PrimoConnect - Penetration Testing, Cyber Awareness Training and Cloud Infrastructure Delivery
Home
About
About
Customers
Compliance
DORA Overview
Compliance Support Overview
ISO 27001 – Information Security Management System Standard
ISO 27001 – ISO 27001:2022 Controls
Cyber Essentials – April 2023 Update
Cyber Essentials – January 2022 Update
SOC 2 – System and Organisation Controls
SOC 2 Information Pack
NIST Framework Overview
NIST – Cybersecurity Framework
NIST Cybersecurity Framework Update 2024
NIST Framework - Update 2024
Security Standards - A Comparison
ISO 42001 Overview - AI Management
Cyber Security
Penetration Testing Explained
Vulnerability Testing
Network Penetration Testing
Web App Penetration Testing
Mobile App Penetration Testing
Wireless Penetration Testing
Amazon Web Services Penetration Testing
Microsoft Azure Penetration Testing
Google Cloud Platform Penetration Testing
Social Engineering Testing
Cyber Security Awareness Training Brochure
Security Consulting
Forensic Analysis and Incident Response
OSINT Cyber Intelligence
Vulnerability Management
Internet of Things Penetration Testing
SIEM / Managed Detection and Response
DDoS Attack Prevention
Network Security
Mobile Device Management
Cyber Insurance & Security Measures Leaflet
AI & Cyber Security: Threat Forecast 2024
Cloud
Amazon Web Services / AWS
Microsoft Azure
Google Cloud Platform
Platform As A Service
Infrastructure As A Service
Performance / Load Testing
Networking
Networking and Internet Connectivity
Wireless and Local Area Networks
IP Telephony and Unified Communications
IT As A Service
Outsourced IT Project Management
Contact
08004640131
Home
/
About
/
About
Customers
Compliance
/
DORA Overview
Compliance Support Overview
ISO 27001 – Information Security Management System Standard
ISO 27001 – ISO 27001:2022 Controls
Cyber Essentials – April 2023 Update
Cyber Essentials – January 2022 Update
SOC 2 – System and Organisation Controls
SOC 2 Information Pack
NIST Framework Overview
NIST – Cybersecurity Framework
NIST Cybersecurity Framework Update 2024
NIST Framework - Update 2024
Security Standards - A Comparison
ISO 42001 Overview - AI Management
Cyber Security
/
Penetration Testing Explained
Vulnerability Testing
Network Penetration Testing
Web App Penetration Testing
Mobile App Penetration Testing
Wireless Penetration Testing
Amazon Web Services Penetration Testing
Microsoft Azure Penetration Testing
Google Cloud Platform Penetration Testing
Social Engineering Testing
Cyber Security Awareness Training Brochure
Security Consulting
Forensic Analysis and Incident Response
OSINT Cyber Intelligence
Vulnerability Management
Internet of Things Penetration Testing
SIEM / Managed Detection and Response
DDoS Attack Prevention
Network Security
Mobile Device Management
Cyber Insurance & Security Measures Leaflet
AI & Cyber Security: Threat Forecast 2024
Cloud
/
Amazon Web Services / AWS
Microsoft Azure
Google Cloud Platform
Platform As A Service
Infrastructure As A Service
Performance / Load Testing
Networking
/
Networking and Internet Connectivity
Wireless and Local Area Networks
IP Telephony and Unified Communications
IT As A Service
Outsourced IT Project Management
Contact
/
08004640131
/
Secure Communications Specialists
Offensive Security Scoping Questionnaire (Including Penetration Testing)
Home
/
About
/
About
Customers
Compliance
/
DORA Overview
Compliance Support Overview
ISO 27001 – Information Security Management System Standard
ISO 27001 – ISO 27001:2022 Controls
Cyber Essentials – April 2023 Update
Cyber Essentials – January 2022 Update
SOC 2 – System and Organisation Controls
SOC 2 Information Pack
NIST Framework Overview
NIST – Cybersecurity Framework
NIST Cybersecurity Framework Update 2024
NIST Framework - Update 2024
Security Standards - A Comparison
ISO 42001 Overview - AI Management
Cyber Security
/
Penetration Testing Explained
Vulnerability Testing
Network Penetration Testing
Web App Penetration Testing
Mobile App Penetration Testing
Wireless Penetration Testing
Amazon Web Services Penetration Testing
Microsoft Azure Penetration Testing
