We have a Web App on Server Running in a Data Centre
How does one go about selecting a penetration tester to test site
What certifications/experience should one look for ?
How do you ensure you actually get a pen test and not just a vulnerability scan ?
What reports should one expect to get ?
i know that i'm probably asking how long is a piece of string but what would you expect to pay for such a service ?
any other advice on selecting pen tester would be appreciated