Question 1

How long does a penetration test take?

Accepted Answer

Our pentests are scoped as once-off engagements. A standard web application pentest typically takes 5-10 business days depending on the scope and complexity of the application. Infrastructure tests vary based on the number of IP addresses and network segments. We provide a detailed timeline during the scoping phase.

Question 2

Will penetration testing break our production systems?

Accepted Answer

We take every precaution to avoid disruption to your production environment. Our testers follow a carefully controlled methodology, and we agree on testing boundaries beforehand. For sensitive environments, we can test against staging or pre-production systems first.

Question 3

What certifications do your penetration testers hold?

Accepted Answer

Our penetration testing work is backed by practical training including PWPP, PWPA, Web Application Security & Testing, Mobile Application Penetration Testing, Practical Ethical Hacking, and Practical Malware Analysis & Triage through TCM Security.

Question 4

Do you provide remediation support after the test?

Accepted Answer

Yes. Every engagement includes a detailed report with prioritised remediation guidance. Higher-scope assessments include dedicated remediation support calls where our testers walk your development team through each finding and recommended fix.

Question 5

How is AI/LLM penetration testing different from traditional pentesting?

Accepted Answer

AI pentesting focuses on unique attack vectors like prompt injection, jailbreaking, data leakage through model outputs, and adversarial inputs. It requires specialised knowledge of machine learning systems and the OWASP Top 10 for LLM Applications.

Features	Standard	Comprehensive	Advanced
OWASP Top 10
About OWASP Top 10 "Testing against the OWASP Top 10 vulnerabilities"
API Security Testing
About API Security Testing "REST and GraphQL API endpoint security assessment"
Source Code Review		Highlights
About Source Code Review "Manual review of application source code"
Advanced Attack Scenarios
About Advanced Attack Scenarios "Testing chained attack paths, privilege escalation routes, and high-impact abuse cases"
Retests	1	2	3
About Retests "Verification that vulnerabilities have been fixed"
Executive Summary
About Executive Summary "Non-technical report for management and stakeholders"

Web App Penetration Testing

Assessment Scope

Standard

Comprehensive

Advanced

What's Included

Frequently Asked Questions

Ready to Test Your Web Application?