Kyte Global

Step 1 of 4

Tell us about you

The person whose details are provided here will be designated as the Primary Point of Contact for the project. Unless otherwise stated, this person will be the only person to receive the final report, as well as receive ALL project e-mails from start to finish.

Name & Surname*

This person will be the only person to receive the final report, as well as receive ALL project e-mails from start to finish.

Email*

Phone*

Tell us about your company

The details specified here are what will be shown on the final Pentest Report, so please enter details accordingly.

Organization Full Legal Name*

This name will be on your final report as the company name, so please put in the full legal name of the organization.

Website

Company Address*

Tell us about your project

Hidden

Testing Repeater

Test Field	Untitled	Actions

There are no Entries.

Requested date range for test

Available From*

Available To*

What is the business requirement for this penetration test?*

Internal decision or policy

Regulatory audit or standard

Select type of regulatory audit or standard*

PCI/DSS

ISO 27001

Other regulation...

Please note that you are responsible for defining the scope correctly. The penetration testing team cannot define the scope for you, all information entered here will be assumed to be correct & provides sufficient coverage for compliance requirements.

Please enter your additional options below:*

Name of Kyte QSA assigned to this PCI project*

Type of Environment (Select all that apply)*

Live Production

Staging / Development

Virtualized Container Environment

Cloud Deployment

NOTE: Certain exploitation of vulnerabilities to determine and/or prove a weakness could crash your systems/services or cause them to reboot. While our methodology is very precise and this is indeed very rare, due to the nature of penetration testing, testing on live production systems is NOT recommended where possible.

Types of test(s) (select all that apply)

External Network Penetration Test

Please specify number of Hosts that will be tested for the External Network*

Please specify targets or ranges to be included in the test.*

Targets can be IP addresses, ranges, or specific IP:port pairs

Are target IPs static?*

If target IPs can change before the test, please mark this "no".

Internal Network Penetration Test

Please specify number of Hosts that will be tested for the Internal Network*

Please specify targets or ranges to be included in this test*

Targets can be IP addresses, ranges, or specific IP:port pairs

Which Operating Systems are present among the Internal Network targets?

Windows

Linux

Other

Is Active Directory or similar in place?*

How will we be connecting to the Internal Network environment?*

VPN

SSH

Remote Control Software (Teamviewer etc.)

Other

Please explain what the connection will be:*

How many different network positions will we be testing from?*

Web Application Penetration Test

Please specify targets to be included in the test.

Row ID	Target URL	Actions

There are no Targets.

Mobile Application Penetration Test

Please confirm that you can provide a version of the APK and the IPA that has:*

Root Detection disabled

Due to the way Mobile Applications are tested, we need to run them inside emulators, and analyze their various details. For this reason, we need at the very least, a version of the apps with Root Detection disabled. Please confirm that you can provide such versions for the testing team.

Will HTTP traffic be tested as part of the mobile application?*

If your mobile app is generating HTTP traffic with backend server(s), and this traffic also needs to be tested, answer this question "Yes" and enter the relevant details of the backend URLs to be tested in the field that opens below.

If you answer this as "No", then the mobile application will be tested with an "App-Only Focus" which assesses the security of the mobile application as it exists and operates within the mobile device environment, independent of its backend services. This form of testing does not include assessment of the app’s communication with backend servers or API endpoints. This type of test includes static analysis of the application code and package (e.g., APK/IPA), dynamic analysis during runtime, evaluation of local data storage, inter-process communication, usage of device permissions, and reverse engineering resistance. The goal is to uncover vulnerabilities such as insecure storage, hardcoded secrets, improper certificate handling, or unintended behaviors exploitable on the device.

Please confirm that you can provide a version of the APK and the IPA that has:*

SSL Pinning disabled

Due to the way Mobile Applications are tested, we need to run them inside emulators, and analyze their network traffic. For this reason, we will need at least one of the applications to be delivered to us, along with Root Detection disabled, also SSL Pinning capabilities disabled. Please confirm that you can provide such a version for the testing team.

Specify Targets

Target URL	Actions

There are no Targets.

APK (Android)

Are there any additional techonologies used?*

Which additional technologies are in use? (select all that apply)*

Java

Kotlin

Webview

Xamarin

Does the app need authentication to access all of its functionalities?*

How many user roles are there?*

IPA (iPhone)

Are there any additional techonologies used?*

Which additional technologies are in use? (select all that apply)*

Objective C

Webview

Xamarin

Swift

Does the app need authentication to access all of its functionalities?*

How many user roles are there?*

Cloud Configuration Security Test

What type of Cloud environment?*

Amazon AWS

Microsoft Azure

Google GCP

Other

Select types of Amazon AWS assets deployed:*

IAM

EC2

EKS

RDS

Lambda

VPC & Security Groups

CloudTrail / GuardDuty / Security Hub

Select types of Microsoft Azure cloud assets deployed*

Azure AD

VM / Compute

AKS

Key Vault

Storage Accounts

SQL Database

NSG / VNet

Select types of Google GCP cloud assets deployed*

IAM

Compute Engine

GKE

Cloud Storage

VPC / Firewall

Security Command Center

Wireless Penetration Test

How many wireless access points?*

Social Engineering Test

How many personnel are going to be included in this test?*

How many different scenarios would you like to run?*

Network Segmentation Test

Please specify number of Hosts that will be tested for the Segmentation Test*

Please specify targets or ranges to be included in this test*

Targets can be IP addresses, ranges, or specific IP:port pairs

Please specify how many network positions we will need to take for Segmentation Testing:*

Enter the number of distinct network zones we need to access from the inside (to inventory systems) and from the outside (to confirm they’re unreachable).
You can also provide explanations of how they are reached (as in the example in the box).

Physical Intrusion Test

Please specify number of locations that will be breached:*

LLM Penetration Test

This assessment is for conducting security evaluations of your application’s use of Large Language Models, focusing on risks such as prompt injection, information leakage, function misuse, and unauthorized access through LLM-driven interfaces.

Information regarding LLM targets will be gathered from you over direct communication.

Do you have any external perimeter defenses in place?*

Tick all the external perimeter defenses that apply*

Firewall

Active IDS/IPS

Load Balancer

Web Application Firewall

SIEM

End-point protection solutions

File integrity monitoring

Other...

Enter your additional external perimeter defenses*

What documents and information will be available for tester?

Network diagram

Source code

API Endpoint Usage Documentation (Swagger / OpenAPI / Custom

Reports from previous testing

Software architecture

Tech stack information (Development tools and frameworks)

How many final reports will be needed?*

If you will need more than 1 final report for the pentest results, please list them and how they should be different.

Any Additional Notes?

Out of Scope / Non Targets

Are there systems or application in the same networks or environments that should not be tested?"

Specific Concerns & Notes

PENETRATION TEST

Pre-engagement
Scoping Form

Please fill in this questionnaire and send us back the PDF generated at your earliest convenience. Please note that if you are not sure what a question might mean on the form, you can check the question mark icons next to each field for further explanations.

PLEASE NOTE: For security reasons, we DO NOT receive the form automatically when you fill it in. Please complete the form, download the PDF file at the end, and e-mail it to us.

Tell us about you

Tell us about your company

Tell us about your project

Requested date range for test

Types of test(s) (select all that apply)

Any Additional Notes?