Contact Information

Company Name*

What is the full legal name of your company?

Company Website*

Please provide your company website/URL

Name*

First Last

Email*

Phone*

What is the catalyst for this project?*

Technical Information

Notice: The following questions are designed to collect technical information about your project. Netragard will use this information to diagnose the exact workload for your project through a process called Attack Surface Mapping (ASM). This diagnosis is a requirement for genuine penetration testing. If the information that you provide is incorrect or incomplete then the proposal will also be incorrect. Please check "I agree" to continue.

I Agree

What type of test are you looking for?*

External Network Penetration Test
Internal Network Penetration Test
Web Application Penetration Test
iPhone or Android Security Testing
Other / Custom

Context: External - From the Internet / Internal - From the Local Area Network (ie: as an employee working from the office or data center)

External Network Penetration Testing Targets

Please provide your EXTERNAL IP addresses in CIDR notation (eg: 38.83.192.2/24, dash notation 38.83.192.0-255, or as a list. Be sure specify all the virtual hosts for a given IP address. We will use this information to map your attack surface and produce an exact quote.*

Internal Network Penetration Testing Targets

Please provide your INTERNAL IP addresses in CIDR notation (eg: 192.168.1.0/24, dash notation 192.168.1.0-255, or as a list. Be sure specify all the virtual hosts for a given IP address. We will use this information to map your attack surface and produce an exact quote.*

Note: In order to properly price your internal penetration test we need a map of your internal attack surface. If you are familiar with nmap then you can generate this map for us using the following command. "nmap -A -iL targets -oA netragard-map" where "targets" is the name of the file containing your internal IP ranges and "netragard-map" is the prefix for the output files that will be generated. Once the mapping is finished please email the three files generated to [email protected] you are not comfortable with nmap then we will work with you to map your internal network attack surface.

How many live systems do you have in your internal environment?*

Could you give an approximate count for: a) workstations, b) windows servers c) *nix servers d) other devices (e.g. network switch/routers, printers, IOT, etc.)*

For the Windows/*NIX servers, could you give us a rough estimate of the number of physical server vs. virtual server?*

How many subnets do you have configured in the corp. environment? Are these subnets restricted (firewall, access list)?*

Web Application Testing - Perspective

Credentialed or non-credentialed web application testing (select credentialed if mixed).*

CREDENTIALED TESTING: We want credentialed testing and will provide login information. Testing should be carried out from the perspective of a user with an account and from the perspective of a user without an account.
NON CREDENTIALED TESTING: We do not want credentialed testing and will not provide login information. Testing should not be carried out from the perspective of a user with an account. Netragard should not request or attempt to create an account.

Please provide a list of web application URL's that you want tested.*

Web Application Account Information (Username and Passwords)*

Threat Information

iOS / Android

Threat augmentation modules enable our teams to produce elevated levels of threat. Those threat levels can be anything from basic to genuine nation-state. Please select all that apply.

Social Engineering (Targeted attacks designed to breach the network, includes targeted phishing & RADON)
Statistical Phishing (Test a large number of users, see who clicks)
Physical Security Testing ( Attempt to breach the physical office )
Wireless Security Testing (OnSite)
Distributed Metastasis (Also known as pivoting. The act of propagating penetration throughout a network)
Watering Hole Attacks ( http://en.wikipedia.org/wiki/Watering_Hole )
Stealth (Avoid detection during testing. Used to test IDS/IPS/IR)
Custom (Create your own below)

Create your own threat

If you selected the "Other" box above, then please define the threat that was not included above.

Business Information

Which one is most important to you?*

Project cost is most important.
Project quality is most important.

What price range are you expecting this proposal to come in at?*

$10,000 - $14,999
$15,000 - $19,999
$20,000 - $29,999
$30,000+

We are asking you this to make sure that your expectations are realistic with regards to testing. When you do receive our proposal the pricing will be broken down and itemized.

When do you expect this project to start?*

Other project start dates (if you selected other above)

How did you find us?*

Referral/Other

Have you purchased or received a third party penetration test before?*

Yes
No

How was your last penetration test priced? For example, were you quoted a price per IP Address or the number of lines of code?

Who delivered your last penetration test? (Company name)

Please select the boxes that best describe your last test.

Please describe the testing process from start to finish for the last penetration test you received.

What type of data does your network contain?*

Other type of information?

How concerned are you about being compromised by malicious hackers?*

Not at all Concerned
Slightly Concerned
Moderately Concerned
Highly Concerned

What is the worst that could happen if a malicious hacker compromised your data?*

How confident are you about the security of your network?*

Not confident at all
Slightly Confident
Moderately Confident
Highly Confident