1
arozen
2
Company Details
3
Business Requirement
4
Completed
Welcome to arozen
You can start your Form works
Company Details
Company Name
Contact Person (and Role)
Contact Email
Contact Phone
Business Requirements
What is the business requirement for this penetration test?
This is required by a regulatory audit or standard
Proactive internal decision to determine all weaknesses
Following a security incident
Client or Partner Requirement
Before a major launch or update, or after significant changes
What type of systems would you like tested?
Website or Web Application
Desktop Application
Mobile Application
Internal Network
External Network
Cloud Environment
Other (Please specify)
WEB APPLICATION Information
Add
Purpose of the application
E-commerce
ERP
Educational
CMS
Financial
Social Media
CRM
Healthcare
SaaS
URL:
Public or limited access:
Public access
Private access
User Roles:
1
2
3
4
5
6 <
Roles complexity
Estimated Dynamic Pages:
1
2
3
4
5
6 <
Number of dynamic pages
API Calls:
1
2
3
4
5
6 <
Number of API calls
Compliance Requirements:
Select an option
GDPR
HIPAA
PCI DSS
ISO 27001
Does the application include a payment gateway?
Yes
No
Is the payment gateway managed by:
Third-party provider (e.g., Stripe, PayPal, Square)
In-house/Own solution
Delete
Desktop Application
Add
What is the primary purpose of the desktop application?
Finance management
Gaming
CRM
What operating systems does the application support?
Windows
macOS
Linux
Does the application require installation or run as a portable app?
Require installation
Portable app
User Roles:
1
2
3
4
5
6 <
Ex: Admin, Manager, Viewer, User, Guest, More
Does the application communicate with external servers or APIs?
Yes
No
If yes, how many?:
1
2
3
4
5
6 <
Number of external servers or APIs
Are there any sensitive data storage or processing functions?
Yes
No
E.g., Encryption, Local DBs, Logs
Are compliance standards relevant?
HIPAA
SOX
ISO27001
GDPR
Does the application involve third-party integrations?
Yes
No
E.g., plugins, libraries
How does the application handle updates?
Manual
Automatic
Delete
Mobile Application
Add
Which platforms does the application support?
iOS
Android
Others
What is the purpose of the application?
E-commerce
Financial
Social Media
Is your mobile application native, hybrid, or web-based?
Native
Hybrid
Web-based
Does the app have different user roles?
Yes
No
If yes, how many?:
1
2
3
4
5
6 <
Number of user roles
How does the app communicate with servers or APIs?
Are any permissions required by the app?
Camera
Microphone
Location
Others
E.g., Camera, Microphone, Location
Is the application hosted on official app stores?
Yes
No
Specify if hosted on App Store or Google Play
Are there in-app purchases or payment gateways?
Yes
No
If yes, specify:
Does the app store sensitive user data locally or in the cloud?
Locally
Cloud
E.g., Encrypted storage, Cloud databases
Are compliance requirements applicable to the app?
PCI DSS
CCPA
HIPAA
GDPR
Others
E.g., PCI DSS, CCPA, HIPAA, GDPR
Does the application use third-party SDKs or libraries?
Yes
No
E.g., Firebase, Analytics SDKs
Delete
Internal Environment Assessment
Add
What is the scope of the internal network assessment?
IP ranges
Domains
VLANs
Subnets
Other
Are there specific systems or assets to be excluded from the assessment?
Are external-facing applications or APIs within scope?
Yes
No
Are there any cloud-hosted resources to be included?
AWS
Azure
GCP
Others
Does the environment use centralized authentication?
Yes
No
Are compliance standards relevant to the environment?
PCI DSS
HIPAA
ISO 27001
GDPR
Others
Does the client require DDoS simulation or resilience testing?
Yes
No
Are there third-party services or platforms linked to the external network?
Yes
No
Are public-facing network devices (e.g., firewalls, routers) included in the scope?
Yes
No
Does the client require Open Source Intelligence (OSINT) or reconnaissance activities?
Yes
No
Is phishing or social engineering part of the internal test scope?
Yes
No
Delete
External Network Assessment
Add
What is the scope of the external network assessment?
IP ranges
Domains
Subdomains
Other
Are there specific systems or assets to be excluded from the assessment?
Are external-facing applications or APIs within scope?
Yes
No
Are there any cloud-hosted resources to be included?
AWS
Azure
GCP
Others
Are compliance standards relevant to the environment?
GDPR
CCPA
HIPAA
Others
Does the client require DDoS simulation or resilience testing?
Yes
No
Are there third-party services or platforms linked to the external network?
Yes
No
Are public-facing network devices (e.g., firewalls, routers) included in the scope?
Yes
No
Does the client require Open Source Intelligence (OSINT) or reconnaissance activities?
Yes
No
Is phishing or social engineering part of the external test scope?
Yes
No
Delete
Cloud Environment Security and Compliance
Add
Which cloud provider does the environment use?
AWS
Azure
GCP
Oracle Cloud
Others
What is the purpose of the cloud deployment?
Production
Development
Staging
Hosting
Others
Are compliance requirements applicable to the cloud environment?
PCI DSS
HIPAA
ISO 27001
GDPR
Others
Are there multi-factor authentication (MFA) requirements?
Yes
No
Are there external users or third-party access in the environment?
Yes
No
Are virtual private networks (VPNs) or VPCs implemented?
Yes
No
Is data encrypted at rest and in transit?
Yes
No
Are public-facing services minimized?
Yes
No
Are Identity and Access Management (IAM) policies in place?
Yes
No
Are automated tools used for configuration assessments?
Yes
No
Delete
Specify Other
Specify other
other
Summary
Back
Continue
