Web App Pen Test Proposal Request

  • Web App Penetration Test Scoping Information

  • What are the organizations biggest security concerns with the web application?(examples include disclosure of sensitive information, admin's accessing client data, embarrassment due to website defacement, etc.)

  • About how many dynamic pages make up the application?

  • How many user roles are there/how many will we be testing?

  • Is this web app penetration test on a production or dev/test system/application? Testing a production system requires much more care, and thus more time

  • Are vulnerabilities in the system(s) hosting the application in-scope for testing and exploitation?