Do you support compliance requirements?

Our testing aligns with PCI-DSS, SOC 2, HIPAA, ISO 27001, and other frameworks.

How do we prepare for a penetration test?

Define scope, provide credentials for authenticated testing, notify monitoring team, and designate a point of contact.

▸ Questions

Frequently Asked Questions

Q: What do we receive at the end of an engagement?

Executive summary, detailed technical findings with CVSS ratings, proof-of-concept demonstrations, remediation guidance, and a prioritized action plan.

Q: Will testing disrupt our production systems?

We take every precaution to minimize disruption and coordinate closely on high-risk tests.

Q: How is this different from an automated vulnerability scan?

Manual testing finds business logic flaws, chained vulnerabilities, and complex attack paths that scanners miss.

Q: Do you offer retesting after remediation?

Yes, one round of retesting within 30 days at no additional cost.

Q: What is your pricing model?

Fixed-price quotes based on scope and complexity, provided after a scoping call.

Q: Do you retain our data after the engagement?

No. All client data and test artifacts are securely deleted upon completion.

Everything you need to know about working with ZynoSec.

How long does a penetration test take?

Typical engagements range from 1-3 weeks of active testing depending on scope and complexity. A web application pentest usually takes 1-2 weeks, while a full red team engagement can run 3-4 weeks. We provide a detailed timeline during the scoping call.

What do we receive at the end of an engagement?

You receive an executive summary for leadership, detailed technical findings with risk ratings (CVSS), proof-of-concept demonstrations, step-by-step remediation guidance, and a prioritized action plan. We also offer a debrief call to walk your engineering team through the findings.

Do you sign an NDA before starting?

Yes. Every engagement begins with a mutual NDA and a detailed Statement of Work (SOW) that defines scope, timeline, rules of engagement, and communication protocols.

Will testing disrupt our production systems?

We take every precaution to minimize disruption. Our methodology prioritizes safe testing techniques, and we coordinate closely with your team on high-risk tests.

How is this different from an automated vulnerability scan?

Automated scanners find known CVEs. Our manual testing finds what scanners miss: business logic flaws, chained vulnerabilities, authentication bypasses, and complex attack paths.

Do you offer retesting after remediation?

Yes. We include one round of retesting within 30 days of report delivery at no additional cost.

What is your pricing model?

Pricing is based on scope, complexity, and duration. We provide a fixed-price quote after a scoping call so there are no surprises.

Do you retain our data after the engagement?

No. All client data, credentials, and test artifacts are securely deleted upon engagement completion unless otherwise agreed in the SOW.

Ready to Test Your Defenses?

Get a Security Assessment

Let us find the vulnerabilities before someone else does.

Get Started info@zynosec.com