How do I start?
If you work in an organization that is involved in fighting the COVID-19 pandemic and you want a free assessment of your website security, submit a pentest request here. Please explain your situation and how your organization is involved in handling this crisis.
How do you prioritize pentest requests?
For qualifying organizations, we will perform the tests in a FIFO approach (first come, first served). However, we reserve the right to re-prioritize on a case-by-case basis, according to the specific situation.
How do I know if I've been selected?
You'll get an email from us to let you know if you’ve qualified for a free website penetration test. We’ll also include details about your current position on the waitlist.
How do I know when the pentest has started?
You'll receive an email from us once we start testing your website. You will also be notified when we’ve finished the pentest.
How do you perform the test?
This is a semi-automated assessment and it leverages the tools from Pentest-Tools.com. After running your website through a set of tools with dedicated configurations, we will manually review the results, validate the most relevant findings, and exclude false positives. We then assemble the valid findings into a report (also created through our platform) and email it to you promptly.
How long does the test take?
This semi-automated pentest usually takes up to 1 day but it can be extended to 2 days, according to the availability of our resources.
Who performs these tests?
The penetration testers on our team are some of the best in the industry. Besides their extensive experience, they also have the following certifications:
What does the report include?
Once we wrap up the test, we'll send you a PDF report with all the information you need to understand, reproduce, and fix your most dangerous website vulnerabilities. Here's what a Pentest-Tools.com report looks like.
What approvals do I need?
You need to have explicit authorization from the owner of the website so we can test it for you. If you're using a shared hosting or managed service (e.g. Amazon, Azure, etc.), you need to get explicit permission for the test. We recommend either obtaining this through a clear, specific email or an electronically signed PDF document. We don't need this document ourselves but you will, so it's important to have it prior to applying for a free pentest.
Will my website work as usual while you test it?
The tests that we perform are properly calibrated to not impact how your website works. However, you should know there is always a small risk of something going wrong (usually from the server side). That's why we strongly reccomend you have a working backup of your website before we start the test. What's more, if you observe any weird behavior of your website during the test, please let us know right away and we will immediately pause or stop our assessment.
How can I contact you directly?
Please use this contact form to ask additional questions. We're here to respond and provide any details you may need.