There are many misconceptions on remediation testing so I’ll explain what to expect when performing a remediation test after a pen test.
A remediation test may be extra and not included within the cost of the initial pen test, these are some questions you will want to ask when receiving a penetration test quote.
- Is remediation testing included in the cost of this penetration test?
- Is there a limit to the findings for remediation testing?
- Do I get a completely new pen-test?
A remediation test will not be a completely new pen test, it will be a spot check of each finding to identify if they have been remediated or not remediated. An appended report will be issued showing which findings have been fixed or still exist. Remediation testing is a great way to strengthen your security posture by identifying the security issues and closing them.
You should perform remediation testing within 30 days but this is more of best-practice in most industries. Keep in mind that new vulnerabilities are found every day, and waiting too long can be a risk.
You can have the remediation test performed at another penetration testing firm if you didn’t have a good experience with the pen-test, but I would recommend an expert review. Reach out to Black Hat Pen-Test today and we can review the report and discuss the findings.