What is the lead time for a pentest?

The throughput time of a pentest depends on several factors. For example, automated tools that are used during security testing can have a turnaround time of a few days to a week, depending on the application size and server response times. Test results are always checked by a second tester (four-eyes principle), which takes extra time. Usually the lead time of an extended pentest is three to four weeks after the start of the work.

For example: a pentest is budgeted for 32 hours. Researchers start testing the web application on January 1st. The expected delivery date of the report will not be in the same week on January 4th or 5th (after 32 hours), but in the week of January 22nd - 26th (after 3 - 4 weeks).