Every test is different from the scope to the timeframes, the team members involved and the outcomes required by the client. There are a few things that are usual.
The week before your test you will receive an email from our offensive security team. The email will contain the name, mobile phone number and email address of the penetration tester dedicated to your test.
If we are engaged to perform any testing against internal networks/systems then around about 4 days prior to the test start date you will receive one of our “Pentester in a Box” appliances. These boxes are exactly what they sound like, they are appliance-based mirrors of our penetration testers laptop. We like clients to connect these the day before the test to the power and the network so we can confirm a solid network connection. This is to ensure that the testing commences without any problems.
The day before your test your penetration tester will be in touch to make sure everything is set and you are ready for us to start testing. If an appliance has been sent out, our tester will test the connectivity and make sure everything is up and running.
We will conduct a number of passive tests against the scope overnight. Passive tests do not interact with your systems or applications, but rely on open-source data sources to tell us what they know about your systems.
You will receive a call on the morning of the first day of testing from one of the team just to let you know that we are starting testing.
At the end of every day, we will send you an email with a progress update. Some days the update may be very short. This is normal in the first few days of an engagement and especially where there is a lot of reconnaissance work to carry out.
Within three days of your test finishing, you will receive your penetration report. The report will be in PDF format along with a remediation workbook in XLS format. You will also receive your invoice at roughly the same time.
A week after the test is complete you will have received your test report and workbook. You will receive a call from one of the senior team at Hedgehog to check everything was to your satisfaction and to ensure that we maintained our high standards throughout the engagement.
Ask us a question, any question at all. As long as it has to do with Information Security / Cyber Security, we will get back to you with an answer.