Penetration TestingProcess Overview

Penetration Testing High-level Overview

  1. Scope
  • 30-minute scoping call, in which our penetration tester will be present.
  • We expect you to provide a comprehensive overview of the product, including a demo of the application. While an architectural design is not mandatory, it would be appreciated.
  • A showcase of Oneleet’s platform used for vulnerability management is provided.
  • The assigned penetration tester will attend the meeting and ask questions to better understand your application/infrastructure.
  • The Rules of Engagement will be discussed (timeline, scope, ways of communication, etc.)
  • After the scoping call we will send over a summary of what was discussed.
  1. Prepare
  • Provide the necessary permissions and details of the environment discussed during the scoping call, including user accounts, IP addresses, and possibly required credentials. A summary of the required information will be provided after the scoping call.
  • An invitation will be sent to your team in charge of supervising the penetration test to create an account on Oneleet’s platform.
  1. Test
  • Any found critical vulnerabilities will be immediately brought to your attention via Slack.
  • Using various tactics, techniques and procedures to identify security caveats, our penetration testers will attempt to exploit the identified vulnerabilities to assess how deeply they can penetrate the system.
  1. Report
  • All discovered vulnerabilities will be uploaded on Oneleet’s platform.
  • After the engagement concludes, our internal team will revise the Penetration Test Report, which will be made available within 2 to 3 business days.
  • The final Penetration Test Report will include an executive summary, risk ratings, detailed findings, and recommendations.
  1. Remediate
  • If necessary, you can remediate the vulnerabilities, and our penetration tester will retest the system within a couple of days.
  • At this stage, you also have the option to accept the risk or reject the vulnerability.
  • Once all findings have been addressed, an updated report will reflect the new state of each finding.
  1. Evaluate
  • For instance, discuss any unaddressed risks that your company accepted, confirming that these decisions align with your risk management strategy. Ensure that the risk remains acceptable over time.
Internal and ExternalDocuments