🔍Scope of Work
The scoping process is essential for accurately allocating resources, setting realistic timelines, and defining clear deliverables for security reviews and fuzzing campaigns.
Initial Scoping
In this phase, we collaborate closely with the client to define the scope, gather technical insights, and establish expectations for the engagement. This includes:
Reviewing the relevant resources provided by the client, such as the codebase for security reviews and fuzzing campaigns, to ensure the client is fully prepared for the engagement.
Identifying key focus areas within the project, including specific components, modules, or functionalities that require special attention.
Estimating the necessary resources, timelines, and deliverables, based on the complexity and scope of the engagement.
This step is crucial to aligning both parties on expectations and ensuring that the engagement is fully tailored to meet the client’s goals.
Information Gathering
Once the initial scoping is complete, we conduct a comprehensive review of all gathered information to ensure our team is fully equipped with the insights needed to deliver high quality results.
Security Review & Fuzzing Campaign
For security reviews and fuzzing campaigns, we require:
Clear Documentation: Well-documented code with detailed annotations to explain the logic, intended functionality, and any assumptions within the codebase.
Diagrams & Visuals: System architecture diagrams, user flows, state machines, and component diagrams to provide a visual understanding of the system’s structure and behavior.
Test Coverage: A robust testing suite covering the vast majority of the codebase to facilitate the validation of findings. Ideally, clients should aim for 100% test coverage.
Last updated