Before starting a penetration testing project, we hold a discovery call to understand your organisation, your systems, and what you want to achieve.
At OALO Security, we specialise in web application, API, mobile application, and AI/LLM penetration testing. The discovery call helps us understand which areas are most relevant to your environment, what risks you are looking to address, and how we can structure the engagement effectively.
This guide explains what to prepare before your discovery call so we can make the best use of the time together.
A discovery call gives us the opportunity to learn more about your application, platform, or system before preparing a proposal.
During the call, we will discuss your goals, the technologies involved, the intended scope of testing, and any important constraints. This helps us recommend the right approach, identify suitable deliverables, and provide a proposal that reflects your actual needs.
You do not need to have every detail ready in advance. However, preparing the information below will make the conversation more focused and productive.
Ahead of the discovery call, we will send over a Non-Disclosure Agreement for signing.
This allows us to discuss sensitive information openly during the call, including application functionality, infrastructure details, security concerns, architecture, data flows, and business objectives.
Having the NDA signed before the call helps avoid delays and allows us to have a more useful technical discussion from the outset.
Please include someone on the call who understands how the application or system works.
This could be a technical lead, developer, architect, infrastructure engineer, product owner, or another person familiar with the application’s design and operation.
They should ideally be able to talk through areas such as:
The person does not need to know every answer immediately, but having technical context available during the call helps us assess the scope more accurately.
We will ask what you want to achieve from the engagement.
For example, you may be looking to:
Understanding your goals helps us tailor the testing approach and focus on the areas that matter most to your organisation.
A short walkthrough or demonstration is extremely useful during the discovery call.
This helps us understand what the application does, how users interact with it, and where the most important functionality exists.
Where possible, please be ready to walk us through:
The demo does not need to be polished. A practical walkthrough of the main functionality is usually the most helpful.
We will need to understand the technologies your application or system uses.
Useful information may include:
This information helps us identify the most suitable testing methodology and understand which areas may require particular attention.
Please be prepared to explain the different types of users who can access the application and what each user type is allowed to do.
For example, your application may include:
Understanding roles and permissions is important because many security issues arise from users being able to access data or functionality they should not be able to reach.
This is particularly relevant for web applications, APIs, mobile backends, and AI-enabled systems where different users may have different levels of access or context.
During the call, we will discuss what should be included in the assessment.
It is helpful to think about which systems, applications, environments, or features you would like us to test.
For example, the scope may include:
It is also important to identify anything that should be excluded, such as:
Clear scope and boundaries help us carry out testing safely, avoid disruption, and provide a proposal that accurately reflects the work required.
Please let us know when you would ideally like testing to begin and whether there are any important deadlines.
For example, you may have a planned launch date, compliance deadline, client assurance requirement, or internal delivery milestone.
It is also useful to consider the availability of key staff during the project. We may need support from your team to provide access, answer questions, approve testing windows, or respond to any urgent findings.
A clear timeline helps us coordinate resources and plan the engagement effectively.
After the discovery call, we will review the information gathered and assess your requirements in more detail.
We will then prepare a proposal that outlines our recommended approach, scope, deliverables, and project structure. We will also provide a financial estimate aligned with the agreed scope and objectives.
We aim to provide the proposal and financials within 5 to 7 business days of the discovery call.
Once you have reviewed the proposal, we can discuss any questions or adjustments to make sure the final approach meets your expectations.
Preparing for your penetration testing discovery call helps us make the most of our time together and ensures we can provide clear, relevant recommendations.
Thank you for considering OALO Security. We look forward to learning more about your organisation and discussing how we can help protect your applications, APIs, mobile apps, and AI-powered systems.
