General
What is PentServ?
PentServ is a modern application security platform that supports a complete find-to-fix workflow for pentesting and vulnerability assessments.
How is PentServ different from traditional penetration testing models?
The PentServ platform delivers all the reporting and communication through a modern online platform, making it easier for you to collaborate continuously with the pentesters and integrate seamlessly with your SDLC (Software Development Life Cycle).
Penetration Testing
What types of applications can be tested?
Our pentesters are highly experienced in doing assessments and penetration testing of web applications, mobile applications, web APIs, external/internal networks, and desktop applications. If your application does not fall into these categories, we're still happy to have a chat and see if we can help.
How does scoping of the pentests work at PentServ?
Scoping a test is a structured process where you can submit information about the target, including platform specifications, objectives, and instructions. All of this happens inside the PentServ application during the creation of the pentest project.
Can I get the pentesters to test specific scenarios I am particularly worried about?
Yes, you will be able to communicate directly with the pentest team to make sure they have the right knowledge to perform a high quality test.
I want to specify off-peak times for penetration testing so that my production environment does not go down when my users are most active. How can I do this?
In general, the testing will not cause any harm to your systems. But if you still want to establish testing times for pentesters, you should include a timeframe in your program description that specifies when pentesters can use your production environment for penetration testing.
How many requests will hit my site during testing?
When pentesters investigate a site, they may use automatic tools to quickly check for different vectors to ensure that you are being covered across many areas. The amount of traffic and requests from testing will be similar to the traffic and requests you typically see from ordinary site visits by a few users. It may peak at 100Mbps (0.1Gbps) when running brief, intensive scans. However, the overwhelming amount of testing relies on manual techniques that typically use an order of magnitude less.
Do I need approval from my cloud provider (AWS and others)?
The big cloud providers (AWS, Azure, GCP) do not require prior notification of normal penetration testing. But if you are using a smaller provider you should check with them. PentServ can help providing necessary info.
Deliverables
What kind of deliverables can I expect from PentServ penetration tests?
You will receive both individual finding reports with detailed descriptions of each vulnerability as well as a full summary report that describes the test and findings at an executive level - perfect for sharing with stakeholders.
Can I get a sample report from a PentServ pentest?
Yes, schedule a demo and we will provide you with one.
Who can see the findings of my pentests?
Only invited team members and the pentesters can see the list of reported vulnerabilities. All of this access is visible and controllable within each pentest program's settings.