Security Assessment Quote
What is your name? (*)
Invalid Input
What is the name of your organization? (*)
Invalid Input
What is is the best phone number to get in contact with you?
Invalid Input
Where can we send you emails? (*)
Invalid Input
How many physical sites/locations does mile2 need to travel to in order to complete this assessment?
Invalid Input
Why are you requesting a security assessment?
Invalid Input
How many INTERNAL hosts or ip addresses will be tested? (*)
Invalid Input
How many EXTERNAL hosts or ip addresses will be tested? (*)
Invalid Input
Will the test be "Black Box", "Grey Box", or "White Box"?
Invalid Input		 Scroll down for definition.
How many subnets will be included in the test?
Please enter a numeric value
If there is more than one subnet to be tested, please list them here. (please use the format xxx.xxx.xxx.xxx/xx)
Invalid Input
If this is an internal penetration test, is mile2 required to be on site or will the application be available remotely (i.e. PCAnyware, VPN..etc)?
Invalid Input
What type of assessment will you need? (*)
Invalid Input
During what hours will the testing be done?
Invalid Input
Can log files be erased during the assessment?
Invalid Input
Will your networking staff be informed that testing will take place?
Invalid Input
What systems will be the target-of-evaluation (TOE)?
Invalid Input
Are social engineering techniques acceptable as part of the test?
Invalid Input		 Scroll down for definition.
Can data be retrieved and copied from systems for results compilations?
Invalid Input
Will DoS (Denial of Service) attacks be allowed?
Invalid Input
Can backdoor Trojan / Malware applications be installed on target systems?
Invalid Input
Give full contact information for who will be the contact person during the assessment?
Invalid Input
Are we also performing a code review or a web application penetration test?
Invalid Input
What technology is the application built on (i.e J2EE, .NET, PHP..etc)?
Invalid Input
Approximately how many pages does the application have?
Invalid Input
  
Here is some additional information to assist you in filling out the form above....

Will the test be "Black Box", "Grey Box", or "White Box"?
Black box testing - A Penetration test with no prior knowledge of the target system except for only a valid IP address. No user or application credentials were supplied to the testing team or any information on services running on the target.
White Box testing - A Vulnerability Analysis Inspection of the target system to determine what vulnerabilities exist on the system that, although directly exploitable via a Penetration Test, may be utilized in the future or by a disgruntled/disaffected insider. Full user and application credentials are supplied to the team whenever possible.
Gray Box testing – Where some knowledge of the infrastructure is known and a user account may be held.

How many subnets will be included in the test?
A subnet is an identifiably separate part of an organization's network. Subnets are generally tested separately. 10.1.2.10 would indicate one subnet while 10.1.5.10 would indicate a separate one. These should be listed separately for an accurate quote.

What type of assessment will you need?
A vulnerability assessment and a penetration test are completely different. A vulnerability assessment identifies the vulnerabilities or holes in the infrastructure and provides detailed reporting on how to resolve those issues. A penetration test goes one step further by simulating what an attacker would do in the event those vulnerabilities are discovered in an infrastructure. A penetration test is generally performed alongside a vulnerability assessment, and gives the most accurate reporting about how an infrastructure can be compromised. Mile2 is fully equipped to deliver on either request.

Are social engineering techniques acceptable as part of the test?
Social engineering techniques include electronic attacks (email spoofing, Facebook, Linked in) as well as psychological manipulations (phone calls, face to face interactions, masquerading).

Will DoS (Denial of Service) attacks be allowed?
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. This can be used to test firewalls for proper configuration, but can also be used by attackers to gain access to a system without detection.

Can backdoor Trojan / Malware applications be installed on target systems?
Any malicious software payloads are 100% reversible and will not damage any hosts.

mile2: A Worldwide Name in IT Security! mile2 provides services for companies like Penetration Testing, Ethical Hacker Training, Digital Forensics, and mile2's
upgrade to Certified Ethical Hacker Certification known as CPTEngineer and CPEH.
mile2 designs, develops, and delivers Information Security training and consulting services that meet military, government,
private sector and institutional specifications. mile2 also provides security vulnerability scans and assessments to clients around the world.
You can become an Ethical Hacker with our answer to Certified Ethical Hacker Training. Click Here
Interested in Digital Forensics?