Table of Contents
You have a website to find a company that will do a penetration test on your site and then some training. You’re going to be losing some money and you need to protect your investment. There are a number of questions that need to be asked and answered for you to get the best penetration testing companies. Below are some of them:
1. What Do I Want My Penetration Test To Look Like?
This is an open-ended question. One that you need to spend some time answering. It is going to be very hard for an outside company to know what you want unless you clearly state your needs and desires. The answer will be unique for each person, as what is critical for one might not be for another. The first thing that you need to do is understand your own security posture and if there are any potential risks or issues that you would like to take a look at.
2. What Type Of Tests Should They Be Doing?
This is a question that you will need to answer. There are general and generic tests that an ethical company will perform, but you may also have specific things that you want them to test. This is something that will take some time to develop once you have established the goals, but you need to be clear on what it is that you’re looking for.
3. What’s My Budget?
This is a huge variable, depending on how much money is going to be spent. You need to be realistic about your budget and the amount of time that you can spend on creating your testing plan. A company that has done a number of tests may have a more valuable point of view than someone that may have only worked with one or two authors. This is not the case in every situation and you should figure out what you are willing to spend and then decide if it’s worth it.
4. Do I Want Someone To Write A Manual (Code) Themselves?
This depends on how much time you have to spend developing a penetration testing plan and whether it will be easier for them or not. This can be extremely beneficial when you are dealing with the ethical companies that you know. They understand the need to write an excellent testing plan and then implement it as best as possible.
5. What About The Security Company? Are They Ethical Companies?
You need to make sure that you are dealing with a reputable company before you allow them to handle your penetration testing. This is no different than any other service provider that you may be looking for. This can also be discussed and evaluated during the interview process, so there should be no concern now about picking a bad one later on down the line when things get more complex.
6. How Soon Do You Need To Have The Test?
This is important to you, but there may be a shortening of time if the ethical team has a good set of skills. This can be something that you might want to look into. Depending on their skill set, they may already have had everything worked out and not need to wait for your application and other things to complete before starting.
You have created a penetration testing plan and it’s time to start hiring. You’re in a tricky place since you have a number of different things to consider when looking for someone to fill the gaps between you and your potential vulnerability. This can be a bit of an emotional process, but if you ask the right questions and keep your emotions in check, it will help you make good decisions.