Pre-engagement Scoping

Pre-engagement Scoping Form

Please fill in this questionnaire and send us back the PDF generated at your earliest convenience. If you are not sure what a question means, hover over the ? icons for explanations.

Important: This form does not transmit any data. Please complete the form, download the PDF at the end, and e-mail it to us.
Step 1 of 4

Tell us about you

The person whose details are provided here will be designated as the Primary Point of Contact for the project. Unless otherwise stated, this person will be the only person to receive the final report, as well as receive ALL project e-mails from start to finish.

Please enter your name.
Please enter a valid email.
Please enter a phone number.
i This person will be the only person to receive the final report, as well as receive all project e-mails from start to finish.

Tell us about your company

These details will appear on the final Pentest Report, so please enter them accurately.

i This name will be on your final report as the company name, so please put in the full legal name of the organization.
Required.

Tell us about your project

Provide the scheduling, business rationale and environment details for this engagement.

Requested date range for test

Required.
Required.

Business requirement for this penetration test *

Regulation Details *
PCI/DSS Details

Type of Environment * ?

NOTE: Certain exploitation of vulnerabilities to determine and/or prove a weakness could crash your systems/services or cause them to reboot. While our methodology is very precise and this is indeed very rare, due to the nature of penetration testing, testing on live production systems is NOT recommended where possible.

Types of test(s)

Select all test types that apply and fill in the details for each.

?

The External Network pentest covers the underlying server infrastructure for a website (or other target), and not the applications themselves. It's a test for the network layer, simulating what an attacker can do to the target's external network perimeter.

For instance, if the target was a payment gateway running on an Apache server behind a Firewall, the External Network Pentest would test the firewall and the Apache Server, and not touch the website contents.

If we want to test the website (web application) itself, that would be a Web Application pentest. Requirements like PCI usually require both.

Targets: External IP addresses (e.g. 207.154.195.119)
External Network Penetration Test Details
Targets can be IP addresses, ranges, or specific IP:port pairs
If target IPs can change before the test, please mark this "no".
?

The Internal Network pentest deals with IPs and services on an INTERNAL Network, accessed from the outside through a VPN provided by the client.

Targets: Internal IP addresses (e.g. 192.168.10.10) or ranges (e.g. 10.10.10.1/26)
Internal Network Penetration Test Details
Operating Systems
How will we be connecting to the Internal Network environment? * ?

The ideal and preferred way of connecting, if possible, is to provide a VPN connection, plus a Kali Linux VM inside the network dedicated for the testing team with internet access and sudo rights.

Remote control solutions such as Teamviewer are discouraged as they tend to be cumbersome to use and extend testing times.
?

Web Application pentests are focused on Web Application structures on web servers. Testing is conducted on the Application Layer — Wordpress, APIs, JavaScript & PHP applications, etc.

Targets: https://www.example.com, https://www.example.com/payment/cards/*, etc.
Web Application Penetration Test Details

Please specify targets to be included in the test.

?

Mobile application pentests are conducted against mobile application packages like APKs and IPAs. You will need to provide a compiled copy of the latest version of the application package.

Targets: APK or IPA files.
Mobile Application Penetration Test Details
Please confirm that you can provide a version of the APK and the IPA that has: *
Due to the way Mobile Applications are tested, we need to run them inside emulators, and analyze their various details. For this reason, we need at the very least, a version of the apps with Root Detection disabled. Please confirm that you can provide such versions for the testing team.
If HTTP traffic will be tested, we will need at least one of the applications delivered with SSL Pinning capabilities disabled, so we can analyze the network traffic. Please confirm that you can provide such a version for the testing team.
If your mobile app is generating HTTP traffic with backend server(s), and this traffic also needs to be tested, answer this question "Yes" and enter the relevant details of the backend URLs to be tested in the field that opens below.
If you answer this as "No", then the mobile application will be tested with an "App-Only Focus" which assesses the security of the mobile application as it exists and operates within the mobile device environment, independent of its backend services. This form of testing does not include assessment of the app's communication with backend servers or API endpoints. This type of test includes static analysis of the application code and package (e.g., APK/IPA), dynamic analysis during runtime, evaluation of local data storage, inter-process communication, usage of device permissions, and reverse engineering resistance. The goal is to uncover vulnerabilities such as insecure storage, hardcoded secrets, improper certificate handling, or unintended behaviors exploitable on the device.

Please specify backend targets to be included in the test.

Android (APK) Details
Additional technologies used?
iOS (IPA) Details
Additional technologies used?
?

Cloud Configuration Security Testing evaluates the security posture of your cloud environment by reviewing configuration of cloud services, identity and access controls, network architecture, logging and monitoring setups, and compliance-related settings.

The goal is to identify misconfigurations, overly permissive access, insecure defaults, and deviations from best practices. This testing is non-invasive and typically involves read-only access or offline configuration reviews.
Cloud Configuration Security Test Details
What type of Cloud environment? *
We will usually need at least one user account with Reader + Security Reader permissions.
AWS Services to be assessed
Azure Services to be assessed
GCP Services to be assessed
?

Wi-Fi Network pentests deal with cracking the security protecting password-protected wireless networks on the protocol layer. The goal is to break into the network as an outside attacker, without any credentials supplied, by physically capturing radio signals.

Due to the physical nature of this test, Wireless penetration tests cannot be conducted remotely — a pentester needs to be physically present on the client's target premises.
Wireless Penetration Test Details
?

Social engineering tests focus on the security awareness present in a company's target personnel. Pentesters first collect information on a target company, then prepare and launch convincing phishing campaigns against each individual within the target scope.

None of the simulated malicious payloads actually harm or exploit their systems.
Social Engineering Test Details
?

Segmentation testing checks if certain parts of a network infrastructure are accessible from other parts where they're supposed by design to be unaccessible.

The methods used are from the same family of network enumeration techniques used in penetration tests.
Network Segmentation Test Details
Targets can be IP addresses, ranges, or specific IP:port pairs
Enter the number of distinct network zones we need to access from the inside (to inventory systems) and from the outside (to confirm they're unreachable).
You can also provide explanations of how they are reached (as in the example in the box).
?

Physical Intrusion testing is focused on the physical security aspects of your organization. Each target is a location belonging to your organization, and the goal is to breach the premises and gain access to critical IT assets using physical means.
Physical Intrusion Test Details
?

LLM Penetration Testing evaluates the security of applications powered by Large Language Models. The assessment covers prompt injection, data leakage, model manipulation, privilege escalation through conversational interfaces, and other AI-specific attack vectors.

This includes testing chatbots, AI assistants, automated decision systems, and any application that integrates LLM capabilities — whether self-hosted or accessed via third-party APIs.
LLM Penetration Test

This assessment is for conducting security evaluations of your application's use of Large Language Models, focusing on risks such as prompt injection, information leakage, function misuse, and unauthorized access through LLM-driven interfaces.

Information regarding LLM targets will be gathered from you over direct communication.

Additional Information

Tell us about existing defenses, documents you can share, and any additional notes.

External perimeter defenses in place ?

How many final reports will be needed?

If you will need more than 1 final report for the pentest results, please list them and how they should be different.

Documents available for sharing ?

Any Additional Notes?

Are there systems or applications in the same networks or environments that should not be tested?

Almost done!

Your scope PDF is ready for download. Please download & e-mail it back to us.

For security reasons, we do NOT receive this form submission. No data leaves your browser.
Please download the PDF and e-mail it to us. If you refresh or close this page, you will need to generate the PDF again.

Generating your PDF…