Bulletproof - Penetration Testing Scoping Questionnaire
PENETRATIONTESTINGOX IT SOLUTIONS LTDPENETRATION TESTINGSCOPING QUESTIONNAIRECOMMERCIAL IN CONFIDENCE 2019 OX IT SOLUTIONS LTD. ALL RIGHTS RESERVED.
PENETRATION TEST SCOPING QUESTIONNAIRECONFIDENTIAL1.INTRODUCTIONThis is an editable document. Please fill in the fields electronically, save the document andsend it back to either your account manager or sales@oxitsolutions.co.uk .This document is how we gather the requirements to accurately and concisely scope yourpenetration test. Please be as accurate and detailed as possible, as this will help us make sureyou get the right test that best fits your requirements.All detail you supply will be held in the strictest confidence. If you feel any information is of asensitive nature, we recommend putting an NDA in-place before providing us with the information.Some answers will impact the details you need you need to supply later on, so please readeach question fully and ensure you’re filling in all applicable sections. If you need any help infilling-in the questionnaire, please don’t hesitate to get in touch.If you have multiple applications or multiple infrastructures to test, please complete multiple copies ofthis document with all appropriate information.2OX IT SOLUTIONS LTD - SUITE F1, THE KIDLINGTON CENTRE, HIGH STREET, KIDLINGTON, OX5 2DL TEL: 01865 594 933 SALES@OXITSOLUTIONS.CO.UK WWW.OXITSOLUTIONS.CO.UK REG. NO. 10392088
PENETRATION TEST SCOPING QUESTIONNAIRECONFIDENTIAL2.2.1COMPANY & CONTACT INFORMATIONPlease enter your and your company’s detailsCOMPANY NAMEADDRESSYOUR NAMEYOUR EMAILYOUR PHONE2.2Will you be the main point of contact for this test?YESNOIf NO, please provide the contact’s details below:CONTACT NAMECONTACT EMAILCONTACT PHONE3OX IT SOLUTIONS LTD - SUITE F1, THE KIDLINGTON CENTRE, HIGH STREET, KIDLINGTON, OX5 2DL TEL: 01865 594 933 SALES@OXITSOLUTIONS.CO.UK WWW.OXITSOLUTIONS.CO.UK REG. NO. 10392088
PENETRATION TEST SCOPING QUESTIONNAIRECONFIDENTIAL3.HIGH-LEVEL QUESTIONS3.1Is compliance driving the test requirements?YESNOIf you selected YES, please state the standard(s) driving the requirement for the test.Please select all that apply.PCI DSSFCAISOGOVERNMENT (PSN, ITHC, ETC)HIPAAOTHER (PLEASE STATE)3.2What type of test(s) do you require?Please select all that apply.INFRASTRUCTURE TESTAPPLICATION TESTSOCIAL ENGINEERINGOTHER (PLEASE STATE)UNSURE (WE WILL ADVISE)3.3What are your reasons for this test?Please select all that apply.MEET COMPLIANCE REQUIREMENTSCUSTOMER REQUESTED WE HAVE TESTSUPPLIER REQUESTED WE HAVE TESTOUR OWN PEACE OF MINDOTHER (PLEASE STATE)4OX IT SOLUTIONS LTD - SUITE F1, THE KIDLINGTON CENTRE, HIGH STREET, KIDLINGTON, OX5 2DL TEL: 01865 594 933 SALES@OXITSOLUTIONS.CO.UK WWW.OXITSOLUTIONS.CO.UK REG. NO. 10392088
PENETRATION TEST SCOPING QUESTIONNAIRECONFIDENTIAL3.4What type of test do you require?Black Box tests are where the penetration tester knows nothing of the infrastructure to be tested. It’smore indicative of a real-world, attack, but this method may not always expose all vulnerabilities.White Box tests are where the penetration tester has access to full, in-depth information on theinfrastructure to be tested. Whilst not as realistic as a black box test, it allows for a very thorough test.Grey Box tests are the most popular form of test that takes a balanced approach