After performing a pentest, you have more certainty about the security of your web application. The more time is invested in a pentest, the greater the chance that as many vulnerabilities as possible will be found. Our researchers follow recognized guidelines and best practices during the execution of a pentest, to map vulnerabilities in a structured manner.
However, a pentest is often performed in a limited time-frame, so there may still be vulnerabilities in the web application that were not found during the research. The chance of abuse is considerably minimized by means of a pentest, but unfortunately a 100% safe application can never be guaranteed.
A hacker basically has an unlimited time to try to hack a web application, and probably also succeeds after a certain time investment. However, you can make it very difficult for a hacker by resolving most vulnerabilities before they attack, and thus also minimizing the chance of a hacker's success.