Skip to content
Application Security Testing
Source Code Review
Work From Home Service
In the News
Project Intake Form
Project Intake Form
What is the full legal name of your company?
Please provide your company website/URL
Please explain your testing needs in your own words.
Why are you testing and what concerns you the most? Have you had previous tests and what were they like? Are there any delicate systems should be avoided? What are your biggest security concerns? What are you trying to accomplish, what is your goal?
The following questions are designed to collect technical information about your project. Netragard will use this information to diagnose the exact workload for your project through a process called Attack Surface Mapping (ASM). This diagnosis is a requirement for genuine penetration testing. If the information that you provide is incorrect or incomplete then the proposal will also be incorrect. Please check "I agree" to continue.
What type of test are you looking for?
External Network Penetration Test
Internal Network Penetration Test
Web Application Penetration Test
iPhone or Android Security Testing
Other / Custom
Context: External - From the Internet / Internal - From the Local Area Network (ie: as an employee working from the office or data center)
External Network Penetration Testing Targets
Please provide your EXTERNAL IP addresses in CIDR notation (eg: 184.108.40.206/24, dash notation 220.127.116.11-255, or as a list. Be sure specify all the virtual hosts for a given IP address. We will use this information to map your attack surface and produce an exact quote.
Internal Network Penetration Testing Targets
Please provide your INTERNAL IP addresses in CIDR notation (eg: 192.168.1.0/24, dash notation 192.168.1.0-255, or as a list. Be sure specify all the virtual hosts for a given IP address. We will use this information to map your attack surface and produce an exact quote.
Note: In order to properly price your internal penetration test we need a map of your internal attack surface. If you are familiar with nmap then you can generate this map for us using the following command. "nmap -A -iL targets -oA netragard-map" where "targets" is the name of the file containing your internal IP ranges and "netragard-map" is the prefix for the output files that will be generated. Once the mapping is finished please email the three files generated to
you are not comfortable with nmap then we will work with you to map your internal network attack surface.
How many live systems do you have in your internal environment?
Could you give an approximate count for: a) workstations, b) windows servers c) *nix servers d) other devices (e.g. network switch/routers, printers, IOT, etc.)
For the Windows/*NIX servers, could you give us a rough estimate of the number of physical server vs. virtual server?
How many subnets do you have configured in the corp. environment? Are these subnets restricted (firewall, access list)?
Web Application Testing - Perspective
SELECT ONE ONLY - Credentialed or non-credentialed web application testing (select credentialed if mixed).
: We want credentialed testing and will provide login information. Testing should be carried out from the perspective of a user with an account and from the perspective of a user without an account.
NON CREDENTIALED TESTING
: We do not want credentialed testing and will not provide login information. Testing should not be carried out from the perspective of a user with an account. Netragard should not request or attempt to create an account.
Please provide a list of web application URL's that you want tested.
Web Application Account Information (Username and Passwords)
URL: Username: Password:
iOS / Android
For Android / iOS / Custom Security Testing: Please provide as much detail as possible about your testing needs. We are particularly interested in understanding why you are testing, what you are testing, and if you have tested before. We are also interested in understanding the technical aspects of what you need tested. The more detail the better.
Threat augmentation modules enable our teams to produce elevated levels of threat. Those threat levels can be anything from basic to genuine nation-state. Please select all that apply.
Social Engineering (Targeted attacks designed to breach the network, includes targeted phishing & RADON)
Statistical Phishing (Test a large number of users, see who clicks)
Physical Security Testing ( Attempt to breach the physical office )
Wireless Security Testing (OnSite)
Distributed Metastasis (Also known as pivoting. The act of propagating penetration throughout a network)
Watering Hole Attacks ( http://en.wikipedia.org/wiki/Watering_Hole )
Stealth (Avoid detection during testing. Used to test IDS/IPS/IR)
Custom (Create your own below)
Create your own threat
If you selected the "Other" box above, then please define the threat that was not included above.
Which one is most important to you?
Project cost is most important.
Project quality is most important.
What price range are you expecting this proposal to come in at?
$10,000 - $14,999
$15,000 - $19,999
$20,000 - $29,999
We are asking you this to make sure that your expectations are realistic with regards to testing.
When do you expect this project to start?
Other (Please specify below )
Other project start dates (if you selected other above)
How did you find us?
Have you purchased or received a third party penetration test before?
How was your last penetration test priced? For example, were you quoted a price per IP Address or the number of lines of code?
Who delivered your last penetration test? (Company name)
Please select the boxes that best describe your last test.
Breached the network
Breached the domain
Performed Social Engineering
Used pseudo-malware & infected systems
They were covert, we didn't detect their activity
Some systems crashed
Some networks crashed
The last test caused damage
Performed phishing (against a select number of people)
Performed phishing (against most employees)
We were highly satisfied
We were moderately satisfied
We were slightly satisfied
We were dissapointed
We wanted a real penetration test but feel like we got a scan instead
We would recommend them to others
We would not recommend them to others
Please describe the testing process from start to finish for the last penetration test you received.
What type of data does your network contain?
Payment Card Information
Personally Identifiable Information
Sensitive Customer Lists
Payroll / Salary Information
Company Finance Data
Partner Finance Data
Classified Information (TOP SECRET, etc)
Patent & Design Information
Other type of information?
How concerned are you about being compromised by malicious hackers?
Not at all Concerned
What is the worst that could happen if a malicious hacker compromised your data?
Not damaging at all
It would put us out of business
How confident are you about the security of your network?
Not confident at all
Save and Continue Later