Skip to content
Submit a request
  • There are no suggestions because the search field is empty.

Physical Environment Pentest Requirements

🔴  Required (Must Provide)

  • All locations to be included in scope (address and access information with pictures for confirmation we are in the right place) | Required 
    • Specific list of physical assets, areas, or individuals that are out of scope. Everything else on location will be considered in scope | Required
  • Indication of presence of armed security and a very clear set of instructions for testers to ensure their own safety if discovered on location | Essential
    • List of personnel that will be aware of the test while testers are onsite and the expected physical location of these individuals so that the testers can avoid interacting with them | Required
  • A document that can be shown to any security personnel to “break character” and resolve dangerous tensions in the event of discovery | Essential
    • The document should be written by the Head of Security similar office, contain the signature of the individual, and contact information to immediately establish contact with that individual | Required
  • Clear Rules of Engagement | Required 
    • List of methodologies that are out of scope for the engagement (Ex. No social engineering, do not cause disruptions to workflow using fire alarms or fake emergencies, no lock picking, etc.) | Required 
  • List of any especially dangerous areas that may require liability waivers for testing staff. | Required 
  • Indication of what would be considered primary targets for the engagements. | Required 

⭐  Optional but recommended

  • Clear indication of what level of access will be provided to testers on location (if any) | Optional but highly recommended to reduce testing time used for recon
  • In-depth and clear description of the nature of business and process performed at each location | Optional but highly recommended to reduce testing time used for recon
    • Description of what would be considered primary targets for the engagement | Optional but highly recommended to ensure efficiency and usefulness of results
  • Description of security measures the testers should be prepared for (Security cameras, sensors, electric fences, man traps, card scanners, etc.) | Optional but highly recommended to ensure efficiency and usefulness of results