CatScan
Test Scenerios
parallax image
catscan-test-scenerio-1

Define Your Test Scenario



We provide straightforward, effort-based pricing.

Just answer a few quick questions, and we’ll send you a clear, customized quote—simple and hassle-free.


The Reality of Today’s Cybersecurity Challenges

  • 84% of organizations suffered a cyberattack in the last 12 months.
  • 98%use vulnerability scanners, but only 34% find them effective.
  • 53% of practitioners admit to delaying patches.
  • Only 26% conduct pentests more than once a year.
Schedule a Consultation

OPTION 1 - 🔐 External Network Penetration Testing



Public IP Address Ranges

  • Please provide all public IP address ranges assigned to your organization by your Internet Service Provider (ISP), preferably in CIDR notation (e.g., 192.0.2.0/24).
  • If available, include any documentation or IP allocation reports from your ISP.
  • Are there any IP ranges that should be excluded from testing?

Live Hosts

  • Approximately how many active/live devices are expected within the provided IP ranges?
  • Are there specific systems or services that are critical and should be handled with extra care?

Testing Schedule

  • Are there any specific dates or time windows when testing should be avoided to prevent disruption to business operations?
  • Do you prefer testing to occur during business hours, after hours, or over a weekend?

Reporting Requirements

  • Besides the standard executive summary and technical findings, are there any specific reporting formats, compliance mappings (e.g., NIST, ISO, HIPAA), or additional details you require?

Timeline

  • Is there a target completion date for the penetration test and delivery of the final report?
  • Are there any upcoming audits, board meetings, or regulatory deadlines we should be aware of?

Existing Security Controls

  • Do you currently have any perimeter security solutions in place (e.g., firewalls, intrusion detection/prevention systems, DDoS protection)?
  • If so, please specify the technologies or vendors used.

OPTION 2 - 🖥️ Internal Network Penetration Testing



Network Size & Composition

  • Approximately how many endpoints are on your internal network (e.g., workstations, servers, printers, IoT devices)?
  • Are there multiple network segments or VLANs? If so, how many, and can the appliance be placed to access all segments?

Organization Size

  • How many employees currently work at your organization?

Testing Logistics

  • Are there specific dates or timeframes when testing should be avoided to minimize disruption to operations?
  • Is remote testing via shipped appliance acceptable, or would you prefer on-site deployment?
  • Will your team be available to assist with appliance setup and network access?

Reporting Requirements

  • Beyond the standard executive summary and technical findings, are there any specific reporting needs (e.g., compliance mappings, board-level summaries, remediation guidance)?

Timeline

  • Is there a target completion date for the assessment and delivery of the final report?
  • Are there any upcoming audits, compliance deadlines, or internal milestones we should be aware of?

Security Policies & Controls

  • Are there any internal security policies, procedures, or change control processes we should follow during testing?
  • What security technologies are currently in place on the internal network (e.g., endpoint protection, network segmentation, IDS/IPS, NAC)?
Schedule Now
Free Books & Guides

OPTION 3 - 🌐 Custom Web Application Testing



Application Overview

  • What is the name and public URL of the web application you'd like us to test?
  • Please provide a brief description of the application's purpose and its primary users (e.g., customers, internal staff, partners).

Functionality & User Interaction

  • Approximately how many interactive pages or components (e.g., forms, buttons, input fields) are present in the application?
  • Are there multiple user roles (e.g., standard users, administrators, vendors)? If so, please describe their access levels and functionality.

Integrations & Dependencies

  • Does the application connect to external services or APIs? If yes, can you provide documentation or an overview of these integrations?
  • Are there any third-party components or libraries used within the application that we should be aware of?

Testing Logistics

  • Are there specific dates or time windows when testing should be avoided to prevent disruption?
  • Is the application currently in production, staging, or development?
  • Are there any limitations or restrictions on testing (e.g., rate limits, data sensitivity, user impact)?

