Network Pen Test Pre-sales Scoping form
Target Organization Contact Information
Enter the name of the person to answer technical questions and coordinate/test system access (usually a senior network administrator).
Network Penetration Test Scoping Information
What are the organizations biggest security concerns? (examples include disclosure of sensitive information, interruption of production processing, embarrassment due to website defacement, etc.)
About how many “live” systems are in-scope?(8, 16-32, 64-128, etc.)This gives us an idea of about how many systems we will have to scan, test, etc
Is this penetration test external only, internal only, or both? This helps us to understand the type of system we are testing. Testing a production system requires much more care, and thus more time.
Will we be provided with domain names, network ranges, and specific in-scope IP addresses prior to testing?
Would there be potential for additional systems/targets identified in the Reconnaissance phase to be added to the scope?
Which milestone concludes the testing first, achieving a defined goal, or validating every identified vulnerability? (Keep in mind that while validating every identified vulnerability is more comprehensive, it also results in a dramatic increase in scope, time, and cost)
Will the penetration test include the following testing techniques: Note: The addition of these items usually represents an increase in scope, time and cost
Does the organization have a firewall, IDS/IPS, or other system(s) in-place to automatically identify suspicious traffic and take action against it?
Would evading the measures identified above be part of this test?