Skip to main content
HASAFSECCYBER SOLUTIONS
HomeAboutServicesProducts
Get Started
HomeAboutServicesProducts
FAQ

Frequently Asked Questions

Answers to the questions we hear most often about our security assessments and how we work.

01

What is the difference between a vulnerability scan and a penetration test?

A vulnerability scan is automated and flags potential issues, often with false positives. A penetration test is manual-led: our security engineers safely exploit vulnerabilities to confirm real, business-impacting risk and remove noise. Every finding we report is validated, not just flagged by a tool.

02

Will security testing disrupt or take down our production systems?

No. We scope engagements carefully and use controlled, safe exploitation techniques to confirm impact without causing outages or data loss. Where production risk exists, we agree on testing windows, rate limits, and rules of engagement with you in advance, and can test against staging environments when preferred.

03

How long does a typical security assessment take?

Most web application and API penetration tests run between one and three weeks depending on scope, number of endpoints, and complexity. After an initial scoping call we give you a clear timeline and fixed schedule before any work begins.

04

What do we receive at the end of an engagement?

You receive a detailed report with both an executive summary and full technical findings, each risk-rated by business impact with clear, developer-ready remediation guidance and steps to reproduce. We also walk your team through the results so the fixes are well understood.

05

Do you require access to our source code or credentials?

It depends on the type of assessment. Black-box testing needs no access, while authenticated and grey-box testing benefits from test accounts, and secure code review requires source access. We recommend the right depth for your goals and only request the minimum access needed.

06

How do you protect the confidentiality of our data?

We treat all engagement data as strictly confidential, sign NDAs before work starts, handle findings and evidence securely, and limit access to the engagement team. Our external assessments are read-only by design and operate within agreed, authorised boundaries only.

07

How much does a penetration test cost?

Pricing depends on scope, asset count, and assessment type, so we quote per engagement rather than using fixed packages. Your initial consultation is free and comes with no commitment — we scope your needs first, then provide a transparent proposal.

08

Do you offer retesting after we fix the issues?

Yes. After you remediate, we verify the fixes to confirm each vulnerability is genuinely resolved and hasn't introduced new issues, so you have validated assurance for audits, customers, and stakeholders.

09

Which compliance frameworks can you support?

We support readiness for common frameworks including ISO 27001, PCI DSS, and NIST through gap analysis, control mapping, policy development, and audit-ready reporting. Our testing and documentation are designed to align with regulatory and compliance requirements.

10

Where is HasafSec based and which regions do you serve?

HasafSec Cyber Solutions is based in Nairobi, Kenya, and delivers cybersecurity services to organisations across Kenya and the wider African region, with remote engagements available.

Still have questions? We're happy to help.

Talk to Our Team
HasafSec
Cyber Solutions

Strengthening cyber resilience through professional security testing, advisory services, and clear remediation guidance.

info@hasafsec.com

Serving organisations across Kenya and Africa.

Services

  • Application & API Pentest
  • Network VAPT
  • Cloud Security
  • Secure Code Review
  • Compliance Support

Company

  • About Us
  • Products
  • Security Insights
  • FAQ
  • Contact

Policies

  • Privacy Policy
  • Terms of Service
  • Support

© 2026 HasafSec Cyber Solutions. All rights reserved.

Committed to security, transparency, and professional excellence