Network Pen Test Proposal Request

  • Network Pen Test Pre-sales Scoping form

  • Target Organization Contact Information
    Enter the name of the person to answer technical questions and coordinate/test system access (usually a senior network administrator).

  • Network Penetration Test Scoping Information

  • What are the organizations biggest security concerns? (examples include disclosure of sensitive information, interruption of production processing, embarrassment due to website defacement, etc.)

  • About how many “live” systems are in-scope?(8, 16-32, 64-128, etc.)This gives us an idea of about how many systems we will have to scan, test, etc

  • Is this penetration test external only, internal only, or both? This helps us to understand the type of system we are testing. Testing a production system requires much more care, and thus more time.

  • Will we be provided with domain names, network ranges, and specific in-scope IP addresses prior to testing?

  • Would there be potential for additional systems/targets identified in the Reconnaissance phase to be added to the scope?

  • Which milestone concludes the testing first, achieving a defined goal, or validating every identified vulnerability? (Keep in mind that while validating every identified vulnerability is more comprehensive, it also results in a dramatic increase in scope, time, and cost)

  • Will the penetration test include the following testing techniques: Note: The addition of these items usually represents an increase in scope, time and cost

  • Does the organization have a firewall, IDS/IPS, or other system(s) in-place to automatically identify suspicious traffic and take action against it?

  • Would evading the measures identified above be part of this test?