IT Infrastructure Details

Name of the Customer:

Location:
# Particulars Count Remarks/Comments
1 No. of Windows Servers
2 No. of Linux / Unix Servers
3 No. of Desktops / Laptops
4 No. of Firewalls
5 No. of IDS / IPS
6 No. of Routers
7 No. of Switches
8 No. of Proxy servers
9 No. of Domain Controllers
10 No. of Email servers
11 No. of Antivirus Servers
12 No. of File Servers
13 SIEM (if any)
14 No. of Public facing IP addresses
15 No. of Web Applications
16 No. of Mobile Apps
17 Frequency of VA/PT INTERNAL VULNERABILITY ASSESSMENT

INTERNAL PENETRATION TESTING

EXTERNAL VULNERABILITY ASSESSMENT

EXTERNAL PENETRATION TESTING

18 Number of office locations

1 No. of AWS Accounts
2 Total No. of Virtual Machines,
Database, Instances on AWS
3 No. of Azure Accounts
4 Total No. of Virtual Machines,
Database, Instances on Azure
5 No. of Google Cloud Platform
Accounts
6 Total No. of Virtual Machines,
Database, Instances on GCP
 Application Security Testing Questionnaire

# # Particulars Client Response - Application 1 Client Response - Application 2 Client Response - Application 3 Client Response - Application 4 Client Response - Application 5
1 1 Name & version of the application to be tested
2 2 Brief description of the application
3 3 Wesbite / Web Application Testing URL
4 4 Application users - Who is the audience for the
application? (In-house teams/customers/partners/citizens
etc.)

5 5 Technologies Used?
(Java/.Net/PHP/Perl / MS-SQL/Sybase/Oracle/MySQL /
SOAP/XML-RPC / Ajax, Flash etc.)

6 Application / Servers hosted on AWS/Azure/Google

Cloud/Other Data Center Service Provider (CtrlS, Netmagic,
Tata Communications) / In-house

6 7 Application architecture? (web based, client server, desktop

application, etc )
7 8 Use of any content management module(CMS) (If yes, which
oen?)
8 9 Intranet / Internet facing application?
9 10 Estimated size of Application ?
(No. of dynamic and static pages in the application)
### 11 Type of Authentication used (Form Based/Certificate Based)?

### 12 Whether any payment gateway, crypto, digital signature is

involved?
13 Application has File Upload facility ?
### 14 Web/Application Server with version (e.g. llS, Apache, Tomcat
etc.) -
 Android / iOS Application Security Testing Questionnaire

# Particulars Clients Response - Application 1 Clients Response - Application 2

1 Name & version of the application to be tested

2 Brief description of application

Supported Android OS version & architecture (Android)

3
Supported iOS version & architecture ex. Minimum iOS
Version 8+ 64 bit or 32 bit Devices (iOS)
On which device Application will run ex. iPhone, iPad, iPod
4
(iOS)
Application / Servers hosted on AWS/Azure/Google
5 Cloud/Other Data Center Service Provider (CtrlS, Netmagic,
Tata Communications) / In-house

Application users - End users for the

6 application? (In-house teams/customers/partners/citizens /
general users etc.)

How many roles defined in the application?

No. of roles and type of privileges for the different roles (e.g.;
7
admin user, normal user, Supervisor role, user with only view
access etc.)

Does application deal with the server for any kind of

8 information/request. Does application store any user
information or user input on server side in the database.

Does application store information/data on local device of

9
the end user ?
Does application use any URL Schema ex.
10
whatsapp://message/contactnumber
11 Does application stores any Data in Key Chain (iOS)
12 Application uses any web service ?
13 Does application use HTTPS or SSL Pinning ?
No. of activities (dynamic pages / screens) in the application
14
(Android)
15 No. of screens in the application (iOS)

16 Does application deal with or store any virtual currency ?

Application supports access over 2G, 3G, 4G, Wi-Fi, NFC or

17
others
Application is used to perform e-commerce or m-commerce
18
transactions ?
19 Application has File Upload facility ?
 Application can interact with any device hardware like
a. NFC
b. Bluetooth
c. GPS
20 d. Camera
e. Microphone
f. Sensors
g. TouchID Sensor
H. Siri(Virtual Assistant) (iOS)

21 Development environment (Rails, Java, Django, ASP.NET, etc.)

Use of any kind of framework (Appcelerator, jQuery Mobile,

22
CoronaSDK, TheAppBuilder, PhoneGap)

Application interacts with any other application like

a. Telephony (SMS, phone)
b. Contacts
c. Receiving data from apps and other on-device services
23 d. Google Wallet
e. Social networks (i.e. Facebook, Twitter, LinkedIn, Google+)
f. Dropbox
g. Evernote
h. Email

Hosting provider (AWS, App Engine, Heroku, Rackspace,

24
Azure, etc.)
25 Is application is built in Hybrid Environment ?
Does the application leverage Single Sign On, SAML or
26 Authentication APIs (Google Apps, Facebook, iTunes, OAuth,
etc.)

Any other APIs in use

i. Payment gateways
ii. SMS messaging
27
iii. Social networks
iv. Cloud file storage
v. Ad networks

Any additional point that needs to be considered while

28
security testing of the application?
Contact person to report operational issues as well as high
29
level vulnerabilities
e

Clients Response - Application 3 Clients Response - Application 4