APPLICATIONS & TECHNOLOGY TO BE INCLUDED AS IN-SCOPE FOR CODE REVIEW
From what the application does to how the business benefits from it as well as the nature of the application, examining every aspect changes scope. All these perspectives go a long way in defining security for a particular application.
WHO ARE APPLICATIONS REAL USERS? ARE THEY INTERNAL OR EXTERNAL USERS? IF BOTH, ARE THEY AUTHENTICATED DIFFERENTLY?
APPLICATIONS TO BE INCLUDED AS IN-SCOPE FOR IMPLEMENTING DEVSECOPS
ASSETS INCLUDED AS IN-SCOPE FOR IMPLEMENTING DEVSECOPS?
DOES THE ORGANIZATION HAVE ANY DEDICATED TOOLS FOR SECURITY MEASURES?
APPLICATIONS TO BE INCLUDED AS IN-SCOPE FOR APPLICATION SECURITY TESTING
ASSETS ARE INCLUDED AS IN-SCOPE FOR THIS APPLICATION SECURITY TESTING.
WHAT ARE THE OBJECTIVES?
For SAST (White box security testing)
FOR DAST (BLACK BOX SECURITY TESTING)
ASSETS TO BE INCLUDED AS IN-SCOPE FOR THREAT MODELLING
APPLICATIONS ARE INCLUDED AS IN-SCOPE FOR THIS THREAT MODELLING
DATA FLOW TRANSITIONS
ENVIRONMENT DETAILS TO BE INCLUDED AS IN-SCOPE FOR STRATEGY, RISK AND COMPLIANCE SERVICES.
ASSET INVENTORY DETAILS INCLUDED AS IN-SCOPE FOR THIS STRATEGY, RISK AND COMPLIANCE SERVICES?
THE FOLLOWING ARE COMMON CONTROLS IN THE SOC 2 REPORT. SELECT THOSE THAT ARE NOT DEPLOYED IN YOUR ORGANIZATION.
EXTERNAL PENETRATION TESTING (MOBILE BLACK BOX TEXTING)
Mobile applications to be included as In-Scope for this testing Please list applications and provide the details of Android and IOS applications to be tested.
IF THE APPLICATION IS NOT AVAILABLE TO THE ABOVE, PLEASE DETAIL HOW WILL YOU PROVIDE THE APPLICATION TO US?
EXTERNAL PENETRATION TESTING (WEB BLACK BOX TESTING)
NETWORK PENETRATION TESTING
