Help Center
Go back to application
Help Center
Go back to application
Platform Fundamentals
Getting Started
Account Management
User Management
Asset Management
Asset Basics
Assets Operations
Asset Customization
Vulnerability Management
Vulnerability Basics
Vulnerability Operations
Vulnerability Organization
Integrations & Connectors
Credential Management
Connector Setup
Synchronization
Scanning and Assesssment
Scanning Operations
Security Analysis
Workflow Configuration
Engagemet Management
Enagagement Basic
Engagement ScopeCreating EngagementsPrerequisites for AssessmentsEngagement Summary
Enagagement Operations
Pentesting as a Service
PTaaS Basics
Vulnerability Submission
Task Management
Task Basics
Task Automation
Reporting and Documentation
Reports
Documentation

Engagement Scope

Content before revamp

Scope is the number of assets for which you want to avail one or more of the services provided on the PTaaS platform while creating engagements. 

If you need to get 10 web applications and 500 IPs Pentested, then while creating an engagement, you will have to select Web Application Penetration Test and Network VAPT services and select all of the assets that you want to get pentested. This will become the defined scope on which our team of Professional Pentesters will be carrying out their Pentests. More about how to create engagements

Content after revamp

The Engagement Scope defines the exact set of assets and services you wish to include in a security assessment when initiating a new engagement through the Strobes PTaaS (Pentesting-as-a-Service) platform.

Think of the scope as your “order summary.” it details what needs to be tested, how it needs to be tested, and which assets are involved. Clearly defining your scope ensures accurate planning, resource allocation, and efficient delivery of the assessment.

What Does the Scope Include?

Your scope includes:

  • Type of assessment(s) you want to run (e.g., Web App Pentest, API Security Test, Network VAPT)
  • Number and type of assets you want assessed (e.g., domains, IPs, cloud environments)
  • Specific assets selected from your asset inventory in Strobes

How to Define the Scope (Step-by-Step)

Let’s say you want to get 10 web applications and 500 IP addresses tested. Here’s how to define the scope during engagement creation:

  1. Log in to your Strobes PTaaS dashboard.
  2. Go to "Engagements" in the left navigation panel and click “Create New Engagement”.
  3. In the Engagement Details section:
    • Provide a name and description for your engagement.
    • Select the appropriate services:
      •  Web Application Penetration Test
      •  Network Vulnerability Assessment & Penetration Testing (VAPT)
  4. Proceed to the Scope Definition section:
    • From your organization’s asset inventory, select the assets that need to be tested.
      • For Web App PT: Select the 10 web applications
      • For Network VAPT: Select the 500 IPs
  5. Review and confirm the selected assets and services — this forms your final engagement scope.
  6. Click “Submit” to send the engagement to the Strobes pentesting team.

Why Scope Matters

  •  Precision – Ensures only approved and verified assets are tested
  •  Transparency – Clarifies what will and will not be covered in the engagement
  •  Efficiency – Helps our pentesters prepare tools, time estimates, and deliverables
  •  Reporting Accuracy – Aligns your final report exactly with your defined scope

Best Practices

  • Always review your asset inventory before initiating an engagement.
  • Avoid scope creep — only include assets you are authorized to test.
  • If unsure, start with a smaller scope and scale up with additional engagements later.
  • For complex environments (e.g., hybrid cloud, segmented networks), consider breaking them into multiple engagements.

Was this article helpful?

Powered by Product Fruits