As security professionals with nearly two decades in the industry, we understand the significance of choosing the right penetration testing service provider.
It’s important to not only look for testers with the technical skills required but they should be trustworthy highly experienced, credible and deliver on their promises of testing, reporting and remediation. They should have the potential to question assumptions and relay observations and solutions that add value throughout the process.
5 important items to consider in a pen test provider:
- Certification: You should expect these to include CREST, C√SS, C│EH and GIAC. Security firms and testing engineers that are CREST approved and certified can be considered credible, as they have invested heavily in security testing skills and expertise. Learn more about certification on our blog post here.
- Assurance: A penetration testing company should be able to demonstrate a long history of successful and well-received testing engagements – backed up with client references.
- Methodology: It’s reasonable to expect that before undertaking a penetration test, your pen-testing provider should demonstrate a clear understanding of your testing objectives and provide a testing methodology that meets or exceeds your requirements.
- Deliverables: All pen testing companies should provide a detailed report along with clear and explicit remediation advice and some will also include retesting. More established providers will offer additional deliverables such as courtesy stakeholder workshops, on-call advice (after testing is complete) and a satisfaction guarantee.
- Communication: Some pen testing companies may outsource work to sub-contracted testers, in some cases to testers based overseas. In these cases, being able to speak directly with the engineer conducting the testing may be difficult.
During the testing process, your tester may have access to sensitive data and mission-critical areas of your network or applications. This is why it’s vital that you’re assured the testing company you engage is fully trustworthy, has all the required technical capabilities and can demonstrate a strong track record of expertise and qualifications.
We hope you found this information of value. If you have any questions or would like a quote for our Crest Accredited testing services, please feel free to contact us.