-No specific worries about security atm – they’re just looking for some confirma

1. -No specific worries about security atm – they’re just looking for some confirmation of security
2. -CTO Stanley Jobson – Not in the office currently, is on holiday. Will get in contact with us regarding some of the more technical questions.
3. -No risk of cross contamination with other companies; data not hosted on same servers as partners
4. -Social engineering – not interested in it at this time, looking for more just a technical pen test.
5. -No self hosted email (they use gmail, not sure whether accounts are company provided or personal)
6. -Not much off limits – only access within IP range, don’t change any info if you access databases
7. -Self hosted web server for auctions. Not sure about hosting regarding promo site
8. -Test the back end as well (databases, system info etc)
9. -Don’t know if front end/back end are on same network, ask CTO
10. -Servers on site, not sure where they are located
11. -Regular backups every working day, again on weekends
12. -Taking NDA with them to check over it (not final version)
13. -No specific reason for pen test; not aware of any vulnerabilities
14. -Stanley has server access as well as two owners
15. -Clear box testing (both in the middle regarding known info)
16. -Systems developed in house by CTO only
17. -Employee data is company owned so employees wouldve known when they signed contract
18. -Looking for all vulnerabilities available, make sure to test multiple entries to the same endpoint
19. -All operations within the UK + all networks within the UK