Sample Kickoff Agenda

During the kickoff meeting, we typically discuss the following points:

• Clarification of outstanding points from scoping
• Detailed understanding of the system under test, e.g., technical components used
  • Web applications:
    • Clarification of the environment for the test (production or test environment). Ideally, we can perform the pentest in a production-like test environment that contains test data. Advantages of a test environment are: 1) We do not need to access your production data. 2) Usually no restrictions during pentesting. 3) In the rare event of disruptions caused by the pentest, your production environment will not be affected.
    • Note: It is difficult to test a moving target. This leads to misinterpretations and ambiguities. Therefore, the application should not change during the test; for example, no new releases should be deployed. If this cannot be avoided, it should be announced with information on what will change, when, and how.
• Defining focus areas for the test / worst-case scenarios to be tested
• Clarification of contact persons during the test for technical and specialist questions
• Notes for you:
  • Has approval for the pentest been granted?
  • Has the whitelisting of our IP address in existing protection systems been completed/initiated?
• Report:
  • Language
  • To whom to send