Prepare the pentest environment
Make sure that the pentest environment contains the most recent code and settings. Testing is preferably done on an acceptance-/test environment. If this is not an exact copy of the production environment, then it is necessary that the pentest environment is at least filled with (test) data. This way, the researchers can test all the functionalities of the application and no parts are skipped.
Data can be changed or deleted during testing. Therefore, create backups before a pentest is performed.
Inform the hoster
Inform the hoster that the IP-addresses of Web Security Scan should be whitelisted for IDS-, IPS- and rate limiting systems during the test period.
Provide the necessary information
Depending on the type of pentest, certain information must be provided in advance.