23580 Wellington Ave
What is your name? (*)
What is the name of your organization? (*)
What is is the best phone number to get in contact with you?
Where can we send you email?(*)
How many physical sites/locations does tilojasoft need to travel to in order to complete this assessment?
Why are you requesting a security assessment?
How many INTERNAL hosts or ip addresses will be tested? (*)
How many EXTERNAL hosts or ip addresses will be tested? (*)
Will the test be "black box","Grey Box", or "White box"?
Black Grey White N/A
How many Subnets will be included in the tests?
If there is more than one subnet to be tested, please list them here. (please use the format xxx.xxx.xxx.xxx/xx)?
If this is an internal penetration test, is tilojasoft required to be on site or will the application be available remotely (i.e. PCAnyware, VPN, LogMeIn..etc)??
What type of assessment will you need?
Internal Assessment Penetration Test Both
During what hours will the testing be done?
During Normal Business Hours After Business Hours Both
Can log files be erased during the assessment?
YES No N/A Need Clarification
Will your networking staff be informed that testing will take place?
Yes No N/A
What systems will be the target-of-evaluation (TOE)?
Are social engineering techniques acceptable as part of the test?
Can data be retrieved and copied from systems for results compilations?
Will DoS (Denial of Service) attacks be allowed?
Can backdoor Trojan / Malware applications be installed on target systems?
Give full contact information for who will be the contact person during the assessment?
Are we also performing a code review or a web application penetration test?
What technology is the application built on (i.e J2EE, .NET, PHP..etc)?
Approximately how many pages does the application have?
Here is some additional information to assist you in filling out the form above.... Will the test be "Black Box", "Grey Box", or "White Box"? Black box testing - A Penetration test with no prior knowledge of the target system except for only a valid IP address. No user or application credentials were supplied to the testing team or any information on services running on the target. White Box testing - A Vulnerability Analysis Inspection of the target system to determine what vulnerabilities exist on the system that, although directly exploitable via a Penetration Test, may be utilized in the future or by a disgruntled/disaffected insider. Full user and application credentials are supplied to the team whenever possible. Gray Box testing – Where some knowledge of the infrastructure is known and a user account may be held. How many subnets will be included in the test? A subnet is an identifiably separate part of an organization's network. Subnets are generally tested separately. 10.1.2.10 would indicate one subnet while 10.1.5.10 would indicate a separate one. These should be listed separately for an accurate quote. What type of assessment will you need? A vulnerability assessment and a penetration test are completely different. A vulnerability assessment identifies the vulnerabilities or holes in the infrastructure and provides detailed reporting on how to resolve those issues. A penetration test goes one step further by simulating what an attacker would do in the event those vulnerabilities are discovered in an infrastructure. A penetration test is generally performed alongside a vulnerability assessment, and gives the most accurate reporting about how an infrastructure can be compromised. Tilojasoft is fully equipped to deliver on either request. Are social engineering techniques acceptable as part of the test? Social engineering techniques include electronic attacks (email spoofing, Facebook, Linked in) as well as psychological manipulations (phone calls, face to face interactions, masquerading). Will DoS (Denial of Service) attacks be allowed? A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. This can be used to test firewalls for proper configuration, but can also be used by attackers to gain access to a system without detection. Can backdoor Trojan / Malware applications be installed on target systems? Any malicious software payloads are 100% reversible and will not damage any hosts.
