Engagement Boundaries
Inspections are performed only with written authorization and agreed scope. These boundaries protect your systems and keep the process predictable.
- Written authorization before testing
- No activity outside approved scope
- Only necessary evidence is collected and handled confidentially
Authorization and Scope Controls
- Written authorization is required before testing starts.
- A named contact who can approve scope is required.
- Testing windows are agreed and documented.
- Only agreed targets are inspected.
- No activity is performed outside approved boundaries.
- Testing depth is matched to the agreed objective.
Data Handling and Exclusions
- Findings are recorded only to support reporting and fix guidance.
- Collected evidence is handled confidentially.
- Retention is limited to engagement and reporting needs.
- No staged attack simulation outside agreed scope.
- No compliance certification claims.
- No scanning of unknown third-party systems.
Start a Scoped Discussion
To begin, share the target website or environment, a short application description, your preferred testing window, and the contact who can approve scope.
Include:
- Target website URL or environment
- Short application description
- Preferred testing window
- Authorized scope contact