Context

A security pentest (penetration test) is an important security assessment of your application. To ensure a smooth pentest process, certain preparations and access requirements need to be met.

Answer

Here are the key steps to prepare for your security pentest:

1. Sign Authorization Document
   You will receive a document via YouSign that needs to be signed to authorize access to your application. This should be reviewed and signed by appropriate stakeholders (e.g., CEO, CTO).

2. Prepare Test Environments
   You need to provide the following test accounts. Ensure you input the credentials in the app at https://app.bastion.tech/compliance/penetration-testing:

   • If you have admin role capabilities:

     • Organization A with Admin 1 access

     • Organization B with Admin 2 access

   • If you don't have admin roles:

     • Organization A with User 1 access

     • Organization B with User 2 access

     • Organization B with User 3 access

3. Application Access
   Provide standard user-level access credentials to your application for the pentester. They will use these to access your application like a normal client.

4. Timeline Coordination
   The pentest duration varies based on application complexity. Work with your vendor contact to schedule a suitable time window. Be prepared for potential follow-up questions or a brief call with the pentester to help them understand your application functionality.