# Scope of Assessment ## What is Scope Scope defines the exact parts of your application or infrastructure that a pentest is allowed to test. Defining your scope clearly is one of the most important steps before running a pentest. * **Safety**: prevents testing systems that are not prepared for scanning * **Accuracy**: keeps agents focused on the right domains, APIs, or apps * **Compliance**: provides proof of what was tested and what was excluded * **Consistency**: allows retests to follow the same boundaries every time {% hint style="danger" %} Pentests perform potentially destructive security actions and should only be run on non-production environments that do not contain real customer data. {% endhint %} Only the targets listed in the scope are scanned. Anything not included is ignored and will not be tested. ## What to include in the Scope A scope can contain one or more of the following: * Primary domain such as app.example.com * Subdomains or environments like staging.example.com or api.example.com * Connected systems that belong to the same application Each target must be owned or controlled by your organization. ### Domain ownership verification Before a domain can be tested, ownership must be verified. This step ensures that Aikido only tests systems you control. Verification must be completed for every domain included in the scope. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.aikido.dev/pentests/configure-a-pentest/scope-of-assessment.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.