FAQs

Vulnerability Scanning is an activity where by using certain software products able to identify common and known vulnerabilities you get a quick status of your systems security posture. Vulnerability scanning is faster, cheaper but prone to false positives, usually missess important vulnerabilities. Penetration Testing activity has focus on real techniques, tactics and procedures used by threat actors. Pentesting combines automated tools with manual work and the results depend on tester's experince, allocated time, scope definition and potential constrains.

Scope definition is a first factor for success. Ensure that this is clearly defined, stated, and undestood by both parties. Allocated time for the project is also extremly important. The effort must be correctly sized to allow good results. Another very important aspect is represented by limitations and constrains. Imposing too many restrictions to the penetration testing team, will for sure impact the final results.

Every project must be correctly planned and all the availability risks, if any, must be assessed. We have a great experience in what we do, and we will able to identify all the availability threats. We have never lost a customer due to availability issues, and no servers were harmed in the process. We would like to highlight however that one of the main benefits of a Penetration Test is to prepare you for a real attack. If you have a bottleneck in your hardware resources, human resources, response time, etc. then now it's the best time to discover those issues. Don't be afraid to discover your weaknesses, even though these migh include availability. We will ensure proper resource monitorig for availability and proper communication during any engagement.

This depend on certain factors, like the size and complexity of the tested application or systems, scope definition and objectives. Usually this projects have an average of 5 - 15 days.

Sure we can! We can provide by demand criminal record indormation and background checking for entire staff. We take reputation very seriously and we do not hire people with criminal records or unethical behaviour.

This is the kind of service where it's very hard to have pricelist, as almost every assignement is unique - various complexity, various goals and objectives. We believe in a long-term business relationship, built on trust, quality and fair prices. You should always ask how much will the lack of security might cost you. It is always cheaper to fix a problem before it becomes a major problem. Finding vulnerabilities should be always cheaper than facing a breach, possible data loss, downtime, and even face legal consequences.

Yes, this is called a Follow-up testing and it is included in the price for every pentest. We know some vulnerabilities are much harder to fix in short time, as it might depend on third-parties, vendors, and so on - so we are giving a 6 months timeframe for the Follow-up testing but we are open for every customer's special needs regarding this aspect.

There are two reasons why technical information is required. First of all, we are doing an ethical activity and we must ensure that you are the owner of the tested systems and there is no room for suppositions regarding the targeted systems. In our current times, international law and regulations have changed dramatically when it comes to hacking and cyber crimes. Second, the required information must be part of the defined scope and statement of work, you would want to have it clear, and we would want to have it clear. A clear, written scope of the project, will ensure the project's success!

This is a topic to discuss from it's pro and cons on a project basis. Consider that usually a penetration testing is a time-based project where all the effort should be put to discover vulnerabilities as fast as possible to have a thorough coverage of the tested system in the allocated time. If your firewall blocks "bruteforce" attacks based on connections limit - this will make us spend triple the time on that login bruteforce, by increasing the delays in connection tries. That time could have been spent on finding other vulnerabilities too. But there are situations and types of pentests, where all defence layers must be evaluated. So, it's a matter of evaluation and we will be happy to discuss to find the best approach.

This depends on the project and constrains. Usually, most of the penetration testing projects are performed remotly, over the Internet. There are situations where a VPN access could save thousants of dollars for a long flight and accomodations from the project's budget. However, there are internal systems, mission critical applications that can not be exposed to a remote connection - or simply - you prefer to have the testers on-site and have a permanent touch-base. We perfectly understand and are ready to travel. At minimum, for a on-site assessment, you must provide ethernet connectivity for testers' laptops, a private seats room/office from where the work is done and some cups of coffee.