During our pentests

INFO

Our pentesting teams usually consist of two people. This enhances our creativity and brainstorming, reduces errors and misconceptions, and allows us to test different attack paths simultaneously.

For projects with a larger timebox, we also deploy three to four pentesters, depending on the project requirements. For short projects (e.g., up to five person-days), pentesters also work alone. In these cases, the testers remain in close communication with colleagues to gather ideas and feedback.

See also: Working together in our pentesting manual.

• Our goal is to find technical risks and vulnerabilities in the target systems.
• If you observe attacks during the test period, you can use our IP address to check whether these attacks originate from us. Our source IP address is 91.99.251.12.
• In order to use our time frame as efficiently as possible, we recommend a regular
  informal exchanges during testing and a spirit of partnership
  (such as providing test users and access, or - at our explicit request - the deactivation of certain security measures).
• We will report serious vulnerabilities to you verbally as soon as possible and during the testing period.
• We ask you not to fix vulnerabilities during the testing period without consulting us. This makes testing more difficult and reduces the efficiency and quality of our testing.
• If you have purchased directly from us, we will retest fixed vulnerabilities once within eight weeks free of charge. This way you can later be sure that the fixes are effective.
• Any internal information provided to us and our findings from the tests are
  confidential and will of course not be passed on to third parties.