Contact us for your penetration testing needs 1-866-PLYNT-24    |   Contact Us   Plynt UK Website  
Click to get Security Testing Quote
I suspect our tester just ran a scan instead of doing a proper application pen test. How can I find out?

The simplest is to ask him for sample test cases he used in the pen test.

If you can't do that, check your web server logs for heavy activity from a single IP address - that's probably the scanner. Assuming the pen tester would have come from a near-by block, filter your logs for that /16 block. You will most likely be able to zoom in on what the pen tester did. If you have an IDS, locating the pen tester's IP is easier - the IDS would have triggered alerts during the scan.

If your app maintains detailed logs, then check the audit trail for the user logins you gave the pen tester before the test.

Again, the simplest is to ask the tester for sample test cases if you aren't satisfied with the results.


Request a proposal

Our quote contains the best price, the time estimate, and our methodology; and we'll mail you the quote in 24 hrs.


                                                
 
Movable Type Appliance - Powered by TurnKey Linux