Resources/

Penetration Testing FAQ

Penetration Testing FAQ

Penetration testing comes with a lot of questions, especially for security and IT teams navigating compliance requirements for the first time or evaluating vendors for an upcoming audit.


This resource covers the fundamentals: what pentesting actually involves, how it differs from automated scanning, what auditors expect to see in a report, and how to scope and budget for an engagement. The answers below reflect how Red Sentry approaches penetration testing, including our typical timelines and transparent pricing, but most of this applies regardless of which provider you work with.


Penetration testing comes with a lot of questions, especially for security and IT teams navigating compliance requirements for the first time or evaluating vendors for an upcoming audit.


This resource covers the fundamentals: what pentesting actually involves, how it differs from automated scanning, what auditors expect to see in a report, and how to scope and budget for an engagement. The answers below reflect how Red Sentry approaches penetration testing, including our typical timelines and transparent pricing, but most of this applies regardless of which provider you work with.


1

Penetration Testing Basics

What it is, why it matters, and how it differs from other security tools

What is penetration testing?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.

What's the difference between a penetration test and a vulnerability scan?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.

How often should a company get a penetration test?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.

Is penetration testing disruptive to our operations?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.

What's the difference between black box, gray box, and white box testing?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.

2

Compliance & Audit Readiness

SOC 2, HIPAA, PCI DSS, ISO 27001, and passing your audit

Does Red Sentry's pentest satisfy SOC 2 requirements?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.

Can one pentest cover multiple compliance frameworks?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.

What does an auditor actually need to see from a penetration test?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.

We have a compliance deadline in 30 days. Can Red Sentry help us in time?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.

Do you provide a letter or certificate we can share with customers or partners?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.

3

How Red Sentry Works

Our process, team credentials, and what makes us different

What does a Red Sentry engagement look like from start to finish?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.

Who actually does the testing?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.

What is PTaaS and how is it different from a traditional pentest?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.

How is Red Sentry different from competitors like Cobalt or BreachLock?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.

4

Types of Penetration Tests

Web application, network, cloud, API, and more

What types of penetration testing does Red Sentry offer?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.

What's included in a web application penetration test?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.

Do you test cloud environments like AWS or Azure?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.

Can you test our APIs specifically?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.

What's the difference between internal and external network testing?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.

5

Pricing & Timeline

What it costs, what drives scope, and how fast you'll get results

How much does a penetration test cost?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.

What factors affect the final price?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.

How long does a penetration test take?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.

Is retesting included in the price?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.

6

Deliverables, Reporting & Platform

What you receive, how findings are tracked, and how Jira integration works

What does the final pentest report include?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.

How does Jira integration work?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.

Who on our team gets access to the PTaaS platform?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.

Do you provide sample reports before we commit?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.

Can we access previous test results and track security improvement over time?

Yes, if they integrate with your environment. We assess vendor access points, SSO configurations, and data sharing pathways to identify where third parties create risk.