For asset types that don’t fall under web, mobile, network, API, or cloud, here are the specific requirements for assessment:

Desktop Electron App

• Share the desktop application installer.

• Provide any login credentials, if applicable.

Chrome Extension

• Share the Chrome Web Store link or a CRX file.

• Provide login credentials and, if possible, the extension source code.

Cloudflare

• Dashboard Access: Read access to security settings and logs.

• WAF Configuration: Access to:

  • Managed Rules

  • Custom Rules

  • Rate Limiting

  • Bot Management

Kubernetes

• Provide kubectl access with read-only permissions.

• Allow review of:

  • RBAC configs, NetworkPolicies

  • Container and runtime configurations

  • Admission controllers and security policies

  • etcd encryption settings

Slack Bot

• Share installation and setup instructions.

Desktops / Laptops / Workstations

• Provide remote access to a representative system:

  • Windows: RDP, AnyDesk, TeamViewer

  • Linux: SSH

  • macOS: AnyDesk, TeamViewer

If systems are configured identically, access to a single machine is sufficient.

Please ensure access is read-only where possible and that the setup allows us to safely perform our assessment without interfering with your production operations.