This guide from CREST gives practical advice on the purchase and management of penetration testing services.
Helping you to conduct effective, value-for-money penetration testing, this guide is designed to enable your organisation to plan for a penetration test, select an appropriate third party provider and manage all important related activities. It presents a useful overview of the key concepts you will need to understand to conduct a well-managed penetration test, explaining what a penetration test is (and is not), outlining its strengths and limitations, and describing why an organisation would typically choose to employ an external provider of penetration testing services.