![[Pasted image 20250903131925.png]]
The entire pre-engagement process consists of three essential components:
-
Scoping questionnaire
-
Pre-engagement meeting
-
Kick-off meeting
Before any of these can be discussed in detail, a Non-Disclosure Agreement (NDA) must be signed by all parties. There are several types of NDAs:
| Type | Description |
|---|---|
Unilateral NDA |
This type of NDA obligates only one party to maintain confidentiality and allows the other party to share the information received with third parties. |
Bilateral NDA |
In this type, both parties are obligated to keep the resulting and acquired information confidential. This is the most common type of NDA that protects the work of penetration testers. |
Multilateral NDA |
Multilateral NDA is a commitment to confidentiality by more than two parties. If we conduct a penetration test for a cooperative network, all parties responsible and involved must sign this document. |
| Document | Timing for Creation |
|---|---|
1. Non-Disclosure Agreement (NDA) |
After Initial Contact |
2. Scoping Questionnaire |
Before the Pre-Engagement Meeting |
3. Scoping Document |
During the Pre-Engagement Meeting |
4. Penetration Testing Proposal (Contract/Scope of Work (SoW)) |
During the Pre-engagement Meeting |
5. Rules of Engagement (RoE) |
Before the Kick-Off Meeting |
6. Contractors Agreement (Physical Assessments) |
Before the Kick-Off Meeting |
7. Reports |
During and after the conducted Penetration Test |