Name: RedTeam Cybersecurity Labs
Brand: RedTeam Cybersecurity Labs
Rating: 5 (600 reviews)

2. Will you also conduct a whitebox pentest or black box pentest or both? *White Box can be best described as a test where specific information has been provided in order to focus the effort. This tests the threat of internal attacks, say originating from people who have access to your network and know a lot about the services, ports, apps, etc running Black Boxcan be best described as a test where no information isprovided by the client and the approach is left entirely to the penetrationtester (analyst) to determine a means for exploitation –this helps you understand the threat of external attacks

4. If it is an application and/or website, What are the predominate languages/frameworks in which website / application(s) are coded in (C, C++, Java, J2ME, Asp. Net, Vb. Net, Php, Xml, Asp, JavaScript, VBScript, OracleForms, Ruby on Rails or frameworks like Flutter,Xamarin, React Native, etc.) ? *

5. Approximately how many dynamic web pages / forms / screens part of each application? (i.e. dynamic pages are pages that accept and return user input, and can be form based pages that allow input of user name/password, etc. *

6. How many IP addresseis and/or applcations are included as in-scope for this testing?. Please list them, including multiple sites, etc. *

7. What are the objectives? *

Map out the vulnerabilitiesDemonstrate that the vulnerabilities existActual exploitation of the vulnerability in a network, system, or application.Obtain previleged access;exploit buffer overflows, SQL injection attacks, etc. This level of the test would carry out the exploitation of a weakness and can impact system availability.

8. Will this test be done on a production environment/production build ? *You need to understand that certain exploitation of vulnerabilities to determine and/or prove a weakness could crash your system or cause it to reboot. RedTeam Cybersecurity Labs is not liable for downtime caused by proving the system’s weakness to attack.

9. If production environment must not be affected, does a similar environment (development and/or test systems) exist that can be used to conduct the pentest ? *

10. If development and/or test systems, will you provide us access to the environment over internet or VPN ? *

11. If it is an application, will you provide a demo of the application? *

12. Are there any internal or external infrastructure that is owned, managed or operated by third-parties or service providers ? *

13. If so, do we need to have any testing agreement signed or will you provide the authorization? *

14. Are the business owners aware of this pentest? *Are key stakeholders (business owners)aware that the nature of a pen test is to attack the system as a hacker (or hostile actor) would in order to learn and prove the system’s weakness?In addition to identifying vulnerabilities, if found, we will attempt to exploit them and then show you the results.

Scoping Questionnaire for Penetration Test

3. What is the target of the Penetration Test ? *

7. What are the objectives? *

17. Who is the technical point of contact?

19. Provide a dated written consent letter on company headed paper and stamped with the company seal/stamp authorizing for the penetration test

Scoping Questionnaire for Penetration Test