You tell us in a short conversation which systems you want to have tested and for what purpose.
We estimate the effort in person days and submit an offer.
The period of our tests is limited to this number of person-days. We cannot guarantee that
that we will be able to detect all security vulnerabilities.
If real attackers invest more time, they could find vulnerabilities that we may have missed.
We only charge for services actually provided.
If it turns out that we need less time, we charge accordingly less.
Our lead time is usually about two months. For urgent jobs, we do our best to find an early deadline.
We need the list of target systems ("scope") at least three working days before the agreed test.
This can be IP addresses, domains, subdomains, or similar.
The submission implies the granting of a Permission to Attack ("PtA").
Without PtA, certain attacks could be illegal. We ask you to
you to ensure that you are actually allowed to grant a PtA for the target systems
(e.g. you are the owner of the systems).
Please inform all your employees and colleagues who are to be involved in the assignment
about the penetration test at an early stage. Those who are particularly interested in being involved
is usually the employee representation (works council).
We will not carry out any measures that intentionally endanger the availability of your systems.
It can still happen that systems become unavailable.
We will be available at all times during the tests if you notice any problems.
Please ensure that the systems to be tested can be restored at any time
(e.g. via backups), should something happen.