What to Expect from your Penetration Test?

What to Expect from your Penetration Test?

Every test is different from the scope to the timeframes, the team members involved and the outcomes required. There are a few things that are usual and common. Here is what to expect from your penetration test.

The week prior to your test

The week before your test you will receive an email from our offensive security team. The email will contain the name, mobile phone number and email address of the penetration tester dedicated to your test along with a confirmation of the scope that we will be testing.

4 days prior to your test

If we are engaged to perform any testing against internal networks/systems then around about 4 days prior to the test start date you will receive one of our “Pentester in a Box” appliances. The appliances are delivered by DHL. For details on the setup of these boxes and how to return them, please see here. These boxes are exactly what they sound like, they are appliance-based mirrors of our penetration testers’ laptop. We like clients to connect these the day before the test to the power and the network so we can confirm a solid network connection. This is to ensure that the testing commences without any problems.

Around this time you should also receive the login credentials for the testing portal. The URL for the testing portal is https://portal.hedgehogsecurity.com.

24 hours prior to your test

The day before the test your penetration tester will be in touch to make sure everything is set and you are ready for us to start testing. If an appliance has been sent out, our tester will test the connectivity and make sure everything is up and running.

We will conduct a number of passive tests against the scope overnight. Passive tests do not interact with your systems or applications but rely on open-source data sources to tell us what they know about your systems.

The morning of your first day

You will receive a call on the morning of the first day of testing from one of the team just to let you know that we are starting testing.

End of each day check-in

At the end of every day, we will send you a message in the testing portal with a progress update. Some days the update may be very short. This is normal in the first few days of an engagement and especially where there is a lot of reconnaissance work to carry out.

Throughout the testing, your tester will be updating the testing portal in real-time, so it is worth checking the information in the portal at the end of each day. That way, if there is anything that you would like to start fixing, you will have all the details.

3 days Post Test

Within three days of your test finishing, you will receive your penetration report through the test portal. The complete detailed report is available within the portal and from there you can download a PDF format version and a remediation workbook in XLS format. You will also receive your invoice at roughly the same time.

7 days Post Test

A week after the test is complete you will have received your test report and workbook. You will receive a call from one of the senior team at Hedgehog to check everything was to your satisfaction and to ensure that we maintained our high standards throughout the engagement.

Retesting

Included within all penetration testing engagements is a remediation retest service. Once you have fixed any of the issues identified during the testing, you can contact the team and arrange for us to retest those issues to ensure that the fix you have put in place has worked. Retesting is limited to within 6 months of when the test ran.

Now you know what to expect from your penetration test with Hedgehog Security. If you have queries or concerns during or after your penetration test then you can always email the projects team.