There can be numerous reasons why to perform a penetration test. One of the reasons, of course, is that you have to, but that’s generally not a good reason.
We can point out put some of the reasons:
Maybe one of the most important reasons to get a proper penetration testing team and test done is to be sure, that all of your systems and application have been tested for vulnerabilities and you can focus on your business and your clients.
The shortest possible answer is that it depends. It depends on the size of the application, technology used, experience and skillset of the pentester. You should also take into account, that sometimes also quality of the application also counts.
On average one mid size application is tested in one week. We are following our own process of testing and assigning at least two skilled pentesters to perform testing. After testing presentation of results is mandatory and also verification that confirms, that all issues have been remediated properly.
The answer to this questions is the hardest one. It depends on different input parameters like:
Even if you think a penetration test is expensive, there is no other way to verify how secure your application really is. If real hackers manage to compromise your application it will cost you a lot more than penetration test itself.