Pentest Configurator

The price shown in our configurator is always a maximum price. You’ll never pay more than that, but you may end up paying less.

For example, if we complete the work earlier than planned, we will only bill you for the actual time spent. To ensure full cost transparency, our penetration testers document every step of the process in 15-minute increments. In the final invoice, you will see exactly which tasks were performed, along with the time spent and associated costs.

In short: The quoted price is your maximum cost. Exceeding this amount is contractually prohibited.

Automated vulnerability scans are oftentimes wrongfully sold as full-featured penetration tests. Behind the scenes, just a few automated tools are used and the results are sold for a high price.

At Pentest Factory, we naturally also use automated vulnerability scanners and tools to identify simple vulnerabilities and misconfigurations quickly. These vulnerabilities are often considered “low hanging fruits” and do not require manual analysis. All scanning results are evaluted by our testers and verfied against false positives.

Afterwards we conduct a manual security assessment, which accounts for about 70% of the penetration test. By using manual testing, we are able to identify vulnerabilities that automated tools miss. Laut einer Studie , a combination of manual and automated testing methods is most effective and capable of identifying nearly all high-risk vulnerabilities in a web application.

After you have created an offer with our configurator, our experts will contact you promptly. We will then share and coordinate our next available dates with you. We gladly schedule your desired date nonbinding in advance.

Please note that the organizational contract process including signing often takes the most time. Furthermore, this step depends on your time-wise availability. Depending on the parameters of a penetration test, you may require additional time for the creation of test accounts or the application of firewall exceptions. Penetration tests can usually begin within two weeks.

Our reports are generally delivered within 1-2 weeks after the penetration test has ended. Should you require an earlier transmission of test results, please address this topic in our common kick off meeting. For time-critical projects we gladly share our results earlier, if possible.

More information, as well as a sample report can be found here.

Most penetration tests can be conducted both remotely and on-site at your company’s location. If the target system is only accessible from your internal network, there are still several ways to conduct the penetration test remotely, without incurring travel expenses:

• Providing a VPN connection to your company’s internal network
• Provisioning a jump host to access the test object (RDP, Citrix, etc.)
• We will provide one of our in-house NUC mini-computers, which will be shipped to you by mail. Once set up on your network, the NUC connects back to the Pentest Factory control center via a WireGuard VPN. This allows our penetration testers to access your internal corporate network and the target system under test. You will receive setup instructions, and we will cover the shipping costs.

All sensitive documents or credentials are provided via our encrypted file exchange platform. The end-to-end encryption takes place on the transport layer (TLS), as well as the file layer (AES-256). We host our own platform independently on German servers. The document retrieval is accountable and automatically deactivated after 30 days with a subsequent full data erasure.

Via this exchange platform you will receive an e-mail with a secure link for the retrieval of our final report (PDF). Furthermore, you will receive optional log data or proof-of-concept exploits in a ZIP folder.

We offer our penetration testing services and final reports in both German and English. Our employees are fluent in the language. The reporting language will be verified again during the joint kick-off meeting.

Pentest Factory GmbH is not a certification body. This is why we do not issue security certificates after our pentests are finished. Furthermore, penetration tests serve only as a momentary snapshot of the security of a test target. We thus refrain from making a general statement about the security of a test target.

Nevertheless, penetration tests are recommended for your company’s ISO 27001 certification.

Identified vulnerabilities undergo a strict risk rating process. Our experts discuss the likelihood and impact of a vulnerability extensively. The retrospective adaptation of a risk rating is thus not common and merely possible on a case-by-case basis.

As an external contractor, we only act consultative. Should you disagree with a risk rating, you can task your internal risk management team with a re-rating. This includes the acceptance of certain risks.

Upon request, we would be happy to provide you with a separate client report in addition to a detailed final report. We then remove all sensitive information such as IP addresses, user names or details of our exploitation process. Your clients will only receive an overview of the general and relevant overall results of the penetration test—similar to a management summary.

Pentest Factory is specialised on offensive security assessments. Attacks that limit the availability of IT systems (such as Denial of Service attacks) are not part of our services.

However, we would be happy to advise you on this matter and can recommend qualified partners.

In some federate states grants will be given for IT security services, such as penetration tests. We gladly advise when applying for grants. Please talk to one of our consultants.

You receive a detailed final report with all identified vulnerabilities including extensive remediation recommendations. Of course, we’ll continue to support you even after a penetration test, for example, by helping you address the vulnerabilities or conducting a retest to verify the effectiveness of your measures. Our affiliate, the tacticx Consulting GmbH, can also provide you with extensive assistance in the field of IT security or data protection.

If your test subjects involve sensitive applications or personal data that require an additional NDA or ADV agreement, we would be happy to review them. There are generally no obstacles to signing such agreements. Nevertheless, our pentesting contract already contains a general clause regarding the obligation of secrecy for our employees. Our colleagues in the Data Protection and Information Security department will be happy to advise you on whether additional agreements are necessary.

For all penetration tests, we will notify you when the tests begin and end. Furthermore, we will immediately inform you of any high-severity or critical vulnerabilities that are discovered during the penetration test. In such cases, you will receive a preliminary memo report detailing the vulnerability.

All sensitive documents or credentials are provided via our encrypted file exchange platform. The end-to-end encryption is done on the transport layer (TLS), as well as the file layer (AES-256). We host our own platform independently on German servers. Document access is traceable and is automatically disabled after a maximum of 90 days through complete data deletion.

As part of our penetration testing services, we use AI and LLM technologies in a targeted and controlled manner to support analysis processes and increase the efficiency of certain testing procedures.

For traditional penetration tests, LLMs are used exclusively in accordance with internal security policies. Data ownership remains with the customer at all times. Sensitive information, confidential content, or personal data is not transferred to external third parties. If AI-powered processing is required, it is performed either in an anonymized manner or using locally operated models within controlled environments.

When generating reports, AI systems are used solely for linguistic optimization, structuring, and improving clarity. The technical assessment, description of vulnerabilities, risk assessment, and derivation of mitigation measures are performed exclusively by experienced security experts and are not generated automatically by AI.

In the field of AI/LLM penetration testing, external models such as ChatGPT or models from Anthropic are specifically used to automatically and reproducibly execute large volumes of prompt injection, jailbreak, and manipulation payloads. This allows language models to be systematically tested for security risks, filter bypasses, data leaks, and undesirable model behavior.

Gerne definieren wir den Umgang mit KI- und LLM-Technologien im Rahmen eines Non-Disclosure Agreements (NDA), um Transparenz, Datenhoheit und den vertraulichen Umgang mit Informationen vertraglich festzuhalten.