Pre-requisites for Other Asset Types

Last updated: May 29, 2025

For asset types that don’t fall under web, mobile, network, API, or cloud, here are the specific requirements for assessment:

Desktop Electron App

  • Share the desktop application installer.

  • Provide any login credentials, if applicable.

Chrome Extension

  • Share the Chrome Web Store link or a CRX file.

  • Provide login credentials and, if possible, the extension source code.

Cloudflare

  • Dashboard Access: Read access to security settings and logs.

  • WAF Configuration: Access to:

    • Managed Rules

    • Custom Rules

    • Rate Limiting

    • Bot Management

Kubernetes

  • Provide kubectl access with read-only permissions.

  • Allow review of:

    • RBAC configs, NetworkPolicies

    • Container and runtime configurations

    • Admission controllers and security policies

    • etcd encryption settings

Slack Bot

  • Share installation and setup instructions.

Desktops / Laptops / Workstations

  • Provide remote access to a representative system:

    • Windows: RDP, AnyDesk, TeamViewer

    • Linux: SSH

    • macOS: AnyDesk, TeamViewer

If systems are configured identically, access to a single machine is sufficient.

Please ensure access is read-only where possible and that the setup allows us to safely perform our assessment without interfering with your production operations.