// FREQUENTLY ASKED

Frequently asked.

We have compiled the 15 most frequent questions we receive. If your answer is not here, reach out via the contact form — we respond within 4 hours.

How long does a penetration test take?

Depending on scope, between 1 and 6 weeks. A typical web penetration test takes 2 weeks, a network penetration test 1 week, and an enterprise-scale infrastructure audit 4-6 weeks. We clarify the timeline in a scoping call.

Are your services GDPR (KVKK) compliant?

Yes. All our services are bound by our privacy notice. Retention, sharing, and destruction rules for data accessed during testing are defined contractually. Penetration test reports are delivered encrypted.

Which sectors do you serve?

We have active projects in finance, healthcare, energy, public sector, defense industry, e-commerce and telecommunications. For critical-infrastructure focused engagements we use a dedicated certified team.

Is post-test retesting free?

It is part of our standard contract. The first retest service after identified findings are remediated is included. This is a policy we apply per the TS 13638 standard.

Do you guarantee 6 months for our AI project?

We work with a 6-month PoC-to-production calendar: week 2 readiness, week 8 PoC, week 16 integration, week 24 production. We have a milestone-based delivery model defined contractually.

How does your Common Criteria certification process work?

We prepare Security Target (ST) and Protection Profile (PP) documents for the customer’s product. In coordination with an independent evaluation lab (CC ITSEF), we manage the EAL1-EAL5 certification process.

What is Kritera Academy?

An open training platform at moodle.kritera.com with 13+ courses. It covers cybersecurity awareness, OWASP, NIST CSF, MITRE ATT&CK, Metasploit, GDPR (KVKK). We design modular custom programs for enterprise clients.

Do you work remotely or on-site?

Both are possible. Penetration tests are typically performed remotely. For security architecture consulting and training we prefer a hybrid (on-site + remote) model. For critical infrastructure projects we work at the customer’s office.

What certifications does your team hold?

Our team holds certifications including OSCP, OSWE, CISSP, CISM, CEH, GPEN, CSSLP, GICSP, ISO 27001 Lead Auditor. For TS 13638-compliant services we share our certification credentials with the client.

How is your pricing structured?

We work in scope-based fixed price or time & materials (T&M) models. After a free 30-minute initial call we provide a tailored proposal for your need. Typical pricing range for penetration tests is USD 1,000-5,000.

Do you respond to acute security incidents?

Incident response is not in our standard service list, but for our existing clients we have a 24-hour response window. For emergencies you can reach us through the contact form.

Do you have references for AI projects?

We publish 5 anonymized cases on our Case Studies page. With customer approval we can connect you with our teams for reference conversations.

Do you serve internationally?

We are Turkey-based but actively serve projects in the European Union, MENA, and regions with a strong Turkish diaspora. We have parallel GDPR + KVKK compliance capability.

How quickly do you respond to contact form submissions?

Within business hours (Monday-Friday 09:00-18:00 local) we provide a first response within a maximum of 4 hours. Weekend inquiries are answered Monday morning.

I am developing a certified product, which level is required?

EAL2-EAL3 is sufficient for most commercial products. EAL4+ is preferred for high-security military/public/finance domains. In a half-hour initial call we clarify the most appropriate level for you.