Access & Support

  • Can you provide test credentials for each user role?
  • Is access to source code, application logs, or architecture documentation available to support deeper analysis? (Optional but highly beneficial)

Reporting Requirements

  • Do you have any specific requirements for the final report (e.g., executive summary, technical findings, remediation guidance, compliance mapping)?
  • Would you like the assessment aligned with specific standards such as OWASP ASVS, OWASP Top 10, or others?

Timeline

  • Is there a target date for completing the assessment and delivering the final report?
  • Are there any upcoming audits, product launches, or compliance deadlines we should consider?

OPTION 4 - Commerical Application Microsoft 365 Entra Azure



Tenant Overview

  • How many Microsoft 365 tenants (accounts/domains) are currently in use across your organization?
  • Are there any plans to consolidate, migrate, or expand your tenant footprint in the near future?

Licensing & User Base

  • What types of Microsoft 365 licenses are currently in use (e.g., E3, E5, Business Premium)?
  • Approximately how many active users are licensed within each tenant?

Azure & Cloud Infrastructure

  • Are you utilizing any Azure services beyond Microsoft 365 (e.g., Azure Active Directory, virtual machines, storage, networking)?
  • Are there any hybrid configurations (e.g., on-premises AD sync, Exchange Hybrid)?

Integrations & Applications

  • Are there third-party integrations, custom applications, or automation tools connected to your Microsoft 365 environment?
  • If applicable, can you provide documentation or an overview of these integrations?

Security & Compliance

  • Are there specific compliance frameworks or regulatory requirements your organization must adhere to (e.g., HIPAA, GDPR, CMMC, ISO 27001)?
  • Are there any internal security policies or controls we should be aware of during testing?

Access & Permissions

  • Will our team, as a Microsoft Certified Partner (MCP), be granted GDAP (Granular Delegated Admin Privileges) or equivalent administrative access to the tenant for assessment purposes?
  • Are there any restrictions or limitations on the scope of access?

Testing Schedule

  • Is there a preferred timeline or deadline for completing the assessment and delivering the final report?
  • Are there specific dates or timeframes when testing should be avoided to prevent disruption?

Reporting Requirements

  • Do you have specific expectations for the final report (e.g., executive summary, technical findings, prioritized remediation guidance)?
  • Would you like the assessment aligned with specific standards such as CIS Benchmarks, NIST 800-53, or Microsoft Secure Score?
Book Your Consultation

OPTION 5 - 📧 Social Engineering (Fake Phishing Tests)



Target Audience

  • Approximately how many employees will be included in the phishing simulation?
  • Would you like to target specific departments or user groups differently (e.g., IT, HR, Finance)?

Testing Methods

  • In addition to email-based phishing, would you like us to conduct phone-based social engineering (e.g., simulated vishing calls)?
  • Are there any specific scenarios or tactics you'd like us to include (e.g., credential harvesting, fake invoice scams)?

Target List

  • Will you provide a list of users to include in the test, or would you prefer we work with your team to identify appropriate targets?

High-Risk Roles

  • Are there particular roles or individuals you'd like us to focus on due to elevated access or risk (e.g., executives, finance, HR, IT administrators)?

Testing Schedule

  • Are there any dates or timeframes we should avoid conducting the simulation to minimize disruption or conflict with business operations?

Reporting Requirements

  • Do you have specific expectations for the final report (e.g., executive summary, detailed findings, training recommendations)?
  • Would you like the results mapped to specific frameworks or standards (e.g., NIST, CIS, or industry-specific compliance)?

OPTION 6 - 📱 Mobile App Testing



Application Overview

  • What is the name and platform (iOS, Android, or both) of the mobile application you'd like us to test?
  • What is the primary purpose of the app, and who are its intended users?

User Roles & Access

  • How many distinct user roles exist within the app (e.g., standard users, administrators, partners)?
  • Are there any role-specific features or permissions we should be aware of?

