One of the most underrated aspects of pentesting is being a good pentest customer.

What does that mean?

- Remembering that pen testers want, and are being paid too, actually pen test. Make sure they can do this by having all the accounts and access they’ll need configured and tested a week or so before the start date. Waiting around for things is a waste of time and money.

- if you know you want the report in a specific format, asking for that before the pen test starts.

- being responsive to questions that come up during the test, especially around the context of your business/app - pentesters have a short window of time to learn the lay of the land and maximize their value. Help them help you.

#infosec