You think your security is geared up for everyhing an attacker has on resources? To put it to the test, you need a realistic scenario that will allow you to effectively measure how good your organization's defense and response capabilities really are when faced with any resources available to the attacker.
First of all, we'll get to know you and your company better in a personal meeting, so that we can create a tailor-made pentest plan for you and also specify the methods of the penetration test to be used. Also possible concerns, and in particular the relevance and need for such a revision, can be discussed in detail.
In the process of execution, we will use various methods of finding vulnerabilities and exploiting them to get access, like a real attacker.
We note and document everyhing what we found during our pentest like any vulnerability and the ways of exploitation and write it into a report in a clear and understandable way, we also provide a risk analysis in this step. The final report is provided to you and your IT before presentation.
As last step, we have another meeting with you to present the results, point out our improvement suggestions and then discuss with you. A re-examination can follow on request.
The following are the variables which affect the cost of a penetration test:
Complexity: the size and complexity of your environment and network devices are probably the biggest factors of your penetration test quote. A more complex environment requires more labour to virtually walk through the network and exposed web applications looking for every possible vulnerability.
Onsite: most penetration tests can be done offsite, however; in rare cases that involve very large/complex environments, an onsite visit could be required to adequately test your business security. Onsite visits are also required if you request a physical security or social engineering penetration test.
In short, yes. However, these risks can be mitigated with proper planning and scheduling, which we do in any case.