Test Credentials

Your pentesters need dedicated accounts to test your systems.

Be sure to delete these pentester accounts after the process is complete.

In our journey through Pentest Objectives, we now discuss Test Credentials. When you see that title, select from the following options:

  • I will create testing account(s) and provide credentials
  • I need pentesters email(s) address to create or share test account(s) credentials
    • We’ll share email addresses once your pentest is in the “planned” state.
  • No credentials required
    • Explain the process in the special Instructions, based on the following use cases:
      • If our pentesters can create their own accounts on your system
      • If our pentesters can test your system without accounts

If you’ve set up dedicated accounts:

  • Remember to create one (1) account per pentester.
    • Make sure each test account works.
    • Share documentation on how your pentesters can set their own passwords.
    • If necessary, share username/password (or other credential) information using the secure channel of your choice.
  • Describe the user role along with associated permissions and/or privileges.
  • Include other authentication requirements such as two-factor authentication (2FA).
  • Once the pentest (and any retests) are complete, delete the dedicated accounts.

Depending on the methodology, we may also perform black-box and gray-box tests.

Now proceed to the next step, special Instructions.


Last modified November.11.2021