FAQ

Answers to common questions about ScriptJacker penetration testing.

Do you only run automated scanners?

No. Scanners may support the work, but the main value is careful testing and impact validation.

Do you provide retesting?

Yes. Retesting can be included so your team can confirm that fixes are working.

Can you test remotely?

Yes. ScriptJacker works remotely with teams across time zones.

Can you follow a client report format?

Yes. Reports can be adapted to your required format when needed.

How long does a typical assessment take?

Most assessments take between one and six weeks depending on the scope, number of roles and complexity of the application.

Do you sign NDAs before testing?

Yes. We sign mutual NDAs and provide scope agreements before any work begins. Confidentiality is standard practice.

What kind of report will I receive?

You receive a detailed report with each finding explained clearly including affected area, steps to reproduce, business impact, severity rating and recommended fix. Screenshots and proof are included.

Do you test production environments?

We can test both staging and production environments. For production testing, we follow strict rules to avoid service disruption and coordinate timing with your team.

How do you handle critical findings during testing?

Critical issues are reported immediately through your preferred communication channel so your team can take action without waiting for the final report.

Can I request a sample report before engaging?

Yes. We can share a sanitized sample report so you can evaluate the format and depth before committing to an engagement.

More clarity before you decide

Everything a serious customer should know.

Before you spend on security testing, you should understand the work, the proof, the timeline and what your team will receive.

What happens after you contact us

We review your scope, ask only needed questions and suggest the safest way to test. You get clear next steps before any work starts.

Why early booking matters

Careful testing needs focus. When a launch, audit or client review is close, late testing can create stress. Booking early gives your team time to fix issues properly.

What makes the report useful

Each finding includes affected area, simple reproduction steps, impact, severity and fix guidance. Your developers should not need to guess what to do next.

Plan ahead

Security work should not be rushed at the end.

Many teams look for a pentest only when a client asks for proof, an investor asks about security, or a launch date is near. The better move is to test before that pressure begins.

Best time to testBefore release

Second best timeBefore client review

Worst timeAfter breach or escalation

Book Scope Call

Start with a simple scope call

Book a scope call before the next release or client review.

Share your website, app or API scope. We will tell you what should be tested first, what risk areas matter most and what engagement model fits your timeline.

No pressure callClear scope guidanceFocused project slots

Book Scope Call Request Quote