To get a quality application assessment, you'll want to provide more than just the URL of your website. Sure that's all an attacker usually starts with, but an attacker can spend months working on a chosen target, or scan the whole internet looking for a specific vulnerability they know how to exploit. For an assessment, the more information provided to the tester, the more efficient they will be and the more value you'll receive from your investment.
Meristem typically conducts at least two meetings prior to the actual start of testing. The first meeting is to get an understanding of what your application does and how it does it so that the testing scope can be agreed to and a Statement of Work written. To facilitate that conversation, Meristem uses the questionnaire below. While most of the information can be gathered during the meeting, knowing what's going to be asked, or even providing the information ahead of time helps to keep the meeting short and productive.
Once the Statement of Work has been agreed to, Meristem will work with you to gather all of the information needed to actually execute the assessment. This includes network access to the testing environment, credentials to sign in, and contact points to be used at various points of the engagement. Again, this questionnaire can be completed outside of a meeting, or during the pre-assessment kickoff meeting. Knowing what information, and by extension what preparations, need to be made helps keep the project on schedule.
Questionnaire 2 - Assessment Preparation
Both questionnaires contain field helps and of course Meristem is available to answer any questions that may come up.