Information security
Detection. solutions. Education.
Would you like to travel with us?
Check our jobs!

Standards & Certifications

Pentest as a Service

What is Pentest as a Service (PTaaS)?

Penetration tests are now an integral part of IT security. Many companies and organizations carry out this once a year to get an up-to-date picture of their cyber resilience against current threats. For Corporations and companies that are active in software or product development, however, an annual review is not enough.

Our solution in these cases: the “Pentest as a Service” contract model. This enables penetration tests to be carried out at a time and individually tailored to the company, for example monthly or quarterly as required.

ProSec | Pen test as a service


This service model is aimed at you if your company meets one of the following points:

  1. Conducting regular penetration tests
  2. Legal requirement to carry out penetration tests
  3. Few resources (mostly employees) for processing the findings

A cyber attack can have consequences on your IT systems, but also on your financial stability and your corporate image & reputation.

Classic vs. Pentest as a Service

So what are the distinctions between the classic penetration test and the “Pentest as a Service” contract model?

The time and financial overhead for a proper (legally correct) execution of a regular penetration test requires approximately XNUMX/XNUMX to XNUMX/XNUMX of the project time for organization (project management) and documentation. We significantly reduce this time and financial overhead with the PaaS model by conducting test phases at regular intervals within an agreed-upon timeframe.

Through these regular assessments, you enhance your IT and create optimized time and priority management by assigning tasks for internal implementation. We would like to explain further differences to you in the following table:

Table fallback

Classic Pentest

Pentest as a Service

Test area


Dynamically expandable


total at the end

Any time denomination

status report




2-8 weeks

6-12 months

How does PENTEST AS A SERVICE work in practice?

ProSec icon

In the KRITIS area, PaaS is often a framework agreement that regulates when which systems should be tested on site.

Please contact us here, as there are no one-size-fits-all solutions.

We will work with you to develop a model that suits your protection needs. This advance advice is of course free of charge; anything else would simply be dubious.

For simple design in medium-sized companies OR in corporations

We will discuss your exact needs with you in a free appointment. At a kick-off appointment, we then define test periods (what should be tested, when, how in which cycles) and configure a remote gateway in your network.

For safety reasons, this should only be switched on when testing is to be carried out. Even if our "Penetrator Box" meets the highest standards (BSI basic protection, ISO27001), we know too well that there are always residual risks. If the data in your systems is too sensitive for this model, we also offer classic on-site models (penetration tester on site).

Either way – it is a quality service that must be individual. Therefore, we cannot provide any further insights from this point onwards, but we look forward to meeting you in person for more details.

IT-Security Consulting