Overview of our pentesting procedure

We aim to make pentests predictable, transparent, and effective — with ongoing coordination and a written report that helps you fix what matters.

1) Preparation call

Before we start, we align on the essentials:

• Clarify the risks and threat model
• Agree on the test scope and boundaries
• Collect what we need for efficient testing (access, test users, approvals/whitelisting, etc.)

2) Start of the pentest

We begin testing within the agreed time window and scope.

3) Mid-test check-in

During the pentest, we optionally schedule a short interim presentation (around one hour):

• Share preliminary findings early
• Exchange context and clarify open questions
• Adjust priorities if needed (within the agreed scope)

We will immediately report critical findings that require urgent action (independent of the mid-test check-in).

4) Report creation and delivery

After testing, we compile the results into a PDF report and deliver it to you.
You can see what our reports look like in our sample reports.

5) Fixing findings (customer side)

You address the reported vulnerabilities, ideally prioritizing the high-risk items.

6) Free retest within 8 weeks

If vulnerabilities are fixed within eight weeks after report delivery, we will retest them once free of charge.
This includes an updated report version and notes on the remediation status.