A penetration test is a critical exercise for maintaining good standards of cyber security, so it’s important that you are aware of what’s required from you to ensure a smooth and successful engagement. Here’s what to expect before, during, and after your penetration test.

  1. Before your test

    Before your test begins, make sure you have a recent backup of key systems and data. You should also let the relevant departments within your organisation know when the pen test is being carried out. Depending on the type of test being conducted, we’ll require the following information.

    External Infrastructure

    External URLs & IP addresses

    Wireless

    SSIDs/APs

    On-site address

    Internal Infrastructure

    Internal URLs & IP addresses

    VPN details, including gateway URL and login credentials

    API

    API info such as endpoints or requests

    Relevant API documentation

    Sample API requests

    APP

    URL & IP addresses

    Login credentials for all user role levels (authenticated tests only)

    Social Engineering Campaigns

    Target Employee details, including name, email address, & telephone numbers (if appropriate)

    AWS Configuration Review

    The following are required to carry out an AWS configuration review:

    The AWS account number in scope/sign-in URL

    An IAM account we can use for testing with access & credentials to the following:

    AWS Web Console (username + password)

    AWS CLI/API (Access Key ID + Access Key Secret)

    The IAM account needs to have read-only privileges and access to the credential report. These permissions can be assigned using the following AWS policies:

    ReadOnlyAccess

    SecurityAudit


  2. During the test

    During the test itself, we’ll need the contact details of someone we can quickly report critical security weaknesses to. We’ll also supply details of the lead penetration tester to ensure the smooth execution of the testing activities.


  3. After the test

    After the test, you’ll need to arrange for resources to be available in order to address the issues raised in the report. The report itself is split into a high-level executive summary and a technical breakdown and includes helpful remediation advice.


  4. Will a test interfere with a customer's business operation?

    Our vulnerability analysis and manual penetration tests do not interfere in a negative way, they are non-destructive to the users and won’t affect anyone in the company.


    If you’d like any more information or if you have any questions about your penetration test, please get in touch with us.

Did this answer your question?