Contact

Penetration Test
Scoping Checklist

Engage an Australian leader in penetration testing to ensure your business is protected against current and future cyber security security threats.

Use this secure form to request a penetration testing estimate from our team. This data is stored securely on a Vectra approved environment and is only accessible by approved Vectra staff members.

Get Started
Learn More
Women performing penetration testing
Scoping Checklist Form

Complete this secure form to request a penetration testing estimate from our team. This data is stored securely on a Vectra approved environment and is only accessible by approved Vectra staff members. Once completed we will be in touch to discuss your requirements.

Penetration Testing Quote

Requirement

Is PCI DSS the driver for this Penetration Test? (Specific testing is required for PCI DSS compliance)

Testing

A Vulnerability Assessment involves the identification of potential vulnerabilities in systems and applications using both automated tools and manual testing. A Penetration Test starts with a Vulnerability Assessment but also includes validation of vulnerabilities by attempting to exploit them with further manual testing. Penetration Testing provides a more thorough test of systems and applications. (For PCI DSS compliance – Annual Internal and External Penetration Testing is required as well as quarterly Internal Vulnerability Scanning and quarterly ASV (external) scanning.)
Is testing to be performed against infrastructure, applications or both? Both will provide the highest level of security validation. (For PCI DSS compliance – Both are required)
Is testing to be performed against external systems which are internet accessible or internal ­systems and applications on your internal network (accessed via a VPN or on-site) (For PCI DSS compliance – Both are required)
Validation of the effectiveness of internal network segmentation on internal firewall(s), where the internal network has multiple segments. (For PCI DSS compliance – This is required if segmentation in place to reduce PCI scope.)
A Black Box test is performed with no information regarding the environment provided, other than URLs and IP ranges. For White Box testing, details of the environment such as Network diagram, OS types, applications and logon details are provided. (For PCI DSS compliance – White Box is required.) (For PCI DSS compliance – This is required if segmentation in place to reduce PCI scope.)
Are Social Engineering tests required? Social engineering is attempting to exploit people to gain access to systems and applications. (Not required for PCI DSS)
Are Denial of Service tests required? Generally 'No' as DOS testing can impact systems, website performance and availability

Client Requirements

Do you have any constraints for start and/or completion dates?
Do you have a requirement that testing be performed outside normal working hours? Vulnerability Assessment and Penetration testing will not normally impact website performance or availability.
Is there to be an allowance made for re­testing of the system after remediation? (Generally "Yes" for PCI DSS)

Infrastructure

If Internal testing is required, will access be provided via a VPN or is testing to be performed on­site?
What range of IP addresses are required to be tested?
How many hosts or devices are to be tested? (For PCI DSS compliance - all elements of the CDE to be covered so count all internet facing elements and all network security zones in the CDE. Count separately by external addresses and internal devices and network zones.)

Applications in Scope

Please list below the applications that are in scope for testing. For PCI DSS compliance, all applications that store, transmit or process cardholder data are in scope. Applications that access systems or databases storing cardholder data should also be tested. See the glossary below the applications forms for details of the different form areas.

Applications

plus1 Add another Application minus1 Remove this Application

Summary

Vectra is an Australian leader in the provision of security consulting, risk management, compliance and managed services. Trust Vectra to take care of your cyber security requirements.
Managed Services
Cyber Security Services
Solutions
Company