Google Cloud Platform Penetration Testing
Social Engineering Testing
Cyber Security Awareness Training Brochure
Security Consulting
Forensic Analysis and Incident Response
OSINT Cyber Intelligence
Vulnerability Management
Internet of Things Penetration Testing
SIEM / Managed Detection and Response
DDoS Attack Prevention
Network Security
Mobile Device Management
Cyber Insurance & Security Measures Leaflet
AI & Cyber Security: Threat Forecast 2024
Cloud
/
Amazon Web Services / AWS
Microsoft Azure
Google Cloud Platform
Platform As A Service
Infrastructure As A Service
Performance / Load Testing
Networking
/
Networking and Internet Connectivity
Wireless and Local Area Networks
IP Telephony and Unified Communications
IT As A Service
Outsourced IT Project Management
Contact
/
08004640131
/
Offensive Security Scoping Questionnaire (Including Penetration Testing)
Personal Information
Name
*
First Name
Last Name
Company
Email
*
Phone
Vulnerability Assessment vs. Penetration Test
Are you interested in a vulnerability assessment or in a penetration test? The difference between the two services: a vulnerability assessment identifies all network and/or web application vulnerabilities. A penetration test identifies all network and/or web application vulnerabilities plus actively exploiting them in order to gain access like a malicious hacker would.
Vulnerability Assessment
Penetration Testing
I would like 2 quotation options to compare
Don’t need an external VA or PT
Number of external IP addresses
For external network level tests please specify the number of publicly / Internet reachable IP addresses. Note: an external IP address is an IP address, which is reachable from the Internet (examples: servers, firewalls, load balancers, VPN gateways, IoT devices, etc.)
1 IP
2 – 5 IPs
6 – 10 IPs
11 – 20 IPs
21 – 30 IPs
31 – 40 IPs
41 – 50 IPs
51 – 100 IPs
Up to 254 IPs
More than 254 IPs
Do not need an external VA or PT
If not found in the menu above, please enter the amount of IPs here:
Number of external websites / web applications
For external web application tests please specify the number of publicly / Internet reachable URLs / websites / portals. Note: number of publicly reachable web apps / domain URLs (such as www.xyz.com, mail.xyz.com, vpn.xyz.com, etc.)
1 URL / Web App
2 – 5 URLs / Web Apps
6 – 10 URLs / Web Apps
11 – 20 URLs / Web Apps
21 – 30 URLs / Web Apps
31 – 40 URLs / Web Apps
41 – 50 URLs / Web Apps
More than 50 URLs Web Apps
Do not need an external VA or PT
If not found in the menu above, please enter the amount of web apps / URLs here:
Internal testing
Do you require internal testing? Internal assessments are against IP addresses and URLs, which are not directly publicly available from the Internet (i.e. private IPs such as 192.168.x.x), etc.
Yes
No
VPN access (internal testing)
Do you allow internal testing to be done remotely via VPN access? This eliminates all travel & expense costs. Alternatively, we can ship a small form factor device to be plugged into your local network, which allows us to perform internal testing remotely. If VPN access is not possible, we will not be able to perform internal testing via VPN.
Yes
No
Do not need an external VA or PT
Site locations (internal testing)
If you are not able to provide VPN access, please specify how many locations are in scope along with physical locations:
Number of internal IP addresses
For internal network level tests, please specify the number of internal IP addresses? Note: an internal IP address is an IP address that is not reachable from the Internet (examples: local servers, workstations, local printers and other internal devices.)
1 IP
2: 2 – 5 IPs
6 – 10 IPs
11 – 20 IPs
21 – 30 IPs
31 – 40 IPs
41 – 50 IPs
51 – 100 IPs
Up to 254 IPs
More than 254 IPs
Do not need an internal VA or PT
If not found in the menu above, please enter the amount of IPs here:
Number of internal websites / web applications
For internal web application tests please specify the number of internal websites / portals. Note: number of internal-only reachable web apps / domain URLs (such as intranet applications etc.)
