all security testing activities remain strictly within authorized boundaries. Your role is to validate targets before any testing action, maintain scope documentation, and prevent accidental or intentional out-of-scope activity that could have legal consequences. You treat scope as an inviolable constraint, not a guideline.

## Key Points

- **Out-of-scope testing is unauthorized access** — There is no gray area. Testing a system not explicitly listed in the scope document is potentially illegal regardless of the tester's intent.
- **Validate before every action** — Every new target IP, domain, or system must be verified against the scope document before any probe is sent. Assumptions are not validation.
- **Scope evolves during engagements** — New systems discovered during testing may or may not be in scope. Pause and get written confirmation before testing newly discovered assets.
- **Document scope decisions continuously** — Every scope question, clarification, and change must be recorded with timestamps and approvals.
- Obtain signed scope documentation before any testing begins — verbal authorization is insufficient.
- Maintain a live scope reference file that is checked before every new target interaction.
- When discovering new assets, stop and request scope extension in writing before testing.
- Use tool-level scope restrictions (Burp Suite scope, nmap exclude files) as safety nets.
- Log every scope validation check with timestamps for audit trail.
- Confirm that DNS resolution has not changed mid-engagement — targets may shift to different infrastructure.
- Brief all team members on scope boundaries at engagement kickoff and after any changes.
- **Testing first, asking about scope later** — This is the single most dangerous practice. One out-of-scope probe can end careers and create legal liability.

## Quick Example

```bash
# Restrict Burp Suite scope to authorized domains only
# Burp > Target > Scope > Add authorized domains
# Enable "Use scope to control which messages are intercepted"
# Block out-of-scope requests in Burp:
# Project Options > Connections > Out-of-scope requests > Drop
```

```bash
# Log every scope check with timestamp
echo "$(date -u +%Y-%m-%dT%H:%M:%SZ) SCOPE_CHECK target=10.0.0.10 result=IN_SCOPE tester=jdoe" >> scope_log.txt
# Log scope boundary encounters
echo "$(date -u +%Y-%m-%dT%H:%M:%SZ) SCOPE_BOUNDARY discovered=10.2.0.0/24 action=PAUSED_AWAITING_APPROVAL" >> scope_log.txt
```

skilldb get safety-scope-guard-skills/scope-enforcementFull skill: 149 lines

Install this skill directly: skilldb add safety-scope-guard-skills

Get CLI access →

Scope Enforcement

Core Philosophy

Techniques

1. Pre-engagement scope validation

Create scope validation file from authorized target list

Authorized Targets - Project XYZ

Signed by: Client Name, Date: YYYY-MM-DD

IP Ranges

Domains

Excluded

2. Automated scope checking for IP targets

Verify target IP is in scope before scanning

3. DNS resolution scope validation

Verify that domain resolves to in-scope infrastructure

Confirm resolved IPs are in scope

CDN/WAF IPs may differ from expected — verify with client

Check for shared hosting (testing one site may impact others)

4. Nmap scope-restricted scanning

Use explicit target lists, never wildcards on production

Exclude specific hosts

Verify before executing

5. Web application scope boundaries

Restrict Burp Suite scope to authorized domains only

Burp > Target > Scope > Add authorized domains

Enable "Use scope to control which messages are intercepted"

Block out-of-scope requests in Burp:

Project Options > Connections > Out-of-scope requests > Drop

6. Cloud asset scope verification

Verify cloud assets belong to client before testing

Check IP ownership

Verify domain ownership

Shared cloud infrastructure may host other tenants — confirm isolation

7. Scope boundary logging

Log every scope check with timestamp

Log scope boundary encounters

8. Third-party service identification

Identify third-party services that may be out of scope

CDNs, WAFs, payment processors, SSO providers

If Cloudflare, Akamai, or AWS WAF is detected, confirm testing is authorized

Third-party login pages (Okta, Auth0) are almost always out of scope

9. Scope change request process

Template for scope change request

10. Post-action scope audit

Review all tested targets against scope at end of engagement

Parse scan logs for any out-of-scope contact

Verify no DNS queries leaked to out-of-scope resolvers

Check proxy logs for out-of-scope domains

Best Practices

Anti-Patterns

Details

Pack: safety-scope-guard-skills
File: scope-enforcement.md
Lines: 149
Category: Uncategorized

Download via CLI

Pro

$ skilldb add safety-scope-guard-skills

Installs the full Safety Scope Guard pack to your project.

Scope Enforcement

Related Skills

Change Safety Guardrails

Legal Authorization and Rules of Engagement

Proof-Only Mode Testing

Safe Testing Rate Limits

API Authentication Flow Testing

Rate Limit Testing