Information Security
Detection. Solution. Education.
Would you like to travel with us?
Check our jobs!

Standards & Certifications

Pentest as a Service

What is Penetration Testing as a Service (PTaaS)?

Penetration tests have become an indispensable part of IT security. As a rule, they are carried out every year to protect against hackers and their consequences. However, for corporations and companies that are active in software or product development, a pentest that is performed once a year is not enough.

Our solution to this need is a penetration test as a contract model called "Pentest as a Service". The "Pentest as a Service" service offering enables penetration tests to be scheduled and individually tailored to the company, for example on a monthly or quarterly basis as required.

ProSec | Pentest as a service


This service model is for you if you meet any of the following:

  1. Regular execution of penetration tests
  2. Legal requirement to perform a penetration test
  3. Few resources (mostly employees) for processing the findings

A cyber attack can not only affect your IT systems, but also on your finances or your corporate image.

Classic vs. Pentest as a Service

So what are the concise differences between classic penetration testing and the "Pentest as a Service" contract model?

For each regular penetration test, you need about 1/4 - 1/3 of the project time for organization (project management) and the creation of documentation for a proper (legally correct) execution. We reduce this time and financial overhead considerably with the Pentest as a Service model, as we can perform a test phase recurrently in an agreed period of time.

Through these regular checks, you improve your IT and create optimized time and priority management through assigned work packages for internal implementation. We would like to explain further differences in the following table.

Table fallback

Classic Pentest

Pentest as a Service

Test Area


Dynamically expandable

Results (Finding)

Total at end

Any time denomination

Status Report

One time



2-8 weeks

6-12 months

How does PENTEST AS A SERVICE work in practice?

ProSec Icon

In Kritis environments, it is often a framework contract that regulates when which systems are to be tested on site.

Please talk to us here, as there are no blanket solutions.

We will work with you to develop a model that suits you, free of charge of course, anything else would simply be frivolous.

For simple design in medium-sized businesses OR in corporate groups

We agree on the exact requirements in a free appointment with you. In a kick-off meeting, we will then define test periods (what should be tested when and in which cycles) and configure a remote gateway in your network.

For security reasons, this should only ever be switched on when testing is required, even if the "Penetrator Box" - as we call it, meets the highest standards (BSI Grundschutz, ISO27001), we know too well that there are always residual risks. However, if the data is too sensitive, we also offer classic onsite model (penetration tester on-site).

Either way - it is a quality service that must be individual. Therefore, from this point on, we cannot give any further "insights", but at this point we are looking forward to getting to know you personally to give you insights into how the model can help you.

IT Security Consulting