> attack_surface_definition
Program Scope
Only assets explicitly listed below are authorized for testing. Any asset not listed is considered out of scope.
> in_scope_assets
core_domains
- • esc-software.com
- • *.esc-software.com
- • news.esc-software.com
saas_products
- • honnepay.com
applications
- • Web dashboards
- • Customer portals
- • Public APIs
- • Mobile applications (production builds)
> client_authorized_assets
RLA CONNECT
- • rlaconnect.com.br
Testing permitted only under active client authorization.
> out_of_scope
- • Development / staging environments
- • Third-party integrations
- • Email infrastructure
- • Denial of Service (DoS/DDoS)
- • Social engineering
- • Physical attacks
- • Automated scanners without validation
> conditional_notes
Subdomain enumeration is permitted under *.esc-software.com.
SaaS products operated by ESC (e.g. honnepay.com) are fully in scope unless otherwise stated.
Assets not explicitly listed above are considered unauthorized targets.