between white andblack boxes. A grey box test discloses just enough information to perform a thorough, methodicaltest, whilst keeping the scenario relevant and realistic.BLACK BOXWHITE BOXGREY BOXUNSURE (WE WILL ADVISE)3.5Is there a specific timeframe the tests must be carried out (specific dates or times of day)?YESNOIf you selected YES, please detail the times/dates required:Please select all that apply.WEEKDAYSWEEKENDSOFFICE HOURSOUTSIDE OFFICE HOURSDATE(S)3.6Is the test to be carried out on a live (production) environment?YESNO5OX IT SOLUTIONS LTD - SUITE F1, THE KIDLINGTON CENTRE, HIGH STREET, KIDLINGTON, OX5 2DL TEL: 01865 594 933 SALES@OXITSOLUTIONS.CO.UK WWW.OXITSOLUTIONS.CO.UK REG. NO. 10392088
PENETRATION TEST SCOPING QUESTIONNAIRECONFIDENTIAL4.DETAILED QUESTIONS: INFRASTRUCTUREOnly complete this section if you selected ‘Infrastructure’ in Question 3.2 above.The next questions depend upon answers you’ve previously supplied. Please read all questions thoroughly tomake sure you have not missed any applicable section.4.1If you selected BLACK BOX in Question 3.4Since a Black Box test assumes nothing of the environment, we need only the minimum details toperform the test. Black box tests only last for a pre-determined amount of days.4.1.1Please provide a list of hostnames/IP addresses to be tested.If you require more space, please include the full list in a separate document, such as a spreadsheet.HOSTNAME/IP ADDRESSES4.1.2HOSTNAME/IP ADDRESSESPlease list any other details we might find relevantADDITIONAL DETAILS6OX IT SOLUTIONS LTD - SUITE F1, THE KIDLINGTON CENTRE, HIGH STREET, KIDLINGTON, OX5 2DL TEL: 01865 594 933 SALES@OXITSOLUTIONS.CO.UK WWW.OXITSOLUTIONS.CO.UK REG. NO. 10392088
PENETRATION TEST SCOPING QUESTIONNAIRECONFIDENTIAL4.2If you selected WHITE BOX or GREY BOX in Question 3.44.2.1Please provide information on the environment to be tested. If IaaS, please include firewalls,load balancers, routers, switches, servers, storage and other physical devices. If PaaS, pleaseprovide details on the PaaS being used how it is being consumed:If you require more space, please include the full list in a separate document, such as a spreadsheet.EQUIPMENT TYPEDETAILSPaaS DETAILS4.2.2Please provide a list of hostnames/IP addresses to be tested:If you require more space, please include the full list in a separate document, such as a spreadsheet.HOSTNAME/IP ADDRESSESHOSTNAME/IP ADDRESSES7OX IT SOLUTIONS LTD - SUITE F1, THE KIDLINGTON CENTRE, HIGH STREET, KIDLINGTON, OX5 2DL TEL: 01865 594 933 SALES@OXITSOLUTIONS.CO.UK WWW.OXITSOLUTIONS.CO.UK REG. NO. 10392088
PENETRATION TEST SCOPING QUESTIONNAIRECONFIDENTIAL4.3If you selected GREY BOX in Question 3.4, do you require an INTERNAL or EXTERNAL test?Internal tests simulate an attack that has already bypassed your security perimeter. This discoverswhat an attacker can do internally, such as moving across systems and networks. It also simulateswhat an insider attack could do.External tests simulate the ability of an attacker to gain access to your internal network andinfrastructure from outside your security perimeter.INTERNAL (go to 4.3.A)4.3.AEXTERNAL (go to 4.3.B)If you answered INTERNAL to Question 4.3Would you prefer the test to be carried out on your premises or by providing a secure VPN into theinternal environment?ON-PREMISESVIA VPN4.3.BIf you answered