Introduction

Before Astra's security engineers can begin a web application penetration test, you need to provide the right environment and credentials. This ensures complete coverage and avoids delays mid-engagement.

Prerequisites

• Access to either a staging or production environment

• Ability to create test user accounts across different roles

• Admin access to configure firewall or rate-limiting settings if needed

Steps

1. Choose your test environment

Provide a staging environment wherever possible. It should allow easy clearing of test-generated data. If a staging environment isn't available, a production environment works — share additional details about your application so engineers can proceed carefully.

2. Share environment details

Include any specific notes about the environment — known restrictions, sensitive endpoints to avoid, or third-party integrations that could be affected.

3. Configure firewall settings

If a firewall is in place, ensure it doesn't block scanner requests during manual testing. Whitelist Astra's scanner IPs if needed.

4. Create test user accounts

Provide credentials for at least three user roles so engineers can test access control and privilege escalation:

• admin

• standard_user

• moderator

5. Handle rate limits on login

If your application enforces rate limits on login attempts, let the team know. Where possible, temporarily remove rate limits for the test accounts to avoid blocking the pentest workflow.

Expected Outcome

Once all of the above is in place, Astra's security engineers can begin the penetration test without interruptions or gaps in coverage.

Troubleshooting

Scanner requests are being blocked — Check firewall rules and confirm Astra's IPs are whitelisted.

Login attempts are failing mid-test — Verify that rate limits have been lifted for the test accounts provided.

Unsure what environment details to share — Raise a support ticket at help@getastra.com and the team will guide you.