NFIR Pentesten is a professional penetration testing service offered by NFIR, a Dutch cybersecurity firm holding the CCV quality mark for penetration testing. The service is performed by certified ethical hackers with credentials including OSCP, OSWP, OSWE, OSEP, CPTS, CBBH, and eWPT. The service covers multiple environments: - IT Infrastructure - Web Applications - APIs - Mobile Applications - Operational Technology (OT) Three attack scenario types are supported: - Black Box: Minimal prior information; testers operate as outsiders using techniques such as OSINT - Grey Box: Limited information shared; testers use a user account to investigate the environment - White Box (Crystal Box): Full information provided, including source code, log files, and server access The engagement follows a structured five-step process: intake (scope definition and attack scenario planning), proposal and scheduling, execution (with real-time critical vulnerability reporting), results (documented in a detailed report), and perfection (optional retest after remediation). Findings are delivered in a comprehensive pentest report that documents vulnerabilities, applied standards, executed tests, tooling used, and recommended remediation measures. A supplementary debrief session is included to walk through the findings. The service supports compliance with regulations and standards such as AVG (GDPR), BIO, ENSIA, and ISO frameworks.