Skip to content
Make a call :
+971555152016
INDIA | UAE
Services
Assessments
Network Penetration Testing
Cyber Awareness Training
Cloud Penetration Testing
Secure SDLC Trainings
ISO 27001 Certification
Application Security Assessments
Employee Skills Assessment
Product Development Program
Source Code Review Service
Blogs
Contact Us
Have any Questions?
+971555152016
Scoping Questionnaire for Penetration Test
RedTeam Cybersecurity Labs
>
Scoping Questionnaire for Penetration Test
Search for:
Search
1. What is the business requirement for this penetration test?
*
This is required by a regulatory audit or standard
Proactive internal decision to determine all weakness
2. Will you also conduct a whitebox pentest or black box pentest or both?
*
White Box can be best described as a test where specific information has been provided in order to focus the effort. This tests the threat of internal attacks, say originating from people who have access to your network and know a lot about the services, ports, apps, etc running Black Boxcan be best described as a test where no information isprovided by the client and the approach is left entirely to the penetrationtester (analyst) to determine a means for exploitation –this helps you understand the threat of external attacks
3. What is the target of the Penetration Test ?
*
Mobile Application
Website/Web Application
Network
Application and Network
Wireless
Other, please explain
4. If it is an application and/or website, What are the predominate languages/frameworks in which website / application(s) are coded in (C, C++, Java, J2ME, Asp. Net, Vb. Net, Php, Xml, Asp, JavaScript, VBScript, OracleForms, Ruby on Rails or frameworks like Flutter,Xamarin, React Native, etc.) ?
*
5. Approximately how many dynamic web pages / forms / screens part of each application? (i.e. dynamic pages are pages that accept and return user input, and can be form based pages that allow input of user name/password, etc.
*
6. How many IP addresseis and/or applcations are included as in-scope for this testing?. Please list them, including multiple sites, etc.
*
7. What are the objectives?
*
Map out the vulnerabilities
Demonstrate that the vulnerabilities exist
Actual exploitation of the vulnerability in a network, system, or application.
Obtain previleged access;exploit buffer overflows, SQL injection attacks, etc. This level of the test would carry out the exploitation of a weakness and can impact system availability.
8. Will this test be done on a production environment/production build ?
*
You need to understand that certain exploitation of vulnerabilities to determine and/or prove a weakness could crash your system or cause it to reboot. RedTeam Cybersecurity Labs is not liable for downtime caused by proving the system’s weakness to attack.
9. If production environment must not be affected, does a similar environment (development and/or test systems) exist that can be used to conduct the pentest ?
*
10. If development and/or test systems, will you provide us access to the environment over internet or VPN ?
*
11. If it is an application, will you provide a demo of the application?
*
12. Are there any internal or external infrastructure that is owned, managed or operated by third-parties or service providers ?
*
13. If so, do we need to have any testing agreement signed or will you provide the authorization?
*
14. Are the business owners aware of this pentest?
*
Are key stakeholders (business owners)aware that the nature of a pen test is to attack the system as a hacker (or hostile actor) would in order to learn and prove the system’s weakness?In addition to identifying vulnerabilities, if found, we will attempt to exploit them and then show you the results.
15. At what time do you want these tests to be performed?
*
At what time do you want these tests to be performed?
During business hours
After business hours
Weekend hours
During system maintenance window
Anytime, please explain fully
16. Are there any policies that would prevent us from utilizing our offshore / remote resources for this engagement?
*
17. Who is the technical point of contact?
Name
*
Company Name
*
Email
*
Phone
*
18. Is retest required once agreed vulnerabilities are fixed?
*
19. Provide a dated written consent letter on company headed paper and stamped with the company seal/stamp authorizing for the penetration test
Upload file
Drag and Drop (or)
Choose Files
20. Addition Information?
Submit
Scoping Questionnaire for Penetration Test
Name
*
Company Name
*
Email
*
Phone
*
Submit
x
×
How can I help you?