Sample Scoping Agenda

During scoping, we typically discuss the following points:

• Familiarizing ourselves with the test target (see questions on the respective pages in the configurator for guidance)
• In-depth questions about the test target, such as:
  • Web applications: Presentation of the application via screen sharing, focusing on functionalities and different users/roles
  • Internal infrastructure: Number of domains and forest structure
• What other wishes do you have, what should we pay attention to?
• Clarifying organizational questions (see Organizational Matters in the configurator)
• Notes for you:
  • If applicable, approval for the pentest may be required from external hosts
  • For pentests, we recommend that you exclude our IP address from upstream protection systems, such as Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS). The reason for this is that during pentests, we do not test your WAF or IPS, but rather what lies behind them. Furthermore, we aim to proceed as efficiently as possible, which makes the use of some automated tools indispensable. To avoid being blocked and losing unnecessary time with re-enabling, we recommend creating exceptions for us. This does not apply to Red Teamings.