Cybersecurity Assessment Scoping Questionnaire

Name:

Organization:

Email:

Phone:

Title:

1. Website for your Organization:

2. Is an External Network Penetration Test In-Scope?

Yes

How many estimated live internet-exposed resources are in-scope, such as servers, VPN gateways, websites, and firewalls?

Explanation: Our team of ethical hackers will simulate an attack from an external perspective, assessing the security of your internet-exposed resources and recommending methods to further harden your network.

3. Is an Internal Network Penetration Test In-Scope?

Yes

How many estimated internal hosts are in-scope, such as computers and servers?

Explanation: Via a secure remote connection device, our team of ethical hackers will simulate an attack from the perspective of an attacker who has gained access to your internal network, such as via a phishing attack or a malicious insider, assessing your security and recommending methods to further harden your network.

4. Is a Wireless Network Penetration Test In-Scope?

Yes

How many wireless networks are in-scope for testing?

Can all networks be reached from one location?

Yes

If not, how many locations need testing (each location is a separate test)?

Explanation: Via a secure remote connection device, our team of ethical hackers will simulate an attack from the perspective of an attacker who is in-range of your wireless networks, assessing your security and recommending methods to further harden your network(s).

5. Is a Web Application Penetration Test In-Scope?

Yes

How many web applications are in-scope for testing?

Please list the URL for each in-scope web application:

How many sets of credentials are to be tested for each application?

How many estimated dynamic pages does each application contain?

Are there calls to your own API(s) made by the application(s) that are in-scope for testing?

Yes

If so, how many estimated API calls are in-scope for each application?

Are all of the API calls you would like tested able to be tested by walking through all of the links/actions of the web application, or will it be required of us to write an external script/program to test all of the API calls as all of the calls are not directly accessible via the website?

Explanation: Our team of ethical hackers will assess the security of your web application from the perspective of an external attacker. In addition, with provided credentials, we will assess the security of the entire application from the perspective of an authenticated user. We will review various attack threats, such as the OWASP Top Ten Security Vulnerabilities, and recommend methods to further harden your application. If your application architecture utilizes your own APIs that are called by the application, please indicate the total number of calls so we can assess each for security issues

6. Are there any Additional Notes / Concerns / Parameters that need to be considered?

Why Choose Xcitium?

Xcitium is a leader in cybersecurity, offering innovative solutions to protect against the most advanced threats. Our endpoint security platform combines cutting-edge technology with expert support, ensuring your business stays secure in a constantly evolving threat landscape. Trust Xcitium to safeguard your endpoints and protect your business.

Request Demo

Why Choose Xcitium?

Awards & Certifications