Pre-Scoping Questions
This document is how we gather the requirements to accurately and concisely scope your penetration test. Please be as accurate and detailed as possible, as this will help us make sure you get the right test that best fits your requirements.
Email address *
Company name *
Your name *
First and last name
Phone number *
1. What will be the scope of the testing? *
Required
2. DETAILED QUESTIONS: INFRASTRUCTURE
Only complete this section if you selected ‘Infrastructure Penetration test’ above.
Internal tests simulate an attack that has already bypassed your security perimeter or simulates an attack from an employee which device is compromised through social engineering. This discovers what an attacker can do internally, such as moving across systems and networks. It also simulates what an insider attack could do.
External tests simulate the ability of an attacker to gain access to your internal network and infrastructure from outside your security perimeter or verifies whether some of your pubic facing systems can be compromised.
Please provide a number of IP addresses to be tested (both internal and external if apply).
How many of them are servers (both virtual and physical to be counted), work stations, network/infrastructure and other equipment (printers, sensors, cameras and ect.)?
If you answered INTERNAL infrastructure.
Would you prefer the test to be carried out on your premises or by providing a secure VPN into the internal environment?
Clear selection
3. DETAILED QUESTIONS: APPLICATIONS
Only complete this section if you selected ‘Application Penetration Test’ in Question 1 above.
Type of application/s which will be tested.
Please select all that apply.
If you selected WEB application above, please provide URLs of the hosted application if possible:
What is the application used for?
Please provide a summary of the application's functionality.
What will be the access that needs to be tested for the Web app ?
If you selected MOBILE application above, is it freely available to download?
Please select all that apply.
What will be the access that needs to be tested for the Mobile app ?
What is the application used for?
Please provide a summary of the application's functionality.
Would you like to test APIs?
Clear selection
If yes, how many endpoints are there?
How many API calls?
Please provide API parameters.
What will be the access that needs to be tested for the API ?
Would you provide an API schema?
With no API schema, manual API mapping will be required which will increase the price.
Clear selection
Is the test to be carried out on a live (production) environment? *
We recommend staging environment to be provided.
4. What type of test do you require? *
Black Box tests are where the penetration tester knows nothing of the infrastructure to be tested. It’s more indicative of a real-world, attack, but this method may expose fewer vulnerabilities. White Box tests are where the penetration tester has access to full, in-depth information on the infrastructure to be tested. Whilst not as realistic as a black-box test, it allows for a very thorough test. Grey Box tests are the most popular form of test that takes a balanced approach between white and black boxes. A grey box test discloses just enough information to perform a thorough, methodical test, whilst keeping the scenario relevant and realistic.
Required
5. If you answered IT systems security audit.
How many machines will be audited? How many of them are servers (both virtual and physical to be counted), work stations, network/infrastructure and other equipment?
The systems in the scope are part of an Active Directory?
Clear selection
6. If you answered Vulnerability Assessment.
How many systems will be scanned and assessed?
7. If you answered Social Engineering.
How many employees will be tested?
8. Is 24/7 testing allowed? *
If no, this will lead to increase in the price.
9. Additional information
Is there any other information you think we should know? Perhaps you’d like to expand on any of your answers, or provide us with additional detail we haven’t explicitly requested. Please write it below:
Submit
Never submit passwords through Google Forms.
reCAPTCHA
This form was created inside of SoCyber. Report Abuse