Your pentesters need dedicated accounts to test your systems.
Be sure to delete these pentester accounts after the process is complete.
In our journey through Pentest Requirements, we now discuss Test Credentials. When you see that title, select from the following options:
You will provide credentials for each pentester
You need pentester email addresses
- We’ll share email addresses once your pentest is in the Planned state.
Pentesters can create their own credentials / No authentication required
Explain the process in the special Instructions, based on the following use cases:
- If our pentesters can create their own accounts on your system
- If our pentesters can test your system without credentials
If you’ve set up dedicated accounts:
- Remember to create one (1) account per pentester.
- Make sure each test account works.
- Share documentation on how your pentesters can set their own passwords.
- If necessary, share username/password (or other credential) information using the secure channel of your choice.
- Describe the user role along with associated permissions and/or privileges.
- Include other authentication requirements such as multi-factor authentication (MFA).
- Once the pentest (and any retests) are complete, delete the dedicated accounts.
Depending on the methodology, we may also perform black-box and gray-box tests.
Now proceed to the next step, special Instructions.
Was this page helpful?Yes No Create an Issue
Last modified January.01.2023