[DOCS-462] Scoping changes (2)

cobalthq · Jun 13, 2023 · 1b23eb6 · 1b23eb6
1 parent f83591d
commit 1b23eb6
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 11 deletions.
diff --git a/content/en/Getting started/glossary.md b/content/en/Getting started/glossary.md
@@ -294,6 +294,12 @@ The [OSSTMM](https://www.isecom.org/OSSTMM.3.pdf) tests the operational security
 locations, human interactions, and all communications on the network, whether they be wireless,
 wired, analog, or digital.
 
+## Operating System
+
+As defined by [NIST](https://csrc.nist.gov/glossary/term/operating_system), an **operating system (OS)** is a program that runs on a computer and provides a software platform on which other programs can run.
+
+A **mobile OS** is an OS that runs on a mobile device, such as a mobile phone, tablet, or smartwatch.
+
 ## Operations Security (OpSec)
 
 Operations Security, commonly known as OpSec, identifies critical information, and if/how it

diff --git a/content/en/Getting started/pentest-preparation.md b/content/en/Getting started/pentest-preparation.md
@@ -51,13 +51,9 @@ Learn [how to scope a pentest for a web app](/getting-started/planning/#web) in
 
 **Information needed to set up your pentest**:
 
-- Operating systems (OSes) the application runs on:
+- The number of [operating systems](/getting-started/glossary/#operating-system) the application runs on:
   - **Native applications** are built to run on a specific mobile operating system, such as iOS or Android.
   - **Non-native applications** are built to run on multiple operating systems.
-- The number of [screens](/getting-started/glossary/#mobile-screen) (views) for all operating systems. A screen is a screen-sized interface that a user interacts with on a mobile device. Screens in a mobile application are functionally equivalent to [dynamic pages](/getting-started/glossary/#dynamic-web-page) in a [web](#web-application) application.
-- Basic information about the [user roles](/getting-started/glossary/#user-role), such as:
-  - The number of different role types you want to test
-  - Permission structure for user roles
 - Application framework
 - Access to your application:
   - Downloadable links, if the application is publicly available

diff --git a/content/en/Getting started/planning.md b/content/en/Getting started/planning.md
@@ -91,14 +91,13 @@ If the only APIs in your assets populate web pages, you may not need to set up a
 
 ### Mobile
 
-To scope a pentest for a Mobile asset, specify the number of the following characteristics of the asset that need to be tested.
+To scope a pentest for a Mobile asset, specify the number of operating systems that need to be tested.
 
 ![Scoping parameters for a Mobile asset](/gsg/pentest-scoping-mobile.png "Scoping parameters for a Mobile asset")
 
-| Parameter | Definition | <span style="background-color: #ECE6FA; padding: 2px;">Scoping Guidelines</span> |
-|---|---|---|
-| [User Roles](/getting-started/glossary/#user-role) | {{% user-role %}} | <p>Enter the number of User Roles in your Mobile asset that need to be tested.</p><p>{{% count-user-roles %}}</p> |
-| [Screens](/getting-started/glossary/#mobile-screen) (For All OSes) | <p>A Screen is a screen-sized interface that a user interacts with on a mobile device.</p><p>Depending on the operating system, Screens may be referred to as:<ul><li>Superviews or subviews on iOS</li><li>Views on Android</li></ul></p><p>Screens in a mobile application are functionally equivalent to [Dynamic Pages](/getting-started/glossary/#dynamic-web-page) in a [Web](#web) asset.</p> | <p>Enter the number of Screens in your Mobile asset that need to be tested, based on the application type.</p><ul><li>**Native applications** are built to run on a specific mobile operating system, such as iOS or Android.<ul><li>Enter the total number of screens for all operating systems. We'll test the application for each operating system it runs on.<ul><li>For example, your mobile application runs on both iOS and Android. The application has 10 screens, so you should specify 20 screens in total. </li></ul></li></li></ul></li><li>**Non-native applications** are built to run on multiple operating systems.<ul><li>Enter the number of screens in the application. Because non-native applications use the same codebase to run on different operating systems, we'll test a single version.</li></ul></li></ul> |
+| Parameter | <span style="background-color: #ECE6FA; padding: 2px;">Scoping Guidelines</span> |
+|---|---|
+| [Operating Systems](/getting-started/glossary/#operating-system) | <p>A mobile operating system is an [operating system](/getting-started/glossary/#operating-system) that runs on a mobile device. Examples: iOS, Android, Windows Mobile.</p><p>Enter the number of operating systems for which the mobile app needs to be tested.</p><ul><li>**Native applications** are built to run on a specific mobile operating system, such as iOS or Android.</li><li>**Non-native applications** are built to run on multiple operating systems.</li></ul> |
 
 ### API
 

diff --git a/content/en/Platform Deep Dive/Pentests/pentest-types.md b/content/en/Platform Deep Dive/Pentests/pentest-types.md
@@ -21,7 +21,8 @@ To run a special pentest engagement, contact our [Professional Services](https:/
 | **Definition** | {{% agile-pentest %}} | {{% comprehensive-pentest %}} |
 | **Pentest Scope** | Specific part of an [asset](/getting-started/glossary/#asset) | Broad area of an [asset](/getting-started/glossary/#asset) |
 | **Use Cases** | <li>New release or feature testing</li><li>Delta testing</li><li>Exploitable vulnerability testing</li><li>Single [OWASP](https://owasp.org/) category testing</li><li>Microservice testing</li><li>Internal security testing</li> | <li>Comprehensive [security audit](/getting-started/glossary/#security-audit)</li><li>[Compliance audit](/getting-started/glossary/#compliance-audit) testing based on the frameworks such as [SOC 2](https://us.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report.html), [ISO 27001](https://www.iso.org/isoiec-27001-information-security.html), [PCI-DSS](https://www.pcisecuritystandards.org/), [CREST](https://www.crest-approved.org/), or [HIPAA](https://www.hhs.gov/hipaa/index.html)</li><li>M&amp;A due diligence</li><li>Internal or third-party attestation request</li> |
-| **[Standard pentest timelines](/getting-started/planning/#pentest-timelines)** | <li>3 or 4 credits: 7 days</li><li>From 5 credits: 14 days</li> | 14 days |
+| **Minimum [Credits](/platform-deep-dive/credits/)** | 3 credits | 6 credits |
+| **[Standard Pentest Timelines](/getting-started/planning/#pentest-timelines)** | <li>3 or 4 credits: 7 days</li><li>From 5 credits: 14 days</li> | 14 days |
 | **[Pentest Lead](/getting-started/glossary/#pentest-lead) Assigned** | No | Yes |
 | **Available [Pentest Reports](/platform-deep-dive/pentests/reports/)** | <li>Automated Report</li> | <li>Customer Letter</li><li>Attestation Letter</li><li>Attestation Report</li><li>Full Report</li><li>Full Report + Finding Details</li> |
 | **Report Target Audience** | Internal stakeholders | External stakeholders |

diff --git a/static/gsg/pentest-scoping-mobile.png b/static/gsg/pentest-scoping-mobile.png