Web App Questionnaire

How many total IP addresses are being tested?

How many internal IP addresses, if applicable?

How many external IP addresses, if applicable?

Are there any devices in place that may impact the results of a penetration test such as a firewall, intrusion detection/prevention system, web application firewall, or load balancer?

Are there any systems which could be characterized as fragile? (systems with tendencies to crash, older operating systems, or which are unpatched)

Are there systems on the network which the client does not own, that may require additional approval to test?

Are Change Management procedures in place?

What type of data poses the greatest risk to the organization if exposed, corrupted, or deleted?

Are you a Microsoft Active Directory environment?

What platforms is your web app built on?

Does your web app have an API available to authorized users?

Does your web app have multiple users levels? (i.e. admin, user, super admin)

Have you had any intrusions or security issues in the past?

Please describe the intrusion or security issue:

Any other details you would like to provide?