Form - Security Assessment Scoping Questionnaire

Security Assessment Scoping Questionnaire

Name(Required)

First Last

Company(Required)

Email(Required)

When would you like your test performed?(Required)

What type of assessment are you looking to perform?(Required)

Please Note: Web Application Penetration Tests come with internal API endpoints. If internal API endpoint testing is needed as part of your Web Application Test, please select "Web Application Penetration Test" instead of a Web API Penetration Test.

Web Application Penetration Test

Are you looking to test more than one web application?(Required)

Yes

Web Application Name(Required)

Web Application URL(Required)

Web Application Purpose

If yes, how many?(Required)

Do you want testing done as an authenticated user of the system?(2 is recommended)(Required)

Yes

If Yes, how many user accounts?(Required)

How many pages/screens does the application have in total that require testing?(Required)

A “page” is any unique screen or view that displays distinct content or functionality (e.g., login page, dashboard, search results, checkout page).

Web Application #1

Web Application Name(Required)

Web Application URL(Required)

Web Application Purpose

Do you want testing done as an authenticated user of the system?(2 is recommended)(Required)

Yes

If Yes, how many user accounts?(Required)

How many pages/screens does the application have in total that require testing?(Required)

A “page” is any unique screen or view that displays distinct content or functionality (e.g., login page, dashboard, search results, checkout page).

Web Application #1

Web Application Name(Required)

Web Application URL(Required)

Web Application Purpose

Do you want testing done as an authenticated user of the system?(2 is recommended)(Required)

Yes

If Yes, how many user accounts?(Required)

How many pages/screens does the application have in total that require testing?(Required)

A “page” is any unique screen or view that displays distinct content or functionality (e.g., login page, dashboard, search results, checkout page).

Web Application #1

Web Application Name(Required)

Web Application URL(Required)

Web Application Purpose

Do you want testing done as an authenticated user of the system?(2 is recommended)(Required)

Yes

If Yes, how many user accounts?(Required)

How many pages/screens does the application have in total that require testing?(Required)

A “page” is any unique screen or view that displays distinct content or functionality (e.g., login page, dashboard, search results, checkout page).

Web Application #1

Web Application Name(Required)

Web Application URL(Required)

Web Application Purpose

Do you want testing done as an authenticated user of the system?(2 is recommended)(Required)

Yes

If Yes, how many user accounts?(Required)

How many pages/screens does the application have in total that require testing?(Required)

A “page” is any unique screen or view that displays distinct content or functionality (e.g., login page, dashboard, search results, checkout page).

Web Application #2

Web Application Name(Required)

Web Application URL(Required)

Web Application Purpose

Do you want testing done as an authenticated user of the system?(2 is recommended)(Required)

Yes

If Yes, how many user accounts?(Required)

How many pages/screens does the application have in total that require testing?(Required)

A “page” is any unique screen or view that displays distinct content or functionality (e.g., login page, dashboard, search results, checkout page).

Web Application #2

Web Application Name(Required)

Web Application URL(Required)

Web Application Purpose

Do you want testing done as an authenticated user of the system?(2 is recommended)(Required)

Yes

If Yes, how many user accounts?(Required)

How many pages/screens does the application have in total that require testing?(Required)

A “page” is any unique screen or view that displays distinct content or functionality (e.g., login page, dashboard, search results, checkout page).

Web Application #2

Web Application Name(Required)

Web Application URL(Required)

Web Application Purpose

Do you want testing done as an authenticated user of the system?(2 is recommended)(Required)

Yes

If Yes, how many user accounts?(Required)

How many pages/screens does the application have in total that require testing?(Required)

A “page” is any unique screen or view that displays distinct content or functionality (e.g., login page, dashboard, search results, checkout page).

Web Application #2

Web Application Name(Required)

Web Application URL(Required)

Web Application Purpose

Do you want testing done as an authenticated user of the system?(2 is recommended)(Required)

Yes

If Yes, how many user accounts?(Required)

How many pages/screens does the application have in total that require testing?(Required)

A “page” is any unique screen or view that displays distinct content or functionality (e.g., login page, dashboard, search results, checkout page).

Web Application #3

Web Application Name(Required)

Web Application URL(Required)

Web Application Purpose

Do you want testing done as an authenticated user of the system?(2 is recommended)(Required)

Yes

If Yes, how many user accounts?(Required)

How many pages/screens does the application have in total that require testing?(Required)

A “page” is any unique screen or view that displays distinct content or functionality (e.g., login page, dashboard, search results, checkout page).

Web Application #3

Web Application Name(Required)

Web Application URL(Required)

Web Application Purpose

Do you want testing done as an authenticated user of the system?(2 is recommended)(Required)

Yes

If Yes, how many user accounts?(Required)

How many pages/screens does the application have in total that require testing?(Required)

A “page” is any unique screen or view that displays distinct content or functionality (e.g., login page, dashboard, search results, checkout page).

