We help you to implement the measures recommended by us
Our penetration tests not only contain a list of all vulnerabilities found, but also specific recommendations on how these vulnerabilities can be remedied. However, not every team has the necessary resources or experience to implement these recommendations. This is where we can help!
Here are some examples of such requests from customers and our services:
-
“We don’t have enough developers to take care of security as well”
- In the short term, we adapted the existing software of a company ourselves to ensure smooth operation.
- In the long term, we recommended additional developers and set up an internal process to ensure secure software development.
-
“We carried out the recommended updates, but now our application no longer works”
- Some necessary updates inevitably lead to extensive refactoring. As this was not possible for the customer, we suggested technical measures that could be implemented in the firewall without the need for refactoring.
-
“Our developers are unwilling or unable to prioritize security sufficiently in the long term”
- We taught the developers basic skills so that they were able to break into their own application or website. This highly motivated the employees to fix the vulnerabilities themselves.
-
“There are so many potential vulnerabilities, do we have to fix them all?”
- Due to very limited resources on the customer side, we reduced the possible measures to an essential minimum, which addressed the greatest risks in the industry. For the risks that could not be addressed in this way, we helped the client to set up an efficient risk management system.
-
“How much money should you invest in security?”
- This is actually the most frequently asked question. To answer this question, we work with the customer to create a risk analysis that compares the costs of the security measures with the risks and then - also in comparison with the competition - provides specific guidelines, e.g. “10% of the costs for software development” or “at least OWASP-ASVS L2” etc.
We help you to validate that these measures were successful
After the recommended measures of a pentest have been implemented, many companies are faced with the question of whether the implementation was really successful. We help you to answer this question on three different levels:
- The safest way is to repeat the entire pentest. In this case, we grant you a 20% discount, as we can dispense with some of the preliminary steps in this case.
- It is more efficient to validate only the previously detected vulnerabilities - for this we offer you a flat-rate service for 50% of the original pentest costs.
- Training your own employees so that they are able to retest the vulnerabilities themselves is effective in the long term. For this purpose, we adapt our training packages to the results of the pentest so that the training precisely meets your requirements.