Prepare the pentest environment
Make sure that the pentest environment contains the most recent code and settings. Testing is preferably done on an acceptance-/test environment. If this is not an exact copy of the production environment, then it is necessary that the pentest environment is at least filled with (test) data. This way, the researchers can test all the functionalities of the application and no parts are skipped.
Make sure that the test environment is working properly
Make sure that all functionalities and components within the application work as intended, similar to the production environment. Perform a check and inform the pentesters before testing if certain things do not work on the test environment.
Create backups
Data can be changed or deleted during testing. Therefore, create backups before a pentest is performed.
Inform the hoster
Inform the hoster that the IP-addresses of Web Security Scan should be whitelisted for IDS-, IPS- and rate limiting systems during the test period.
Provide the necessary information
Depending on the type of pentest, certain information must be provided in advance.
Adjust the SMTP settings of the test environment
By setting the supplied SMTP settings, our researchers are able to view all e-mail messages sent via your application.