We conduct all tests in a controlled manner and with appropriate safety precautions. Our focus on white box testing and avoiding destructive interventions significantly minimises the risk of system impairment.

The duration depends on the scope of the application/system landscape, the desired depth of testing and the regulatory context. It can range from a few days to several weeks. Verifying corrections is often quicker than the initial tests.

Companies with high compliance requirements (healthcare, finance), technology-oriented companies (software, e-commerce) and organisations with critical infrastructures benefit particularly from regular security audits.

How often a pentest should be performed depends on various factors, such as

• the frequency of major code changes,
• the integration and type of new features, or
• the deployment of new infrastructure components.

We recommend performing a pentest at least once a year or after major updates to ensure that your systems are up to date and resistant to current threats. Remember that the cybersecurity landscape is constantly evolving. Therefore, it is important to conduct regular assessments to achieve a strong level of security.
It may also be necessary to conduct tests more frequently, e.g. if your company is subject to specific compliance requirements or operates in a high-risk industry.

Ideally, a pentest should be carried out as early as possible in the development process in order to identify vulnerabilities and potential risks. This allows you to proactively address security issues and avoid costly corrections later on. The perfect starting point for a pentest depends, among other things, on

• the type of product,
• its development cycle and
• any legal requirements.

We recommend that you work with our experts to determine the most suitable schedule for your specific project.