Functionality & Interaction

  • Approximately how many screens or features involve user interaction (e.g., forms, buttons, file uploads)?
  • Are there any sensitive workflows (e.g., financial transactions, personal data entry) that should be prioritized during testing?

Integrations & Connectivity

  • Does the app connect to any external systems, APIs, or cloud services? If so, can you provide documentation or an overview of these integrations?
  • Are there any third-party SDKs or libraries used within the app?

Security Control

  • Does the app implement security features such as certificate pinning, root/jailbreak detection, or obfuscation?
  • Are there any mechanisms in place that restrict external tools or dynamic analysis?

Testing Access

  • Can you provide a test build of the app (e.g., APK for Android, IPA for iOS) that can be installed outside of the official app stores?
  • Will test credentials be provided for each user role?

Testing Schedule

  • Are there specific dates or timeframes when testing should be avoided to prevent disruption?
  • Is the app currently in production, staging, or development?

Reporting Requirements

  • Do you have specific expectations for the final report (e.g., executive summary, technical findings, remediation guidance)?
  • Would you like the assessment aligned with specific standards such as OWASP Mobile Top 10 or OWASP MASVS?

RTimeline

  • Is there a target completion date for the assessment and delivery of the final report?
  • WAre there any upcoming releases, audits, or compliance deadlines we should be aware of?
Consultation

OPTION 7 - 📶 Wireless Network Testing



Location Details

  • Please list all physical locations to be tested, including:
    • Full address(es)
    • Type of facility (e.g., office, warehouse, retail, healthcare)
    • Approximate square footage and number of floors per location

User & Network Information

  • How many employees or users are typically present at each location?
  • How many Wi-Fi networks (SSIDs) are currently in use?
  • Are guest networks or hidden SSIDs part of the scope?

Testing Schedule

  • Are there specific dates or times when testing should be avoided to prevent disruption?
  • Is after-hours or weekend testing preferred?

Security & Access

  • Are there any internal security policies, procedures, or access restrictions we should be aware of during testing?
  • Will our engineer be escorted or require special access to certain areas?

Reporting & Deliverables

  • Do you have specific requirements for the final report (e.g., executive summary, technical findings, remediation guidance)?
  • Is there a deadline for completing the assessment and delivering the report?
Request for Quote
Free Books & Tools

OPTION 8 - 💻🛠️ Device Testing



Device Overview

  • What is the name and purpose of the device?
  • Who uses it, and in what environment (e.g., hospital, field, branch office)?

Connectivity & Interfaces

  • Does the device connect to the internet, internal networks, or external systems (e.g., APIs, cloud services)?
  • What types of physical ports does it have (e.g., USB, Ethernet)? Are any ports disabled or protected?
  • Does it use wireless technologies like Wi-Fi, Bluetooth, or cellular? If so, how are these secured?

User Access & Roles

  • AAre there different types of users (e.g., standard, admin, technician)? If so, please describe their access levels.
  • What controls are in place to prevent unauthorized access or tampering?

Software & Firmware

  • Can we access the software or firmware for testing? Are there known issues or updates planned?
  • Is the device protected against reverse engineering or external inspection tools (e.g., certificate pinning, encryption)?

Data Protection

  • What kind of data does the device collect or process?
  • How is data protected from unauthorized access, tampering, or theft (e.g., encryption, secure boot, access controls)?
  • Is there a recovery process if the device is compromised or fails?

Compliance & Standards

  • Does the device need to meet specific industry standards or regulations (e.g., HIPAA, FDA, NIST, MIL-STD, PCI)? If so, can you provide documentation?

Testing Logistics

  • Are there specific dates or times when testing should be avoided?
  • Will you provide test units, or do we need to conduct testing on-site?
  • Are there any internal security policies or procedures we should follow during testing?

Reporting Requirements

  • Do you have specific needs for the final report (e.g., executive summary, technical findings, compliance mapping)?
  • Is there a deadline for completing the assessment and delivering the report?