Our ongoing Penetration Testing as a Service product reduces response time and cyber exposure compared to one-time projects.
We evaluate and secure web, mobile apps, and APIs, identifying vulnerabilities, assessing risks, fixing issues, and preventing future threats.
During the full-scale attack simulation, we aim to evaluate the existing mitigation on all steps of the kill-chain and enhance the capabilities of SOC
We adopt DevSecOps to seamlessly integrate SAST/DAST/SCA into the CI/CD pipeline, providing comprehensive support throughout the entire process.
For the compliance with PCI DSS, FCA, Google Pay, and others, we test security and fraud resistance for banking systems, payment gateways, and APIs.
We perform penetration testing of corporate infrastructure, including internal or Wi-Fi networks, k8s infrastructure, remote access and AD infrastructures.
Dates:
— Start date
— Deadline
Targets:
— IP addresses
— API endpoints
— Subnetworks
— Mobile applications
— Other assets
Identify the scope of engagement: the assets that you need to test. Those can be downloadable applications, source code repositories, network hosts, websites, API hosts, internal networks, Wi-Fi access points, emails or SaaS accounts, etc.
It is important to carefully define the scope to include everything that's important to the company.
Proposal parameters:
— Description of work
— Scope of work
— Price
— Duration
— Other terms
The proposal document will include a detailed technical and business methodology customized based on your requests as well as the information about our team and prior projects. Typically, we issue a proposal valid for 30 days and it includes 1 non-chargeable re-testing and full support for 12 months.
If you accept the proposal, we sign the contract with one of our legal entities.
Security testing stages:
— Reconnaissance
— Vulnerability identification
— Exploitation
— Reporting
During our engagements, we follow battle-tested methodologies such as OWASP Testing Guide, OWASP Mobile Testing Guide, OSSTMM, CBEST, TIBER, and others. The reports contain a detailed information about each finding as well as the mitigation recommendations, and an executive summary.
Post-project activities:
— Remediation strategy
— Consulting
— Re-testing
Within 12 months after any engagement, we guarantee the full support including the clarifications about the identified issues and proposed remediation strategy. Besides the consulting, we also perform a single re-testing of all the issues and update the final report accordingly.
You answer a few questions to give us an understanding of the goals, targets, limitations, and legal requirements of the testing
We carefully research the business requirements and the technological stack and estimate the workload and the costs of engagement
We follow the leading industry security testing standards to deliver the high quality report within the agreed timeline
For each iteration, we do free re-tests of the previously identified vulnerabilities and provide consultations
Oops! Something went wrong while submitting the form