Frequently Asked Questions | FAQ

// KNOWLEDGE BASE

14 Key Questions About Pentesting

Read detailed answers to the questions most frequently asked by our clients before starting a collaboration.

General Information

01 Who are VIPentest penetration tests designed for?

Our penetration testing and IT security audit services are designed for organizations that want to effectively protect their systems against cyberattacks.

We serve, among others:

companies processing customer data
financial and medical institutions
online stores and SaaS platforms
IT and cloud service providers
software houses
organizations in regulated industries
network and infrastructure administrators

Pentests help reduce the risk of data breaches, financial losses, and reputational damage.

02 What makes VIPentest different from other pentesting firms?

At VIPentest, we focus on manual penetration testing performed by experts, not solely on automated scanners.

Our advantages:

an experienced team of certified specialists
manual vulnerability analysis
no false alarms
technical and business reports
an individual approach to each project
focus on real risk

As a result, the client receives a reliable security assessment, not just a list of automated results.

03 Why is my application a target for hackers?

Any system connected to the Internet can become a target of an attack.

Most common reasons:

storing personal and financial data
the possibility of stealing funds
access to intellectual property
using servers for botnets
ransomware extortion
reputational attacks
lack of updates and security measures
high application popularity
susceptibility to phishing

A pentest allows you to detect these threats before cybercriminals do.

04 Is my application 100% secure after a pentest?

No. A penetration test significantly improves the level of security, but does not provide an absolute guarantee of protection.

Why?

new vulnerabilities appear (zero-day)
systems are updated
configurations change
human errors can occur
the level of attacks increases

That’s why we recommend:

regular pentests
security monitoring
updates
employee training
a secure software development process

IT security is a process, not a one-time action.

Testing Methodology

05 What are the differences between black-box, grey-box, and white-box testing?

⬛ Black-Box

The tester has no knowledge of the system. Simulates an external attack.

Pros:

✓ attack realism
✓ perimeter security assessment

Cons:

✗ lower accuracy

🔳 Grey-Box

The tester has partial knowledge of the system.

Pros:

✓ good balance
✓ high effectiveness

Cons:

✗ dependency on documentation

⬜ White-Box

The tester has full access to the code and architecture.

Pros:

✓ highest accuracy
✓ detection of deep vulnerabilities

Cons:

✗ less attack realism

06 Why are manual tests better than automated ones?

Manual tests allow you to:

detect logical errors
analyze business context
eliminate false positives
simulate real attacks
assess vulnerability impact
prepare practical recommendations

Automated tools are a support — they cannot replace a specialist.

Test Preparation

07 How to prepare for a penetration test?

For a pentest to be effective, you should:

prepare the test environment
verify application functionality
perform a data backup
notify the hosting provider about the test
provide access credentials
configure SMTP
agree on the test scope

Good preparation shortens testing time and increases its quality.

08 What information is needed before a pentest?

⬛ Black-Box

application URLs

🔳 Grey-Box

URL
test accounts
documentation
user roles

⬜ White-Box

URL
accounts
SSH/FTP access
source code
documentation
API

The more data, the more accurate the result.

09 How to provide access to the test environment?

Available methods:

VPN
web access
ISO image
RDP
TailScale

We always determine the method individually.

Duration & Frequency

10 How long does a penetration test take?

Completion time depends on:

project size
test type
number of systems
level of security measures
documentation availability

Approximately:

5–10 days

Small projects

2–3 weeks

Medium projects

4–6 weeks

Large environments

Exact timeline is determined individually.

11 How often should penetration tests be performed?

Recommended frequency:

at least once a year
after every major update
after infrastructure changes
in regulated industries: every 6 months
after security incidents

Best results come from combining pentests with continuous monitoring.

Technical Details

12 What does the retest process look like?

A retest involves:

verification of implemented fixes
re-checking vulnerabilities
review of new changes
preparation of an updated report

Thanks to the retest, you can be sure that issues have been effectively resolved.

13 Why should IP addresses be added to the IDS/IPS whitelist?

IP whitelisting:

prevents blocking of testers
shortens test time
increases analysis effectiveness

It is recommended but not mandatory.

14 Why do we change the SMTP configuration during testing?

Changing SMTP allows:

analysis of system emails
password reset testing
notification verification
checking for logical vulnerabilities

The configuration is quick and secure.

Have Additional Questions?

Contact the VIPentest team to receive a free consultation and a tailored IT security testing offer.

Free Consultation Our Services