
Government Pentest Case Study...
Start to Finish
We want to be extremely transparent to our clients and potential clients. We want you to know everything that you need to know so that you can have clear expectations before you engage with Emagined. Here's an example of exactly what you can expect (yes, even the pricing).
Scope. Plan. Schedule. Deliver.

Case Study:
Client Background Info
This client has 1,000 employees, structured and unstructured data, servers, workstations, network devices, mobile systems, firewalls, virtual private networks, and other systems prevalent in an enterprise environment. The client has some internal development of web-facing functions with reliance on third-party vendors for some functions. Additionally, they have confidential data that includes PII, HIPAA, criminal justice, and payment card information. The following case study provides:
-
An overview of the Emagined Engagement workflow
-
The Penetration Testing Scope (Internal & External)
-
An estimated number of hours required to complete all deliverables for this sample client.
-
Sample work and corresponding deliverables
1. Scope
-
Meet
-
Requirements
-
Statement of work (with pricing)
-
Contracts
Objective
Our objective at the start of all engagements is to understand the client's requirements so that a statement of work (SOW) can be provided. We find that being able to provide a clear and concise SOW with all pricing aspects early in the engagement allows the client to make informed decisions during their vendor selection process. We typically deliver an SOW within two days of requirements gathering.
Timeline
-
Meetings ( 1 day )
-
Requirements gathering ( Same day )
-
SOW delivery ( 2 days )
-
SOW Review / Negotiation ( depends on client )
-
Contract Signatures ( 1 day )
Deliverable
-
Internal & External Pentest Scope (see sample of below)
-
Statement of Work
-
Signed Contracts
SAMPLE: Internal & External Penetration Testing Scope
After meeting with the potential client and discussing their environment and their needs, the following scope was outlined and used to create a Statement of Work.
-
Internal Penetration Testing
Internal testing is performed on assets and networks owned by the sample client. Internal systems are used to conduct business internal to the organization.
Internal Application Testing:
-
Internal Application
-
Web application
-
Test environment
-
Hosted locally
-
Authenticated and unauthenticated
-
-
Internal Application
-
Thick Client
-
Test environment
-
Hosted locally
-
Authenticated and unauthenticated
-
Contains PII Data
-
-
Industrial Control System -Regulating water for a community of 20,000 users
-
The SCADA environment consists of a water treatment plant
-
3 Human Machine Interfaces (HMI); one at each of public works, the treatment plant and maintenance facility.
-
There are 15 remote sites with 2 Programmable logic controllers per site connecting back to public works over the internet using site-to-site VPN’s.
-
-
Configuration and design review of a Firewall
-
Configuration review of the rules on one firewall
-
Design review of: 3 subnets, Business network, Guest network
-
-
Internal Network Penetration Testing: the scope is limited to 500 internal IPs and includes a sample from the following:
-
1,000 Workstations
-
75 Servers Windows and Linux (Virtual and Physical)
-
10 Servers Windows and Linux (Cloud Hosted)
-
50 Multifunction Printers
-
VLANs: management(IT), end user(business), VOIP, SCADA
-
2 AD Domains
-
2. External Penetration testing
External testing is performed on applications and services owned by the client. External applications are those that are accessible by the public or select clientele by way of the Internet.
-
External Website Testing: clients public website (e.g. clientname.com)
-
Production environment
-
Hosted locally
-
Unauthenticated
-
-
External Application 1
-
Mobile application (iOS and Android)
-
Production environment
-
Hosted by vendor
-
Authenticated only
-
-
External Application 2
-
Web Application
-
Test environment
-
Hosted in the cloud
-
Authenticated and unauthenticated
-
2. Work Plan
-
Resource Allocation
-
Client Success Plan
Emagined Security will initially assign a Senior Project Manager. This Senior Project Manager will then assign a lead Penetration Tester to assist with the coordination of the technical details of this engagement. The Senior Project Manager will work with the client to define the appropriate tasks to be included within the scope of the engagement. This scoping will determine appropriate applications, networks, systems, and services that should be in scope. Meetings will be scheduled with the client to determine the security risk and value of the applications, systems, and networks to ensure the engagement can be kept in the appropriate budget allotted.
The Workplan will include specifics on the escalation of identified vulnerabilities, and how communications channels are defined and will provide comprehensive details of each application being tested.
SAMPLE: Workplan
3. Project Schedule
-
Resource Allocation
-
Client Success Plan
Emagined Security will initially assign a Senior Project Manager. This Senior Project Manager will then assign a lead Penetration Tester to assist with the coordination of the technical details of this engagement. The Senior Project Manager will work with the client to define the appropriate tasks to be included within the scope of the engagement. This scoping will determine appropriate applications, networks, systems, and services that should be in scope. Meetings will be scheduled with the client to determine the security risk and value of the applications, systems, and networks to ensure the engagement can be kept in the appropriate budget allotted.
The Workplan will include specifics on the escalation of identified vulnerabilities, and how communications channels are defined and will provide comprehensive details of each application being tested.
SAMPLE: Project Schedule
4. Deliverables
-
Clarity Portal
-
Reports
-
Debrief
-
Remediation
Emagined Security will initially assign a Senior Project Manager. This Senior Project Manager will then assign a lead Penetration Tester to assist with the coordination of the technical details of this engagement. The Senior Project Manager will work with the client to define the appropriate tasks to be included within the scope of the engagement. This scoping will determine appropriate applications, networks, systems, and services that should be in scope. Meetings will be scheduled with the client to determine the security risk and value of the applications, systems, and networks to ensure the engagement can be kept in the appropriate budget allotted.
The Workplan will include specifics on the escalation of identified vulnerabilities, and how communications channels are defined and will provide comprehensive details of each application being tested.
SAMPLE: Deliverables
Conclusion
Emagined Security will initially assign a Senior Project Manager. This Senior Project Manager will then assign a lead Penetration Tester to assist with the coordination of the technical details of this engagement. The Senior Project Manager will work with the client to define the appropriate tasks to be included within the scope of the engagement. This scoping will determine appropriate applications, networks, systems, and services that should be in scope. Meetings will be scheduled with the client to determine the security risk and value of the applications, systems, and networks to ensure the engagement can be kept in the appropriate budget allotted.
The Workplan will include specifics on the escalation of identified vulnerabilities, and how communications channels are defined and will provide comprehensive details of each application being tested.

“Have customers review you and share what they had to say. Click to edit and add their testimonial.”
State Govt Agency Director