We help you implement the measures we recommend
Our penetration tests do more than just list all discovered vulnerabilities; they also provide specific recommendations on how to address them. However, not every team has the necessary resources or experience to carry out these fixes. That’s where we come in!
Below are some examples of common requests from our customers, along with the services we offer:
-
“We don’t have enough developers to handle security as well.”
- Short term: We updated the company’s existing software ourselves to ensure smooth operation.
- Long term: We recommended hiring additional developers and helped establish an internal process to ensure secure software development.
-
“We carried out the recommended updates, but now our application no longer works.”
- Some necessary updates inevitably require extensive refactoring. Because the customer couldn’t handle this refactoring, we recommended technical measures that could be implemented at the firewall level, eliminating the need for code changes.
-
“Our developers are unwilling or unable to prioritize security in the long term.”
- We taught the developers basic skills that enabled them to hack into their own applications or websites. Seeing how vulnerabilities could be exploited firsthand motivated them to fix these issues themselves.
-
“There are so many potential vulnerabilities. Do we really have to fix them all?”
- With very limited resources on the customer’s side, we narrowed the possible measures down to an essential minimum, focusing on the highest risks in the industry. For any remaining risks, we helped the customer set up an efficient risk management system.
-
“How much money should you invest in security?”
- This is one of our most frequently asked questions. To answer it, we work with you to create a risk analysis that compares the cost of each security measure with the associated risks. By also considering your competitors’ approaches, we can provide specific guidelines, such as “10% of software development costs should be spent on security” or “at least comply ot OWASP-ASVS L2.”
We help you verify that these measures were successful
After you’ve implemented the recommended measures from a penetration test, you might wonder whether those measures truly resolved the vulnerabilities. We help you answer this question on three levels:
- Repeat the entire pentest: This is the most reliable option. We offer a 20% discount for a full retest, as we can skip some of the preliminary steps.
- Validate only the previously detected vulnerabilities: This is a more efficient option, and we charge a flat rate of 50% of the original pentest cost.
- Train your own employees: Equipping your team to re-test vulnerabilities themselves is a long-term solution. We tailor our training packages to the pentest results, ensuring the training precisely meets your requirements.