Be sure to delete these pentester accounts after the process is complete.
In our journey through Pentest Objectives, we now discuss Test Credentials. When you see that title, select from the following options:
I will create testing account(s) and provide credentials
I need pentesters email(s) address to create or share test account(s) credentials
- We’ll share email addresses once your pentest is in the “planned” state.
No credentials required
- Explain the process in the special Instructions,
based on the following use cases:
- If our pentesters can create their own accounts on your system
- If our pentesters can test your system without accounts
- Explain the process in the special Instructions, based on the following use cases:
If you’ve set up dedicated accounts:
- Remember to create one (1) account per pentester.
- Make sure each test account works.
- Share documentation on how your pentesters can set their own passwords.
- If necessary, share username/password (or other credential) information using the secure channel of your choice.
- Describe the user role along with associated permissions and/or privileges.
- Include other authentication requirements such as two-factor authentication (2FA).
- Once the pentest (and any retests) are complete, delete the dedicated accounts.
Now proceed to the next step, special Instructions.
Was this page helpful?