Engagement Form
Use this form to engage for a web application security vulnerability assessment / penetration test.
Your Name?
Your answer
Your Phone Number?
Your answer
Your Email Address?
Your answer
Target Application Name?
Your answer
Describe the target application's purpose, who uses it, how it helps them, etc. Please try and be as detailed as possible.
Your answer
Reason for Assessment?
What is the reasoning for requesting an assessment; compliance, remediation response, new deployment, etc.?
Your answer
Do you have the authority to request and approve an assessment of the target application?
Authority Contact?
If "Yes" above, leave this field blank. If "No", please list the name of the person of authority and include their email address and phone number..
Your answer
Assessment Deadline?
Target URL of Production Instance?
What is the main URL of the production instance? (Leave blank if not yet released / deployed.)
Your answer
Permission to View Production Instance?
Do I have permission to take a look at the production instance of the application, to assist in determining scope, depth, breadth, and complexity? (No attack testing will take place, just normal browsing.)
Preferred Assessment Style?
Describe the style of assessment you would like. Do you want a black-box (blind) style of assessment where I pretend to be an attacker with little to no knowledge of your application, no provided credentials for secure area testing, etc.? Or would you like more of a crystal-box style of assessment, where I work with you to learn your application, am provided test credentials / multiple tenant / user role access, legitimate working test data, and am able to login to the secure areas and test accessing data between the different users of the application? Or do you want both? (If Black Box only, leave any details requested to follow blank)
Target URL of Test Instance?
Please note that it is recommended not to perform security testing against live, production, in-use web applications. As such, enter the URL for the test instance (i.e. DEV, QA, STAGING) of your application, if this is available.
Your answer
What Information Needs to be Protected?
Does your site / application contain user data or Personally Identifiable Information (PII), credit card numbers or transaction information, intellectual property, health records, financial data, etc.? (Please describe the crown jewels.)
Your answer
Any Secure / Private Areas?
Does the application have any private or secure areas? If so, list their URLs here.
Your answer
What is the size of Application?
Approximate Number of Users, User Roles, Pages, Forms, Interactive / Multi-step Work-flows, Back-end / Front-end Integrations, API Integrations, etc.
Your answer
Authentication Methods Used?
Describe the authentication mechanisms utilized to protect the secure areas of the application. (i.e. form based, multi-factor, single-sign-on, external authentication providers such as Twitter, Google, Facebook, etc.)
Your answer
External Work-flows?
Describe any external work-flows that the application initiates. (i.e. emails sent for order confirmations, other website tie-ins and integrations, public database lookups, ticket generations,., payment outsourcing, API linkages, etc.)
Your answer
Miscellaneous Information?
Feel free to add any pertinent information for your application. Is there any specific portions of the application you would like tested, any specific form, work-flow, page? What about areas of the application to avoid, that are out-of-scope? Has your application been security tested before? Every bit of information will help to determine the depth and breadth of your application. Please also note that you might be requested to provide a demonstration of your application to assist me in determining an appropriate fee for services rendered.
Your answer
Never submit passwords through Google Forms.
This content is neither created nor endorsed by Google. Report Abuse - Terms of Service - Additional Terms