Mapping endpoints
Collect information to identify assets a target has across all cloud providers.
Identify services hosted with third-party companies.
Map out all the endpoints: user interface, APIs, subnetworks, etc. for which testing is to be done.
Decide which endpoints to exclude based on policy restrictions, user permissions, etc.
Decide the route for performing the pentest: from application or database.
Figure out how well the application server and VMs can take the load of the tests.
Find out the laws that need to be followed while performing tests.
Figure out which tools to use and what types of tests to do on which endpoints (Automated or Manual).
Get approval for the plan from the client and inform them when you wish to begin.