Frequently asked questions about working with NeedSec
Clear answers about penetration testing, scoping, reporting, retesting, Cyber Essentials certification, compliance testing, and how a NeedSec engagement works.
Simple engagement flow
Share scope and goals
Confirm testing approach
Receive report and guidance
Retest after remediation
Services & Scoping
What type of penetration testing does NeedSec provide?
NeedSec provides web application, API, infrastructure, cloud, mobile application, AI application, and compliance-focused security assessments.
What information do you need for a quote?
A useful starting point is the type of system, number of applications or APIs, user roles, environments, timeline, and whether the work supports compliance or client assurance.
Can you help if we are not sure what testing we need?
Yes. Share what you are building, launching, or preparing for and NeedSec can recommend the right assessment approach.
Reporting & Remediation
Do you provide a report after testing?
Yes. Reports include findings, affected locations, evidence, impact, severity, and remediation guidance written for both technical and business teams.
Will developers understand the findings?
Yes. Findings are written with reproduction steps, affected endpoints or locations, and practical fix guidance so developers can act quickly.
Can NeedSec retest fixed vulnerabilities?
Yes. Retesting can be performed after remediation to confirm whether issues have been properly fixed.
Cyber Essentials & Compliance
Can NeedSec award Cyber Essentials certification?
Yes. NeedSec is an IASME-licensed certification body and can assess and award Cyber Essentials and Cyber Essentials Plus certification directly.
Can testing support ISO 27001, SOC 2, PCI DSS, or NIST requirements?
Yes. NeedSec provides compliance-aware security testing with practical evidence and remediation guidance aligned to your security goals.
Do you provide evidence for clients or auditors?
Reports can support client assurance, supplier questionnaires, audit evidence, and internal security improvement plans.
Process & Timing
How do we start?
Send a quote request with your scope, target systems, timeline, and goals. NeedSec will help define the correct assessment approach.
How long does a security assessment take?
Timing depends on scope and complexity. A small web application may take a few days, while larger applications, APIs, infrastructure, or compliance scopes may take longer.
Can testing be done against staging?
Yes. Testing can often be performed against staging, pre-production, or production depending on the objective, risk tolerance, and rules of engagement.
Still not sure what you need?
Send NeedSec a short description of your systems, timeline, and goal. We will help shape the right assessment scope.