EXTERNAL to Question 4.34.3.B.1What type of hosted environment do you require testing?TYPE OF HOSTINGNAME OF HOSTING PROVIDERPUBLIC IaaS (E.G. AWS, AZURE)PUBLIC PaaSPRIVATE CLOUDON-PREMISESOTHER (PLEASE STATE)4.3.B.2 Do you have security controls that need to allow our IP addresses to be whitelisted beforethe test can commence?YESNOIf you selected YES to 4.3.B.2 (above), please detail what these are.SECURITY DETAILS8OX IT SOLUTIONS LTD - SUITE F1, THE KIDLINGTON CENTRE, HIGH STREET, KIDLINGTON, OX5 2DL TEL: 01865 594 933 SALES@OXITSOLUTIONS.CO.UK WWW.OXITSOLUTIONS.CO.UK REG. NO. 10392088
PENETRATION TEST SCOPING QUESTIONNAIRECONFIDENTIAL5.DETAILED QUESTIONS: APPLICATIONSOnly complete this section if you selected ‘Application’ in Question 3.2 above.The next questions depend upon answers you’ve previously supplied. Please read all questions thoroughly tomake sure you have not missed any applicable section.Is it a single or multiple applications to be tested?5.1SINGLE5.2.MULTIPLE (STATE NUMBER)Type of applicationPlease select all that apply.WEBMOBILEDESKTOPOTHER (DESCRIBE)5.3What is the application used for? Please provide a detailed description, including theapplication’s functionality, key components, and other relevant information.APPLICATION DESCRIPTION5.4What frameworks/languages were used to build the application?FRAMEWORK/LANGUAGES USEDIs the application web accessible?5.5YESNO9OX IT SOLUTIONS LTD - SUITE F1, THE KIDLINGTON CENTRE, HIGH STREET, KIDLINGTON, OX5 2DL TEL: 01865 594 933 SALES@OXITSOLUTIONS.CO.UK WWW.OXITSOLUTIONS.CO.UK REG. NO. 10392088
PENETRATION TEST SCOPING QUESTIONNAIRECONFIDENTIAL5.6If you selected WEB application in Question 5.2.1 (above), please let us know thehostname/IP address of the hosted application:HOSTNAME/IP ADDRESS5.7If you selected MOBILE application in Question 5.2.1 (above), is it freely available todownload?Please select all that apply.NOT AVAILABLEAVAILABLE VIA:GOOGLE PLAYIOS APP STOREAMAZON APP STOREOTHER (PLEASE SPECIFY)If you answered NOT AVAILABLE to the above, please detail how you will provide the application tousAPPLICATION PROVISION DETAIL5.8What type of test do you require?AUTHENTICATEDUN-AUTHENTICATEDUNSURE (WE’LL ADVISE)10OX IT SOLUTIONS LTD - SUITE F1, THE KIDLINGTON CENTRE, HIGH STREET, KIDLINGTON, OX5 2DL TEL: 01865 594 933 SALES@OXITSOLUTIONS.CO.UK WWW.OXITSOLUTIONS.CO.UK REG. NO. 10392088
PENETRATION TEST SCOPING QUESTIONNAIRECONFIDENTIAL6.DETAILED QUESTIONS: SOCIAL ENGINEERINGOnly complete this section if you selected ‘Social Engineering’ in Question 3.2 above.The next questions depend upon answers you’ve previously supplied. Please read all questions thoroughly tomake sure you have not missed any applicable section.What type of social engineering do you require?6.1Please select all that apply.PHISHINGVISHINGPHYSICAL SECURITY BYPASS6.2If you selected PHISHING or VISHING in Question 6.1 (above), will information on the usersto be target be provided in advance of the test?YES6.2.1NOIf you selected YES, please tell us the number of users.NUMBER OF USERS6.3If you selected PHYSICAL SECURITY BYPASS in Question 6.1 (above), please detail the typeof test you’d like carried out.For example, passing gatehouse security and gaining access to a specific building or areaPHYSICAL SECURITY BYPASS DETAILS11OX IT SOLUTIONS LTD - SUITE F1, THE KIDLINGTON CENTRE, HIGH STREET, KIDLINGTON, OX5 2DL TEL: 01865 594 933 SALES@OXITSOLUTIONS.CO.UK WWW.OXITSOLUTIONS.CO.UK REG. NO. 10392088
