Pre-Scoping Questions

JavaScript isn't enabled in your browser, so this file can't be opened. Enable and reload.

This document is how we gather the requirements to accurately and concisely scope your penetration test. Please be as accurate and detailed as possible, as this will help us make sure you get the right test that best fits your requirements.

Email *

Company name *

Your name *

First and last name

Phone number *

1. What will be the scope of the testing? *

Internal Infrastructure Penetration Test

External Infrastructure Penetration Test

Web application Penetration Test

Mobile application Penetration Test

Remediation Verification Testing

API Penetration Test

IT systems Security audit

Vulnerability Assessment

Vulnerability Management

Social engineering

Other:

Required

2. DETAILED QUESTIONS: INFRASTRUCTURE

Only complete this section if you selected ‘Infrastructure Penetration test’ above.
Internal tests simulate an attack that has already bypassed your security perimeter or simulates an attack from an employee which device is compromised through social engineering. This discovers what an attacker can do internally, such as moving across systems and networks. It also simulates what an insider attack could do.
External tests simulate the ability of an attacker to gain access to your internal network and infrastructure from outside your security perimeter or verifies whether some of your pubic facing systems can be compromised.

Please provide a number of IP addresses to be tested (both internal and external if apply).

How many of them are servers (both virtual and physical to be counted), work stations, network/infrastructure and other equipment (printers, sensors, cameras and ect.)?

If you answered INTERNAL infrastructure.

Would you prefer the test to be carried out on your premises or by providing a secure VPN into the internal environment?

On premises

Via VPN

Clear selection

3. DETAILED QUESTIONS: APPLICATIONS

Only complete this section if you selected ‘Application Penetration Test’ in Question 1 above.

Type of application/s which will be tested.

Please select all that apply.

Web application

Mobile iOS application

Mobile Android application

If you selected WEB application above, please provide URLs of the hosted application if possible:

What is the application used for?

Please provide a summary of the application's functionality.

What will be the access that needs to be tested for the Web app ?

Un-authenticated

Authenticated with low privilages *standard user*

High privileged user *admin*

Unsure (we'll advise)

Other:

If you selected MOBILE application above, is it freely available to download?

Please select all that apply.

Not available on the market, testing environment will be provided.

Google play

iOS app store

Other:

What will be the access that needs to be tested for the Mobile app ?

Un-authenticated

Authenticated with low privilages *standard user*

High privileged user *admin*

Unsure (we'll advise)

Other:

What is the application used for?

Please provide a summary of the application's functionality.

Would you like to test APIs?

Yes

Clear selection

If yes, how many endpoints are there?

How many API calls?

Please provide API parameters.

What will be the access that needs to be tested for the API ?

Un-authenticated

Authenticated with low privilages *standard user*

High privileged user *admin*

Unsure (we'll advise)

Other:

Would you provide an API schema?

With no API schema, manual API mapping will be required which will increase the price.

Yes

Clear selection

Is the test to be carried out on a live (production) environment? *

We recommend staging environment to be provided.

Yes

No, testing environment will be provided

Other:

4. What type of test do you require? *

Black Box tests are where the penetration tester knows nothing of the infrastructure to be tested. It’s more indicative of a real-world, attack, but this method may expose fewer vulnerabilities. White Box tests are where the penetration tester has access to full, in-depth information on the infrastructure to be tested. Whilst not as realistic as a black-box test, it allows for a very thorough test. Grey Box tests are the most popular form of test that takes a balanced approach between white and black boxes. A grey box test discloses just enough information to perform a thorough, methodical test, whilst keeping the scenario relevant and realistic.

Black box

White box

Grey box

Unsure (we will advise)

Required

5. If you answered IT systems security audit.

How many machines will be audited? How many of them are servers (both virtual and physical to be counted), work stations, network/infrastructure and other equipment?

The systems in the scope are part of an Active Directory?

Yes

Clear selection

6. If you answered Vulnerability Assessment.

How many systems will be scanned and assessed?

7. If you answered Social Engineering.

How many employees will be tested?

8. Is 24/7 testing allowed? *

If no, this will lead to increase in the price.

Yes

9. Additional information

Is there any other information you think we should know? Perhaps you’d like to expand on any of your answers, or provide us with additional detail we haven’t explicitly requested. Please write it below:

Send me a copy of my responses.

Submit

Clear form

Never submit passwords through Google Forms.

reCAPTCHA

Privacy Terms

This form was created inside of SoCyber. Report Abuse

Forms