Required information for a pentest quotation
The time required for a penetration test - and thus the costs - always depend on the attack vector to be checked and the complexity of the targeted systems or applications. Although we use various tools, the work to be carried out manually predominates. So the question arises as to what exactly you would like to have checked and all the information on this would help us to make you a concrete and good pentest offer. We generally recommend using a gray box approach, so providing us with all the information that saves us time when carring out the pentest. You could also order a blackbox approach to see what an attacker would find and could exploit when having no information at all, but that requires more time. Depending on the scope and target of the pentest, the following information would be helpful for us to compile a pentest offer for you.
- For an external pentest offer (attack vector via the Internet), your public IP addresses or IP address ranges and domains would be helpful to get. This is public information anyway. We would then check in advance how many and which services are generally available there by just performing a non-invasive simple port scan.
- For an internal pentest (attack vector on-site physically or via jump host), information about the number of employees, IT workstations and servers would be helpful in order to be able to map an appropriate amount of effort in the pentest offer.
- For testing self-developed software of any kind it would be helpful to get a description or ideally demo credentials and/or a demonstration of the software. Understating the complexity of the application (forms, roles, download or upload features...) is important to compile a good and realistic pentest offer.
Our service in a nutshell:
Conducting Penetration Testing (Pentest)
Since 2013 our certified penetration tester team conduct pentest for IT infrastructures, web applications and mobile APPs (iOS / Android) and using a structured approach based on all relevant publications. As a service provider evaluate the identified and exploited vulnerabilities based on the associated business risk and compiling it into a report that contains a summary for the IT management and the technical details of the vulnerabilities identified. After you fix the vulnerabilities, we usually perform a retest without any additional charge.
Contact us
Our service in a nutshell:
Conducting Penetration Testing (Pentest)
Since 2013 our certified penetration tester team conduct pentest for IT infrastructures, web applications and mobile APPs (iOS / Android) and using a structured approach based on all relevant publications. As a service provider evaluate the identified and exploited vulnerabilities based on the associated business risk and compiling it into a report that contains a summary for the IT management and the technical details of the vulnerabilities identified. After you fix the vulnerabilities, we usually perform a retest without any additional charge.
Contact usPentest-Methodology
Pentest use the same tools and techniques that real attackers would use to break into a system. It includes the use of security tools and carrying out manual tests to uncover vulnerabilities. Thus is it not a automatic vulnerability assessment. On the contrary, as a service provider for penetration testing we are using the same tools and techniques that real attackers would use to break into a system. But while a real attacker only needs to find and exploit one vulnerability, a penetration tester checks all relevant attack vectors.
Having a structured approach is one of the most important factors to achive this in order to provide a professional pentesting service. Our approach is based on all relevant standards and publications.
Getting an Offer for a pentest
Pentest are always a compromise between effort and cost, to get a reasonable price. Successful pentest offer a good balance between these criteria to facilitate the testing of all relevant attacks and attack vectors. The cost of such a test always depends on the time the penetration tester spends and on the extent and complexity of the IT system or web applications. While a penetration test for a small application takes only some days, it can take several weeks for a large network or complex application.
For a pentest offers we do require prior information about the systems and applications that are to be examined. It is important that we get an initial impression of the target. For web applications, for example, test access can be helpful. Any additional information, e.g. the framework etc., can make it easier for us to draft a suitable offer for you. If you need us to pentest an IT system, we will need the corresponding network addresses in advance. In this particular case, we will first perform a non-invasive network scan to get a first look at your network. We will provide a detailed offer once we can estimate the effort required.
binsec GmbH is your german security service provider for penetration testing. Please get in touch with us if you would like to get a formal quote or if you have any questions. The company binsec GmbH is your pentesting vendor - order your pentest today!
Contact us
Pentesting
for specific standards and requirements
There are a lot of standards or legal requirements worldwide, that require conducting of a penetration test.
binsec GmbH for professional Penetration Testing Your pentest experts!
binsec GmbH is the company for professional penetration testing. Get a pentest offer and order the pentest without typical sales nonsense. Talk to experts instead to pre sales consultants. Better pentesting. No nonsense. As a company for professional penetration testing, we do some things differently than other pentest provider: As a penetration test firm, we do not sell vulnerability scans as pentest. We do also focus on business security risks. You are looking for a professionally conducted penetration tests? Get the binsec team for your pentest!
Contact us
Frequently Asked Questions
It is difficult to give an generalized answer to this question, since the toolset used basically depends on the respective test object. Of course, we use tools such as nmap to check IT infrastructures or the Burp Suite Professional in the case of web applications.
However, we believe that publishing a tool list is mere window dressing, as each target system should be tested individually. However, you are welcome to ask us about the tools we used after the pentest.
+49 692475607-0