PENETRATION TEST SCOPING QUESTIONNAIRECONFIDENTIAL7.ADDITIONAL INFORMATIONIs there any other information you think we should know? Perhaps you’d like to expand on any of youranswers, or provide us with additional detail we haven’t explicitly requested. Please use this box:ADDITIONAL INFORMATION12OX IT SOLUTIONS LTD - SUITE F1, THE KIDLINGTON CENTRE, HIGH STREET, KIDLINGTON, OX5 2DL TEL: 01865 594 933 SALES@OXITSOLUTIONS.CO.UK WWW.OXITSOLUTIONS.CO.UK REG. NO. 10392088
PENETRATION TESTING SCOPING QUESTIONNAIRE . COMMERCIAL IN CONFIDENCE . PENETRATION . TESTING . OX IT. . APPLICATION TEST SOCIAL ENGINEERING OTHER (PLEASE STATE) . 5.6 If you selected WEB application in Question 5.2.1 (above), please let us know the
Assessment, Penetration Testing, Vulnerability Assessment, and Which Option is Ideal to Practice? Types of Penetration Testing: Types of Pen Testing, Black Box Penetration Testing. White Box Penetration Testing, Grey Box Penetration Testing, Areas of Penetration Testing. Penetration Testing Tools, Limitations of Penetration Testing, Conclusion.
A2 The Scoping Requirements of Directives 85/337/EEC and 97/11/EC A3 Implementation of Scoping in the EU A3.1 Mandatory and Voluntary Scoping Systems A3.2 Scoping Reports and Opinions A3.3 Scoping Consultations PART B PRACTICAL GUIDANCE ON SCOPING B1 Introduction B2 Use of the Guidance B3 Scoping Procedures
The BulleTproof DieT roaDmap To Swanky neighBorhooDS 000 chaPteR 10 The BulleTproof DieT roaDmap To SkeTchy neighBorhooDS 000 chaPteR 11 The BulleTproof DieT roaDmap To reD-lighT neighBorhooDS 000 chaPteR 12 The way you cook your fooD can make iT Toxic 000 chaPteR 13 loSe a pounD a Day wiThouT Being hungry: The 2-week BulleTproof proTocol 000 .
Bulletproof Toolbox Podcast #276, January Q&A 4 Speaker 2: Bulletproof Radio, a state of high performance. Dave: Hey, it's Dave Asprey with Bulletproof Radio. Today's cool fact of the day is that the reason people find tea so relaxing might be the L-theanine in it. L
Bulletproof Radio Podcast #304, Gerald Pollack 3 Female: Bulletproof Radio, a station of high performance. Dave: You are listening to Bulletproof Radio, and I am Dave Asprey. Thanks for listening, you can find Bulletproof Radio on iTunes bulletproofexec.com, podcast 1, an
Bulletproof Toolbox Vishen Lakhiani 3 Speaker 1: Bulletproof Radio, a station of high performance. Dave: I’m Dave Asprey with Bulletproof Radio. Today’s cool fact of the day. Well actually, it is going to happen, but first, I want to give you a q
Bulletproof Radio James Swanwick 3 Audio: Bulletproof Radio. A state of high performance. Dave: Hey, this is Dave Asprey with Bulletproof Radio. Today's cool fact of the day is that it turns out that alcohol doesn't actually make you forget anything when you're blackout drunk. Instead, your brain temporarily loses the ability to create memories.
Alfredo López Austin, Universidad Nacional Autónoma de México (UNAM) 4:15 pm – 5:00 pm Questions and Answers from Today’s Panelists . Friday’s symposium presenters (order of appearance): Kevin B. Terraciano Kevin Terraciano is Professor of History, chair of the Latin American Studies Graduate Program, and interim director of the Latin American Institute. He specializes in Colonial .
