Scope Definition Document
This document defines the systems, environments, and assets that will be included in a penetration test
conducted by ECHO Pentest. Clear scope prevents disruption and ensures all testing is authorized.
1. In-Scope Assets
Depending on the engagement, this may include:
- IP ranges, domains, or subnets
- Web applications and APIs
- Cloud environments (AWS, Azure, GCP)
- Internal servers, workstations, and network segments
2. Out-of-Scope Assets
Assets not included in the defined scope will not be tested under any circumstances unless approved in writing.
- Unrelated third-party systems
- Systems without client authorization
- Critical production systems marked “no impact allowed”
3. Engagement Methods
Testing techniques may include:
- External pentesting
- Internal network testing
- Web application and API assessments
- Cloud configuration reviews
- Social engineering, if authorized
4. Restrictions & Safety Rules
- No Denial-of-Service attacks unless explicitly allowed
- No destructive payloads or malware
- No user-facing interruptions without approval
5. Contact & Escalation
If any critical issue or risk is discovered, the client will be notified immediately.
For scope questions, contact:
contact@echopentest.com