How do you prepare for a pentest?

Prepare the pentest environment

Make sure that the pentest environment contains the most recent code and settings. Testing is preferably done on an acceptance-/test environment. If this is not an exact copy of the production environment, then it is necessary that the pentest environment is at least filled with (test) data. This way, the researchers can test all the functionalities of the application and no parts are skipped.

Make sure that the test environment is working properly

Make sure that all functionalities and components within the application work as intended, similar to the production environment. Perform a check and inform the pentesters before testing if certain things do not work on the test environment.

Create backups

Data can be changed or deleted during testing. Therefore, create backups before a pentest is performed.

Inform the hoster

Inform the hoster that the IP-addresses of Web Security Scan should be whitelisted for IDS-, IPS- and rate limiting systems during the test period.

Provide the necessary information

Depending on the type of pentest, certain information must be provided in advance.

Adjust the SMTP settings of the test environment

By setting the supplied SMTP settings, our researchers are able to view all e-mail messages sent via your application.