How do you prepare for a pentest?

Prepare the pentest environment

Make sure that the pentest environment contains the most recent code and settings. Testing is preferably done on an acceptance-/test environment. If this is not an exact copy of the production environment, then it is necessary that the pentest environment is at least filled with (test) data. This way, the researchers can test all the functionalities of the application and no parts are skipped.

Create backups

Data can be changed or deleted during testing. Therefore, create backups before a pentest is performed.

Inform the hoster

Inform the hoster that the IP-addresses of Web Security Scan should be whitelisted for IDS-, IPS- and rate limiting systems during the test period.

Provide the necessary information

Depending on the type of pentest, certain information must be provided in advance