Frequently asked questions.

If you have any further questions, Get in touch with our friendly team or visit our general FAQ's here
Will the penetration testing impact my systems?

It shouldn’t. However, your systems are unique to you and may be configured in a way that could have a negative impact. If we find any potential vulnerability indicators that could result in a denial of service, then we’ll report it to you immediately.

What happens if our systems are affected during penetration testing?

We can stop testing immediately if you instruct us to. We will then work together to ensure the stability of your systems and that the issue does not return. We can then continue with testing as soon as the issue is resolved.

How can we tell the difference between your penetration testing and a real attack?

We provide all IP addresses from which we will be testing in the ‘Start of Testing’ notification email. If any traffic is identified outside of these IP addresses, this should be investigated in line with your incident management procedures and treated as a real attack.

Who do I speak to if I have any questions/issues?

You will be given a key contact at Informer who will be undertaking your testing. You can speak to them at any point about any aspect of testing. We will also set up a dedicated Slack response.

What are the hours of testing?

The first test starts at 10am with additional testing days between 9:00am – 5:00pm Monday to Friday. We will send you daily email notifications of the start and end of testing.

Do we have a de-briefing call?

Yes, we will have a call with you as soon as testing is complete to cover the main findings and recommendations.

How are we going to understand and fix the vulnerabilities that you report?

Our report will be clear and in non-technical terms. It’s part of our service to ensure you understand all parts of the process and findings.

Will you retest the vulnerabilities that we have fixed?

Yes. Re-testing is included as standard for any external Informer penetration testing service at no additional cost. We provide this to ensure you the assurance your remediation has been successfully implemented.

What qualifications and accreditations do your testers have?

Our testers have accreditations with the following certifications, which are kept up-to-date:

OSCP
CREST
CRT
eWPTX
CPSA
Security+
Network+