Pentesting as a Service (PTaaS)
Agile projects or systems with an elevated risk often require more than a single penetration test. We offer Pentesting as a Service as an effective measure to continuously assess the security posture of your target systems.
More than a snapshot
The security of applications and infrastructural components is not a one time goal, but rather a continuous process. This is why penetration tests should be employed in a continuous context. Especially agile projects and systems with a high innovational degree can develop vulnerabilities with every new function and release.
In the pentest programme all tests are prepared thoroughly. Focus points can be set by you.
We conduct pentests as agreed time- or action-based. They follow our established quality standards.
Generally a retest of all findings is conducted automatically with every cycle. We thus document the implementation of measures and their effectivity continuously.
All results are reported in a coordinated format. Generally, a reported is omitted after the intial pentest has been conducted and new results are presented as a list.
Pentesting as a Process
Regular and highly flexible
With a pentest programme or pentesting as a service you do not need to go without flexibility. The advantage lies in the integration of pentests into the process. A pentest can be initiated regularly or action-based e.g., with a new release.
One of the most important factors with regular testing is a constant testing intensity. This is why we conduct every penetration test manually. Automated tooling is only used as an aid. Additionally we rotate the employees used in pentest programmes to guarantee an objective assessment from multiple viewpoints.
Frequent Questions regarding Pentesting as a Service
Pentesting as a Service or the classical Pentest Programme make sense for companies that have an elevated risk profile and use agile infrastructure or applications. If you expect regular attacks to your systems, a regular security assessment is also recommended.
The configuration of a Pentest Programme is very flexible. It can contain clearly defined pentests or serve as a test contingent. If you know that you need a certain amount of penetration tests per year, a Pentest Programme is reasonable.
On the contrary. The costs per pentest are notably lower than ordering every pentest individually. This comes down to the fact that overhead is reduced e.g., contractual agreements only need to be signed once. Furthermore expenses for coordination and reporting can be reduced.
In a complex infrastructure a Pentest Programme can of course be applied to multiple systems. Oftentimes internal policies mandate that all components of an application need to be tested once a year. Together we then compile a yearly schedule and vary the scope of our assessments to cover all components.
Furthermore, new vulnerabilities might arise in constant systems from system updates. At the same time, new vulnerabilities are discovered every day and with every penetration test more vulnerabilities are evaluated.