Web Application #3

Web Application Name(Required)

Web Application URL(Required)

Web Application Purpose

Do you want testing done as an authenticated user of the system?(2 is recommended)(Required)

Yes

If Yes, how many user accounts?(Required)

How many pages/screens does the application have in total that require testing?(Required)

A “page” is any unique screen or view that displays distinct content or functionality (e.g., login page, dashboard, search results, checkout page).

Web Application #4

Web Application Name(Required)

Web Application URL(Required)

Web Application Purpose

Do you want testing done as an authenticated user of the system?(2 is recommended)(Required)

Yes

If Yes, how many user accounts?(Required)

How many pages/screens does the application have in total that require testing?(Required)

A “page” is any unique screen or view that displays distinct content or functionality (e.g., login page, dashboard, search results, checkout page).

Web Application #4

Web Application Name(Required)

Web Application URL(Required)

Web Application Purpose

Do you want testing done as an authenticated user of the system?(2 is recommended)(Required)

Yes

If Yes, how many user accounts?(Required)

How many pages/screens does the application have in total that require testing?(Required)

A “page” is any unique screen or view that displays distinct content or functionality (e.g., login page, dashboard, search results, checkout page).

Web Application #5

Web Application Name(Required)

Web Application URL(Required)

Web Application Purpose

Do you want testing done as an authenticated user of the system?(2 is recommended)(Required)

Yes

If Yes, how many user accounts?(Required)

How many pages/screens does the application have in total that require testing?(Required)

A “page” is any unique screen or view that displays distinct content or functionality (e.g., login page, dashboard, search results, checkout page).

Please list any additional details here:(Required)

External API Penetration Test

Are you looking to test more than one External API?(Required)

Yes

If Yes, how many?(Required)

External API Name(Required)

External API Purpose

How many endpoints does the API have in total that require testing?(Required)

Do you want testing done as an authenticated user of the system (2 is recommended)?(Required)

Yes

If yes, how many API Keys would you like tested?(Required)

Do you have documentation of the API endpoints in a format such as OpenAPI, Swagger, or POSTMAN?(Required)

(This greatly reduces the hours necessary to complete the assessment)

Yes

Please upload the file below:

Please save all documentation into a .zip file first before uploading.

Max. file size: 7 MB.

External API #1

External API Name(Required)

External API Purpose

How many endpoints does the API have in total that require testing?(Required)

Do you want testing done as an authenticated user of the system (2 is recommended)?(Required)

Yes

If yes, how many API Keys would you like tested?(Required)

Do you have documentation of the API endpoints in a format such as OpenAPI, Swagger, or POSTMAN?(Required)

(This greatly reduces the hours necessary to complete the assessment)

Yes

Please upload the file below:

Please save all documentation into a .zip file first before uploading.

Max. file size: 7 MB.

External API #1

External API Name(Required)

External API Purpose

How many endpoints does the API have in total that require testing?(Required)

Do you want testing done as an authenticated user of the system (2 is recommended)?(Required)

Yes

If yes, how many API Keys would you like tested?(Required)

Do you have documentation of the API endpoints in a format such as OpenAPI, Swagger, or POSTMAN?(Required)

(This greatly reduces the hours necessary to complete the assessment)

Yes

Please upload the file below:

Please save all documentation into a .zip file first before uploading.

Max. file size: 7 MB.

External API #1

External API Name(Required)

External API Purpose

How many endpoints does the API have in total that require testing?(Required)

Do you want testing done as an authenticated user of the system (2 is recommended)?(Required)

Yes

If yes, how many API Keys would you like tested?(Required)

Do you have documentation of the API endpoints in a format such as OpenAPI, Swagger, or POSTMAN?(Required)

(This greatly reduces the hours necessary to complete the assessment)

Yes

Please upload the file below:

Please save all documentation into a .zip file first before uploading.

Max. file size: 7 MB.

External API #2

Web API Name(Required)

External API Purpose

How many endpoints does the API have in total that require testing?(Required)

Do you want testing done as an authenticated user of the system (2 is recommended)?(Required)

Yes

If yes, how many API Keys would you like tested?(Required)

Do you have documentation of the API endpoints in a format such as OpenAPI, Swagger, or POSTMAN?(Required)

(This greatly reduces the hours necessary to complete the assessment)

Yes

Please upload the file below:

Please save all documentation into a .zip file first before uploading.

Max. file size: 7 MB.

External API #2

External API Name(Required)

External API Purpose

How many endpoints does the API have in total that require testing?(Required)

Do you want testing done as an authenticated user of the system (2 is recommended)?(Required)

Yes

If yes, how many API Keys would you like tested?(Required)

Do you have documentation of the API endpoints in a format such as OpenAPI, Swagger, or POSTMAN?(Required)

(This greatly reduces the hours necessary to complete the assessment)

Yes

Please upload the file below:

Please save all documentation into a .zip file first before uploading.

Max. file size: 7 MB.

