Pen Testing as a Service (PTaaS)

What is it?

Continuous development workflows such as CI/CD do not lend themselves well to ‘point in time’ pen testing. A pen test is a deep and thorough manual test of a system. IF that system or app is continually changing, it is hard to justify the cost of repeated manual testing.

PTaaS augments a point in time manual test by allowing you to call off short periods of testing time to focus on the changes made.

Even if you don’t follow a CICD process, PTaaS can be useful to validate the security of changes made to components of apps, without needing to commission a full test of the environment.

What do I get?

This a subscription based, tiered service for web app, mobile app, API, and external infrastructure testing.

We can be flexible depending on your requirement and contract size. If you want a bespoke model, we can work to that.

How do I use it?

Simply enter a description of the change in to our PTaaS platform, it will be scoped within minutes, then we can start immediately. You’ll receive the results in real time, with a concise report delivered at the end of the test window.

How do I get started?

You’ll need to purchase a block of time that you can call down on as you request tests. This ensures that we can start immediately, to meet your requirement.

To ensure we don’t break the law, we will need authorisation from you at the start of the PTaaS contract. This is only needed once at the start of the contract.

Then simply enter the details of the system that needs tested in to our portal, any credentials or access details we will need and a description of the change.

Tell us about any particular concerns you have too.

What are the limitations?

PTaaS is best suited to testing changes, for example a new function in a web app or a change to your infrastructure.

We will only test the changes that you’ve asked us to. It’s a really good idea to test a system with a full manual penetration first. Set a baseline, then use PTaaS to test your changes to that environment

It is best suited to smaller blocks of time during which changes can be tested. It is billed in half day blocks, so is suitable for tests that might take from a half a day to two days.

What happens if a test needs more time?

This will be picked up during the quick scoping process. If we feel that the task is likely to take 3 or more days, we advise that a regular pen test scoping and testing process should be followed.

What can be tested using PTaaS?

• External infrastructure
• Web applications
• Mobile applications
• APIs

Other types of system have more custom requirements, so should be tested using a conventional pen test process.