FAQ
RCE Security is a Europe-based offensive security company. This FAQ is designed to answer the most common questions, so security teams can evaluate fit, process, and outcomes before starting an engagement.
What services does RCE Security offer?
RCE Security offers penetration testing (on-demand and continuous), manual source code reviews, bug bounty and vulnerability disclosure program support, and fixed-scope packages for small businesses.
What is a penetration test?
A penetration test, or pentest for short, is a controlled simulation of cyberattacks on your IT systems, and applications. As a professional pentest provider, RCE Security uses state-of-the-art pentest tools to identify potential vulnerabilities in your digital infrastructure and products. These tests are crucial for uncovering security gaps that an attacker could exploit and for taking appropriate countermeasures.
How often should a penetration test be performed?
Penetration tests should be performed at least once a year. In the case of major changes to your IT infrastructure, the introduction of new systems, or after a cyberattack, it may be advisable to conduct a penetration test more frequently. In the best case, penetration tests are conducted continuously.
What types of penetration tests does RCE Security offer?
RCE Security offers black-box, grey-box, and white-box penetration tests. Depending on the chosen method, the level of information available and the depth of the investigation vary to cover different security aspects.
What can you test during a penetration test?
Typical scopes include web applications, APIs, mobile apps (iOS and Android), desktop apps (Windows, macOS, Linux) and external network infrastructure.
Where do you store engagement data?
RCE Security is Europe-based and exclusively uses European datacenters to process engagement-related data and meet GDPR compliance.
What is the difference between on-demand and continuous penetration testing?
On-demand testing is a time-boxed engagement for a defined target set. Continuous testing provides ongoing coverage, repeated validation, and retesting as your attack surface changes.
How fast can a project start?
After scoping and paperwork are complete, projects can usually be scheduled quickly. We typically respond to new inquiries within one business day, and can get your project started within a week.
What do we receive at the end of an engagement?
You receive risk-ranked findings with proof of concept exploits, business impact context, and practical remediation guidance. Optional retesting can validate fixes.
Do you provide live visibility while testing is running?
Yes. Findings are shared continuously during the engagement, and issue tracker integration can be used so teams can start remediation before the final report.
Can you support compliance goals like ISO 27001, SOC 2, or PCI DSS?
Yes. Testing and reporting can be mapped to common compliance-driven requirements, and scope can be aligned with audit timelines.
Do you sign NDAs and handle sensitive data securely?
Yes. NDA support is available on request, and project data handling is designed for high-sensitivity environments.
How do you ensure traceability during testing?
We perform all tests using pre-defined static IP addresses. This makes it easier for your team to distinguish authorized testing traffic from real attacks.
Can you help us launch or improve a bug bounty or VDP?
Yes. RCE Security supports program design, scope and policy definition, triage workflows, and communication processes for researcher-submitted reports.
Are your services suitable for small companies with limited budget?
Yes. Our small business packages are designed for companies of up to 5 employees and should feel like in-house security support. We have you covered end-to-end.
How do we get started?
Use the contact page and share your targets, timeline, compliance requirements, and preferred timezone. RCE Security will propose the best engagement model for your goals.