External API #2

External API Name(Required)

External API Purpose

How many endpoints does the API have in total that require testing?(Required)

Do you want testing done as an authenticated user of the system (2 is recommended)?(Required)

Yes

If yes, how many API Keys would you like tested?(Required)

Do you have documentation of the API endpoints in a format such as OpenAPI, Swagger, or POSTMAN?(Required)

(This greatly reduces the hours necessary to complete the assessment)

Yes

Please upload the file below:

Please save all documentation into a .zip file first before uploading.

Max. file size: 7 MB.

External API #3

External API Name(Required)

External API Purpose

How many endpoints does the API have in total that require testing?(Required)

Do you want testing done as an authenticated user of the system (2 is recommended)?(Required)

Yes

If yes, how many API Keys would you like tested?(Required)

Do you have documentation of the API endpoints in a format such as OpenAPI, Swagger, or POSTMAN?(Required)

(This greatly reduces the hours necessary to complete the assessment)

Yes

Please upload the file below:

Please save all documentation into a .zip file first before uploading.

Max. file size: 7 MB.

External API #3

External API Name(Required)

External API Purpose

How many endpoints does the API have in total that require testing?(Required)

Do you want testing done as an authenticated user of the system (2 is recommended)?(Required)

Yes

If yes, how many API Keys would you like tested?(Required)

Do you have documentation of the API endpoints in a format such as OpenAPI, Swagger, or POSTMAN?(Required)

(This greatly reduces the hours necessary to complete the assessment)

Yes

Please upload the file below:

Please save all documentation into a .zip file first before uploading.

Max. file size: 7 MB.

External API #4

If 4 or more, please share additional details for additional External APIs with your account manager.

Internal Network Penetration Test

Approximate number of internal systems in scope? (servers, laptops, switches, firewalls, routers, etc)

What type of access will be provided?

Credentialed low privileged user

Assumed breached with no credentials

Is there a Windows Active Directory domain in scope?

Yes

External Network Penetration Test

How many Public IP addresses need to be included in the penetration test?(Required)

Are all addresses available to the internet?(Required)

Yes

If no, how will the IP addresses be accessed for assessment?(Required)

Mobile Application Penetration Test

Would you like to test more than one mobile application?(Required)

Yes

If yes, how many?(Required)

Mobile Application Name(Required)

Mobile Application Purpose

Platform(Required)

IOS

Android

Both

How many API endpoints does the Mobile App have in total that require testing?(Required)

What counts as an endpoint? If you're using a REST API backend, you would count each path and method as an endpoint. If you are using GraphQL API backend, you would count each mutation or query as an endpoint.

Mobile Application #1

Mobile Application Name(Required)

Mobile Application Purpose

Platform(Required)

IOS

Android

Both

How many API endpoints does the Mobile App have in total that require testing?(Required)

Mobile Application #1

Mobile Application Name(Required)

Mobile Application Purpose

Platform(Required)

IOS

Android

Both

How many API endpoints does the Mobile App have in total that require testing?(Required)

Mobile Application #2

Mobile Application Name(Required)

Mobile Application Purpose

Platform(Required)

IOS

Android

Both

How many API endpoints does the Mobile App have in total that require testing?(Required)

Mobile Application #2

Mobile Application Name(Required)

Mobile Application Purpose

Platform(Required)

IOS

Android

Both

How many API endpoints does the Mobile App have in total that require testing?(Required)

Mobile Application #3

Mobile Application Name(Required)

Mobile Application Purpose

Platform(Required)

IOS

Android

Both

How many API endpoints does the Mobile App have in total that require testing?(Required)

Phishing and Vishing Testing & Training

Select a choice(Required)

Phishing

Vishing

Both

How many users?(Required)

How many campaigns do you want to run in a year?(Required)

PCI Scanning

How many IP addresses need to be scanned?(Required)

Are all addresses available to the internet?(Required)

Yes

If no, how will the IP addresses be accessed for assessment?(Required)

Cloud Penetration Test

Which cloud environment(s) do you need tested?(Required)

AWS

Azure

GCP

On-premise

Hybrid

Other

If other, please describe.

How many in scope, public facing assets, are hosted in your cloud(s)? (websites, external API’s, virtual machine public IP addresses, public storage endpoints, etc).

Cloud Configuration Review

Which cloud environment(s) do you need tested?(Required)

AWS

Azure

GCP

On-premise

Hybrid

Other

If other, please describe.

How many cloud accounts (AWS), subscriptions (Azure), projects (GCP), or equivalent(s) for on premise infrastructures, are in scope for the configuration review?

How many Kubernetes clusters are in scope if applicable?

Attack Surface Assessment

How many organizations (DBA’s included) are in scope for your Attack Surface Assessment?(Required)

How many total employees and contractors are currently employed by the organization(s)?(Required)

Additional Comments and Information

Do you have any additional information you would like to share for the assessment(s)?

Phone number

Number