Company Name *Company Website *Name *Email Address *Web Application Name *URL to the application *Which penetration testing method would you like to be performed *Black BoxWhite BoxGrey BoxHas the web application been through any security checks? *(penetration testing, vulnerability assessment, security code review)What is the purpose of the application, who is it intended for, and who uses it? *Is the application intended for internal users (access from the internal network) or is it accessible from the Internet? *If the application is in the internal network, can it be accessed via a VPN? *Does the application have a test environment or is pen-testing to be done on production? *If the application is in a test environment, are all functionalities available and working as in production? Is the mail server used in the application working (if used)? *If the application is in production, should special attention be paid to anything else (base, working hours, connection to other systems...)? *Has the web application already been data pre-filled or is it empty (data must be entered manually)? *Has the development of the web application been completed or is it in the development process? *What technology is used? *(frontend, backend, framework, database)Is the web application behind a reverse proxy/load balancer? *Authentication method, how does the user log into the application? * (Username and password, MFA, certificates, tokens)Does the server have any type of protection such as WAF (Web Application Firewall)? Is there a possibility to add our IP addresses to the whitelist? *Do you have an application manual, architecture diagram, or API documentation? Can you provide it to us? *Application size, how many unique pages, functionality or API endpoints are there (approximately)? *How many roles does the application have, and do all roles need to be tested? If possible, provide us with a brief description of them. *Is there an admin account/role? *Is there a separate admin login page/location? *Should the administrator account be tested? (Our recommendation is to always test the administrator account as well.) * Submit FormSave as DraftPlease do not fill in this field.
