Articles on: General Questions (Pentest)

What access levels are necessary for conducting a web application Pentest?

Prerequisites for Conducting a Web Application Penetration Test:

Staging Environment:

Please provide a staging environment for the penetration test.
The staging environment should allow easy clearing of any test-generated data.
If you are unable to provide a staging environment, we can work with your production environment, but we will need additional details about your web application.

Production Environment:

If you don't have a staging environment, you can provide your production environment.
Please share details about your web application to help us understand it better.

To ensure a smooth and successful penetration testing process, please consider the following:

If you have any specific notes or warnings regarding the production or staging testing, please inform us.
In some cases, firewalls may block our scanner requests, causing issues during manual testing.
Please clarify the firewall settings to ensure smooth testing.
If applicable, whitelist our Nord VPN USA IPs to avoid any access issues.

If your web application has different levels of user access, please provide the following user accounts:

User 1: admin
User 2: standard_user
User 3: moderator

This will enable us to test for access control vulnerabilities and privilege escalation.

Rate Limit on Login Attempts:

If there is a rate limit on login attempts, please let us know.
If possible, remove the rate limit for the mentioned accounts to facilitate testing.
Please ensure that all the above requirements are fulfilled before we can proceed with the penetration test. If you have any further questions or concerns, please feel free to create a support ticket.

Updated on: 10/08/2023

Was this article helpful?

Share your feedback


Thank you!