Before a web application penetration test is scheduled to start, the company performing the test will contact the client with a list of considerations and configurations that are required before the test can begin. Sadly, the importance of these can be lost in amongst the frenzy of ensuring the system is ready on time, or perhaps because the items listed don’t seem necessary. My whitepaper aims to address the latter, providing an explanation of the why behind the prerequisites, together with some general pre-test points for consideration. It is aimed at anyone who is charged with preparing for a web application penetration test, from project managers to developers, and as such it is written for both technical and non-technical readers. The paper ends with a one-page quick reference guide to help with future tests, which is available as a standalone document here.