Approach
Commission a penetration test — how the process works
With our standardized processes, you can easily and hassle-free arrange and carry out the penetration test of your choice.
1. Offer
You receive a customized offer using our configurator or contacting us independently.
2. Verification
Your configurator selection is checked by our experts in a meeting together with you. Here we also answer further inquries and get to know each other.
3. Comissioning
Für die Beauftragung eines Pentests erhalten Sie von uns ein Angebot, sowie einen Vertrag und einen Leistungsabruf zur Unterzeichnung.
4. Kick-Off
In a common kick off meeting we coordinate the parameters of the penetration test. We resolve things like contact persons, testing periods, testing scope, as well as remaining tasks required before the test can commence.
5. Pentest
Our ethical hackers conduct the penetration test actively. You will be notified about the test start and end. After the test is completed, you will receive a detailled report including Management Summary and remediation recommendations.
6. Finalization
One to two weeks after our report is delivered, we will conduct a common review meeting. During this optional meeting you can ask questions regarding the identified vulnerabilities.
Comissioning of a penetration test
Our Process
We adhere to a standardized process for the comissioning and execution of penetration tests. Once the engagement is confirmed, you will receive a quote, the penetration testing contract, and a service call-off form for your signature.
The penetration testing contract forms the legal basis for the collaboration and needs to be signed only once. It sets out the general terms and conditions for current and future penetration tests, as well as confidentiality provisions. The service call-off order specifies the details of the respective assignment. It refers to the proposal and includes project-specific details such as the testing period, scope of services, effort, and costs.
Before the penetration test begins, the penetration test contract and the relevant service order must be signed and on file.
You have further questions regarding our penetration test procedure? Feel free to contact us.
Our experts will gladly guide you through all steps.
Standards and Qualifications
We follow recognized international standards for our pentest procedure.
Our penetration testers are highly qualified and certified with several recognized hacking certificates.
Frequent questions regarding penetration tests (FAQ)
Can contract documents be signed digitally?
Digital signatures on contract documents are accepted. This is typically necessary for short-term projects in order to finalize the contractual details as quickly as possible so that a penetration test can begin.
We will send you our contract documents again by mail at a later date. We prefer that you sign the documents by hand and return them to us by mail.
What is the structure of the final report?
For information about our final report, see Vorgehensweise > Beispielbericht.
When is the earliest a project can begin?
After you have created an offer with our configurator, our experts will contact you promptly. We will then share and coordinate our next available dates with you. We gladly schedule your desired date nonbinding in advance.
Please note that the organizational contract process including signing often takes the most time. Furthermore, this step depends on your time-wise availability. Depending on the parameters of a penetration test, you may require additional time for the creation of test accounts or the application of firewall exceptions. Penetration tests can usually begin within two weeks.
More questions, but no answers in sight?
Take a look at the FAQ section on our Konfigurators.
If you still have unanswered questions, please feel free to use the Kontaktaufnahme.
Are penetration tests conducted on-site or remotely?
Most penetration tests can be conducted both remotely and on-site at your company’s location. If the target system is only accessible from your internal network, there are still several ways to conduct the penetration test remotely:
- Providing a VPN connection to your company’s internal network
- Provisioning a jump host to access the test object (RDP, Citrix, etc.)
- We use our in-house Intel NUC mini-PC, which will be mailed to you. Once set up on your network, the NUC connects back to the Pentest Factory control center. Our penetration testers can then access your internal corporate network and the target system being tested. You will receive setup instructions, and we will cover the shipping costs.