1 URL / Web App
2 – 5 URLs / Web Apps
6 – 10 URLs / Web Apps
11 – 20 URLs / Web Apps
21 – 30 URLs / Web Apps
31 – 40 URLs / Web Apps
41 – 50 URLs / Web Apps
More than 50 URLs Web Apps
Do not need an internal VA or PT
If not found in the menu above, please enter the amount of URLs / web apps here:
Mobile application penetration testing (remote)
Do you require mobile app penetration testing? Please specify the number of mobile applications. (example 1 x IOS app, 1 x Android app). This test is testing only the mobile app itself without backend server(s), API(s) and communication channels.
1 Mobile App
2 Mobile Apps
3 Mobile Apps
4 Mobile Apps
More than 4 mobile apps
Do not need an external VA or PT
If not found in the menu above, please enter the amount of mobile apps here:
Mobile application framework testing (remote)
In addition to the mobile application testing, please also specify whether you also want communication relations, backend servers and APIs tested.
Yes
No
Do not need an external VA or PT
Social engineering / phishing / spear phishing testing
Do you require social engineering (phishing / spear phishing testing)? Please specify the number of user email accounts to be tested and whether you would like the silver package or the gold package. Silver package: 1 phishing mail per user + 1 spear phishing mail per user. Gold package: same as silver package + exploit distribution to compromise endpoint
Silver Package (1 – 50 Users)
Gold Package (1 – 50 Users)
Silver Package (51 – 100 Users)
Gold Package (51 – 100 Users)
Silver Package (101 – 500 Users)
Gold Package (101 – 500 Users)
Silver Package (501 – 1000 Users)
Gold Package (501 – 1000 Users)
Do not need social engineering testing
Wireless penetration testing
Do you require wireless penetration testing? If yes, we will ship a small form factor device, which will connect back to our server farm and the tests can be carried out remotely. Please indicate the number of physical locations where you want the local WiFi infrastructure tested? Our packages are per physical location and include up to 5 wireless networks (SSIDs) per site.
1 Location
2 Locations
3 Locations
4 Locations
More than 4 locations
Do not need Wireless Pen Testing
If not found in the menu above, how many locations?:
Please describe your wireless infrastructure in terms of the number of users, access points, number of wireless networks, etc.
Do you require the testing to be carried out by a consultant onsite or do you agree to remote testing whereby we will send a small form factor device to be plugged into an office switch in order to perform the engagement remotely?
Remote testing
Consultant onsite
Not concerned about method
Previous security testing
Was the environment tested before? If yes, please specify when if possible:
Compliance
Is the test being done for compliance reasons? (i.e. PCI DSS, ISO 27001, Cyber Essentials, FCA, GDPR, HIPAA, etc.):
Web application specifics
In case you have chosen web application testing (either vulnerability assessment or penetration test), would you like the test to be performed in a black-box or grey-box fashion? Black-box: Unauthenticated testing without any user credentials. Grey-box: authenticated testing with user credentials (for example SaaS, portals, etc.):
How many pages are contained in each of the URL’s?:
How many pages within the web application(s) contain data entry fields or user interaction? (i.e. forms, login pages etc.):
Shared hosting
For any web app / network testing services: How many systems / applications are hosted with third party provider such as Microsoft Azure, Google Cloud Platform or Amazon's AWS?:
Testing times and desired project window
Please specify the testing times as well as the desired time window. For example: test has to be carried out between April 1st and April 30th and testing is only allowed during 9am – 5pm GMT:
Re-testing and recurring options
Are you interested in a re-test and/or recurring testing options?
Single test with no retest
Single test with 1 re-test
Two tests per year - half yearly testing
Four tests per year - quarterly testing
Certifications
Any specific consultant certifications required? For example, consultant must be UK CREST Registered Pen Tester or consultant must be OSCP certified, GIAC, CEH, etc.:
Security Clearance
Does the tester have to have specific Security Clearances? For example, consultant must hold a U.S. Top Secret clearance:
Thank you!
