When does penetration testing start on the asset?
Penetration testing on an assets gets scheduled when your asset is created and the licence is allocated to an asset.
Version Number: v1.0.1
Published Date: 14 May 2024
____________________________________________________________________________
Pen-test scheduling guidance:
- We recommend 3 scheduled assessments (including initial assessment) before pen-testing. We found this approach benefits customers so that we can build up a clear picture of the asset in question before carrying out manual pen-testing This also allows our customers time to remediate any vulnerabilities we find through automated testing. This ‘usually’ equates to 1-2 months after the initial assessment.
- A minimum of 1 assessment is required, this gives us a limited view of asset, and generally a shorter window for all config to be in place. Usually reserved for emergency pentests.
- In cases like this we would still recommend a minimum of 4 weeks to get the initial assessment complete and pen-test started.
If you require an emergency pentest reach out to shout@edgescan.com and let the team know. Please include the key timelines and asset IDs in your request.