Pre-Scoping Questions
This document is how we gather the requirements to accurately and concisely scope your penetration test. Please be as accurate and detailed as possible, as this will help us make sure you get the right test that best fits your requirements.
* Required
Email address
*
Your email
Company name
*
Your answer
Your name
*
First and last name
Your answer
Phone number
*
Your answer
1. What will be the scope of the testing?
*
Internal Infrastructure Penetration Test
External Infrastructure Penetration Test
Web application Penetration Test
Mobile application Penetration Test
Remediation Verification Testing
API Penetration Test
IT systems Security audit
Vulnerability Assessment
Vulnerability Management
Social engineering
Other:
Required
2. DETAILED QUESTIONS: INFRASTRUCTURE
Only complete this section if you selected ‘Infrastructure Penetration test’ above.
Internal tests simulate an attack that has already bypassed your security perimeter or simulates an attack from an employee which device is compromised through social engineering. This discovers what an attacker can do internally, such as moving across systems and networks. It also simulates what an insider attack could do.
External tests simulate the ability of an attacker to gain access to your internal network and infrastructure from outside your security perimeter or verifies whether some of your pubic facing systems can be compromised.
Please provide a number of IP addresses to be tested (both internal and external if apply).
How many of them are servers (both virtual and physical to be counted), work stations, network/infrastructure and other equipment (printers, sensors, cameras and ect.)?
Your answer
If you answered INTERNAL infrastructure.
Would you prefer the test to be carried out on your premises or by providing a secure VPN into the internal environment?
On premises
Via VPN
Clear selection
3. DETAILED QUESTIONS: APPLICATIONS
Only complete this section if you selected ‘Application Penetration Test’ in Question 1 above.
Type of application/s which will be tested.
Please select all that apply.
Web application
Mobile iOS application
Mobile Android application
If you selected WEB application above, please provide URLs of the hosted application if possible:
Your answer
What is the application used for?
Please provide a summary of the application's functionality.
Your answer
What will be the access that needs to be tested for the Web app ?
Un-authenticated
Authenticated with low privilages *standard user*
High privileged user *admin*
Unsure (we'll advise)
Other:
If you selected MOBILE application above, is it freely available to download?
Please select all that apply.
Not available on the market, testing environment will be provided.
Google play
iOS app store
Other:
What will be the access that needs to be tested for the Mobile app ?
Un-authenticated
Authenticated with low privilages *standard user*
High privileged user *admin*
Unsure (we'll advise)
Other:
What is the application used for?
Please provide a summary of the application's functionality.
Your answer
Would you like to test APIs?
Yes
No
Clear selection
If yes, how many endpoints are there?
Your answer
How many API calls?
Your answer
Please provide API parameters.
Your answer
What will be the access that needs to be tested for the API ?
Un-authenticated
Authenticated with low privilages *standard user*
High privileged user *admin*
Unsure (we'll advise)
Other:
Would you provide an API schema?
With no API schema, manual API mapping will be required which will increase the price.
Yes
No
Clear selection
Is the test to be carried out on a live (production) environment?
*
We recommend staging environment to be provided.
Yes
No, testing environment will be provided
Other:
4. What type of test do you require?
*
Black Box tests are where the penetration tester knows nothing of the infrastructure to be tested. It’s more indicative of a real-world, attack, but this method may expose fewer vulnerabilities. White Box tests are where the penetration tester has access to full, in-depth information on the infrastructure to be tested. Whilst not as realistic as a black-box test, it allows for a very thorough test. Grey Box tests are the most popular form of test that takes a balanced approach between white and black boxes. A grey box test discloses just enough information to perform a thorough, methodical test, whilst keeping the scenario relevant and realistic.
Black box
White box
Grey box
Unsure (we will advise)
Required
5. If you answered IT systems security audit.
How many machines will be audited? How many of them are servers (both virtual and physical to be counted), work stations, network/infrastructure and other equipment?
Your answer
The systems in the scope are part of an Active Directory?
Yes
No
Clear selection
6. If you answered Vulnerability Assessment.
How many systems will be scanned and assessed?
Your answer
7. If you answered Social Engineering.
How many employees will be tested?
Your answer
8. Is 24/7 testing allowed?
*
If no, this will lead to increase in the price.
Yes
No
9. Additional information
Is there any other information you think we should know? Perhaps you’d like to expand on any of your answers, or provide us with additional detail we haven’t explicitly requested. Please write it below:
Your answer
Send me a copy of my responses.
Submit
Never submit passwords through Google Forms.
reCAPTCHA
Privacy
Terms
This form was created inside of SoCyber.
Report Abuse
Forms
