Pentest Scoping Worksheet
Scope correctly before engaging vendors. Finalize your audit targets, complexity, and compliance goals to ensure a successful audit execution.
Asset Type
Asset Details
Complexity
Contact Info
Scoping Summary
What are we testing?
Select the primary asset for this scoping worksheet.
Why scope before execution?
- Accurate Quotes: Vendors can't give fixed pricing without clear scope.
- Audit Readiness: SOC 2 auditors require a documented "System Description" and scope.
- Eliminate Bloat: Focus your budget on high-risk assets, not low-value subdomains.
What's included?
Your final summary includes target types, estimated dynamic pages/endpoints, auth complexity analysis, and compliance alignment.
"Defining scope early saved us 30% on our annual pentest by excluding legacy dev environments that didn't contain customer data."