All web application and external infrastructure penetration testing engagements now include complimentary retesting to verify that identified vulnerabilities have been successfully remediated.
We’ve compiled a list of 10 frequently asked questions (FAQ) about our Complimentary Targeted Retesting enhancement to our penetration testing services.
1. What qualifies for a free retest?
Free retests are available for web application and external infrastructure penetration tests where critical or high-severity findings were identified in your original test. The retest must be requested within two calendar months of when your test report was released.
2. Which vulnerabilities are covered under your free retest policy?
Only critical and high-severity findings are eligible for free retesting. Medium, low, and informational findings are not included; however, retesting for these can be purchased upon request.
3. How long do I have to request a free retest?
You must request your free retest within two calendar months from the date your penetration test report was released. Requests made after this timeframe will be subject to standard retest pricing and can be requested from your Blackfoot account manager.
4. What types of systems are covered?
Complimentary retesting applies to web applications and external infrastructure that were part of your original penetration test scope. Internal infrastructure testing and other testing types follow separate retest policies.
5. Do I need to fix all findings before requesting a retest?
While we recommend addressing all identified vulnerabilities, free retesting will focus specifically on verifying remediation of the critical and high-severity findings you have fixed from your original report.
6. How do I request a free retest?
Using the retest function within our Sentry platform, request a retest and one of our friendly team will reach out to schedule your retest. We will ask which of the critical and high findings you would like retested.
7. What's the scope of the free retest?
Full retesting involves conducting a complete new penetration test of the entire scope, while targeted retesting (which is what our free service provides) focuses specifically on verifying that previously identified critical and high-severity vulnerabilities have been properly remediated. Full retesting, which ensures new vulnerabilities have not been introduced when fixes have been applied, can also be provided subject to commercials. Please speak with your Blackfoot account manager for further information.
8. How long does a retest take?
Retest duration depends on the number and complexity of findings being verified, but typically takes a day or two. We will provide a timeline estimate when scheduling your retest.
9. Will I receive an update after the retest?
Yes, you will receive the outcome of the retest and the status of each critical and high finding that was retested, we will provide the results via Sentry confirming whether vulnerabilities have been successfully remediated.
10. What if new vulnerabilities are discovered during the retest?
This is unlikely as targeted retesting only focuses on validating fixes for previously identified critical and high findings. The discovery of new vulnerabilities will require a separate engagement to fully assess and test the in-scope environment.
Should you have any further queries, please do not hesitate to contact us.
