Introduction

A standard VAPT engagement takes 10 to 15 working days from the point our security engineers receive all required information from you.

For web application pentests, initial scanner results are typically available within a few hours of setup, so your engineering team can begin remediation while the manual pentest is underway.

What Affects the Timeline

Three factors can shorten or extend your pentest duration:

• Timeliness of information — The faster you provide asset details (credentials, scope, access), the sooner testing begins. Your CSM will follow up within 24 hours of sign-up to collect what's needed.

• Number of assets — More applications or devices mean a longer engagement.

• Current queue — Our team's existing workload may affect scheduling.

Need It Faster? Use Rapid Pentest

Rapid Pentest is a premium option that delivers results in 7 working days or less, with onboarding starting within 24 hours.

It includes priority onboarding, a dedicated account manager and security team, and a remediation call to walk through findings.

Rapid Pentest carries an additional fee. Contact our sales team to inquire.

Troubleshooting

My pentest hasn't started after 24 hours of sign-up. Check whether your CSM has reached out via email. If not, raise a support ticket from your Astra dashboard or write to help@getastra.com.

I haven't received initial scan results for my web app. Confirm that your target URL is correctly configured and that scanner IPs are whitelisted if your app is behind a firewall. See Astra IP Ranges for the full list.

I need my pentest completed sooner than the standard timeline. Reach out to your CSM or contact sales to discuss the Rapid Pentest option.