Skip to main content

Instructions

The Instructions tab contains client-provided guidance, requirements, and resources for your project.

What Are Instructions?

Instructions are detailed guidance from clients about:
  • Technical requirements
  • Access credentials
  • Testing boundaries
  • Compliance requirements
  • Specific methodologies
  • Tools to use or avoid
  • Reporting preferences

Viewing Instructions

  1. Navigate to your project
  2. Click the “Instructions” tab
  3. Read all instructions before beginning work

Types of Instructions

Technical Requirements

## Testing Environment
- Target: staging.example.com
- IP Range: 10.0.0.0/24
- VPN Required: Yes (credentials below)
- Testing Window: 9 PM - 6 AM EST only

Scope Boundaries

## In Scope
- All subdomains of *.example.com
- API endpoints at api.example.com
- Mobile apps (iOS and Android)

## Out of Scope
- Production database (read-only access only)
- Third-party integrations
- DDoS testing
- Physical security

Credentials & Access

## Test Accounts
- Admin: testadmin@example.com / [Password in secure note]
- User: testuser@example.com / [Password in secure note]

## VPN Access
- Server: vpn.example.com
- Certificate: [Attached]
- Config: [Attached]

Reporting Requirements

## Report Format
- Use provided template (attached)
- Include CVSS scores
- Add remediation recommendations
- Executive summary required
- Screenshots for all findings

Following Instructions

Read Completely First

Read ALL instructions before starting work. Missing a critical requirement can cause problems later.

Clarify Uncertainties

If something is unclear:
  1. Ask in project chat
  2. Reference the specific instruction
  3. Wait for clarification before proceeding
  4. Document the clarification

Document Compliance

As you work:
  • Note which instructions you’ve followed
  • Flag any instructions you couldn’t follow
  • Explain deviations in your deliverables

Common Instruction Categories

Rules of Engagement

RuleWhat It Means
Testing WindowWhen you’re allowed to test
Rate LimitingMax requests per second
No Destructive TestingDon’t delete or modify data
Notify BeforeContact before certain tests
Emergency ContactWho to call if issues arise

Data Handling

  • What data you can export
  • How to handle PII
  • Encryption requirements
  • Deletion requirements post-project

Communication

  • Who to contact for questions
  • Response time expectations
  • Escalation procedures
  • Meeting schedules

When Instructions Conflict

If instructions conflict with:

Platform Policies

Platform policies take precedence. Flag the conflict to platform ops immediately.

Best Practices

Discuss with client. Explain your concerns and propose alternatives. Never violate laws. Escalate to platform ops if asked to do something illegal.

Updating Instructions

Clients may update instructions during the project:
  • You’ll be notified of changes
  • Review updates promptly
  • Ask questions if changes affect your approach
Significant instruction changes may warrant scope or timeline adjustments. Discuss with platform ops.

Security Considerations

Handling Credentials

Store credentials securely
Never share outside the project
Use provided VPN when required
Delete credentials after project ends

Testing Boundaries

Stay within defined scope. Testing outside boundaries without permission can have legal consequences.

Deliverables

What you need to deliver

Files

Managing project files

Project Chat

Asking clarifying questions