Prerequisites for Conducting a Web Application Penetration Test:

Staging Environment:

• Please provide a staging environment for the penetration test.

• The staging environment should allow easy clearing of any test-generated data.

• If you are unable to provide a staging environment, we can work with your production environment, but we will need additional details about your web application.

Production Environment:

• If you don't have a staging environment, you can provide your production environment.

• Please share details about your web application to help us understand it better.

To ensure a smooth and successful penetration testing process, please consider the following:

• If you have any specific notes or warnings regarding the production or staging testing, please inform us.

• In some cases, firewalls may block our scanner requests, causing issues during manual testing.

• Please clarify the firewall settings to ensure smooth testing.

• If applicable, whitelist our Nord VPN USA IPs to avoid any access issues.

If your web application has different levels of user access, please provide the following user accounts:

User 1: admin User 2: standard_user User 3: moderator

| This will enable us to test for access control vulnerabilities and privilege escalation.

Rate Limit on Login Attempts:

• If there is a rate limit on login attempts, please let us know.

• If possible, remove the rate limit for the mentioned accounts to facilitate testing.

• Please ensure that all the above requirements are fulfilled before we can proceed with the penetration test. If you have any further questions or concerns, please feel free to create a support ticket.