![Siemba-1 (3) (1).png]](https://www.siemba.io/hs-fs/hubfs/Siemba-1%20(3)%20(1).png?height=40&name=Siemba-1%20(3)%20(1).png){kind=small}
Lifecycle of a Pentest
The duration of a pentest has different steps or sections that need to happen to ensure you obtain the best results possible when it comes to testing your organization. These are:
Plan & Scope
The first part of the pentesting lifecycle is to create a plan where the asset(s) that need to be tested are identified, and the time frames for the testing process are selected.
In Siemba, setting the plan for the testing includes choosing what assets are going to be tested, and how they’re going to be tested (White box, Grey box, Black box). Take this moment to consider the number of assets that you want to test as it may affect the time it takes to complete the pentest.
In the scoping section, you are also able to choose the team that you are going to work with. In Siemba we let you add Pentest Manager, Pentest Overseers, and Points of Contact, they will have the responsibility of supervising everything that is happening on the pentest and are able to communicate with the Siemba team.
Testing & Remediation
With the preparation out of the way, it is time for the testing to begin. In this stage, the Siemba team will conduct thorough testing of the landscape using a mix of automated and manual techniques.
Throughout the testing process, all the vulnerabilities found and their associated information are constantly updated in the platform which will help in understanding the finding and help in its remediation.
During this step, the reports are constantly updated when a new vulnerability is discovered.
Retest
Once the fix for a vulnerability has been applied, it is retested to ensure that the fix is effective. In the Siemba platform, all that needs to be done is to change the status of the finding to “Ready for Retest” and our team will verify the fix.
Repeat
The pentest is tested at predetermined intervals on an ongoing basis, and the previously mentioned steps are applied at a later time as the customer specified when creating the pentest.
This is what distinguishes pentesting programs from other types of testing.