How much time does an application penetration test take?
The time taken for an app pen test varies depending on the size of the application and the skill of the testers. For the same app, we have seen some firms quote a week, whereas others have quoted 2 - 3 weeks.
For a given team, the longer they get to test an app, the more thorough the test is likely to be. But while comparing two different vendors, the quality of test is not always proportional to the time invested. Teams with greater experience are likely to have streamlined their testing methodologies – they should be able to do good tests faster.
If a pen tester quotes just 2-3 days, be suspicious. It’s not unheard of for a pen tester to run his favorite scanning tool and generate a report. When evaluating a vendor, grill them on their methodology. If you hear too much about tools, and too little about thinking, then you know what to expect.