|
|
|||||||
Usually within one working day. When you request a quote, we'll call you to get a few basic details. What does your app do? Who are the users? Roughly how many pages does the app have? How many IPs do you want to test? The information you give us will help us estimate the cost so that we can tailor a proposal that best meets your needs.
[ Permalink to above answer | Top ]
Usually in less than a week. But if you're working against a deadline and need to schedule on shorter notice, we'll do our best to get it done even sooner.
[ Permalink to above answer | Top ]
A Plynt penetration test takes between 3-10 days - it depends on the size of your application/network. But we’ll let you know in advance how much time we think the work will take.
[ Permalink to above answer | Top ]
No problem. Please tell us your preferred windows for disruptive tests and we'll perform them then.
[ Permalink to above answer | Top ]
At the end of the Plynt penetration test, you get:
1. A detailed report
2. The Plynt Certificate
In the report we’ll describe the holes we’ve found and describe in detail how they can be exploited and how to fix them. We’ll walk you through the exploit with screenshots so you can understand exactly how a potential attack can disrupt your site. The report explains how you can safeguard against attacks and go to sleep at night knowing that your site is secure.
Once we’re assured that your application complies with the Plynt Certification Criteria you’ll receive the Plynt Certificate. The Plynt Certificate provides a guarantee to both you and your users that your website is secure.
[ Permalink to above answer | Top ]
Yes. The final report will describe how to fix all the security holes we’ve discovered. If you need to make any changes in logic or if additional settings are required our report will tell you. With our report in hand your developer can implement any changes in code and your administrator can change any settings. Our report will guide you step-by-step, using screenshots to show how we exploited the hole. That way your developers can test the fixes themselves before we do our second test to make certain that the site is secure and all problems have been resolved.
[ Permalink to above answer | Top ]
You can expect all the support you need and deserve. Our reports are detailed and enable you to quickly implement the solutions on your own. However, if you have any questions don’t hesitate to get in touch with our engineers. Every test that we do comes with unlimited email support for a year.
[ Permalink to above answer | Top ]
No. All we need are access to the ports that relate to your application. If, for example, your web application runs on ports 80 and 443 then those are the only ports we’ll need access to.
[ Permalink to above answer | Top ]
Sure. When you make changes to your site, you want to be sure you have done it safely. We want to make certain that your site is safe year round. If your site is undergoing rapid changes then you’ll want to have the testing done more frequently. It’s up to you to choose -- monthly, quarterly, or semi-annually. Many of our customers choose the quarterly testing option. We also offer periodic test subscriptions at discounted prices, which have the added benefit of offering even higher access to Plynt support. If you expect to add features to your site, please ask your Plynt representative about the Periodic Testing option.
[ Permalink to above answer | Top ]
Plynt offers the gold standard of security testing - formally known as Manual Application Penetration Testing. Our experienced testers can probe deeply and uncover holes that no tool can find. (Learn more...) Our tests combine the speed of automation with the accuracy and depth that can only be provided by an intelligent, experienced tester. That means that our results are far more impressive than any that software can achieve.
[ Permalink to above answer | Top ]
Here’s a pre-test checklist that we’ll need before we can start your test.
Please mail us:
1. The URL of the application
2. Two login id/passwords for each privilege level
3. The timings of any planned downtime
4. A phone number you can be reached at reliably
5. Administrators guide/User manual/Help, if available
6. Any special instructions we need to be aware of
Please verify:
7. The application is ready to be tested
8. No changes are planned during the test
9. The login ids are fully activated
Please note: we need two logins per privilege level. Privilege levels might include Teller, Supervisor, Manager and Administrator. We’ll also need two logins for each category. We’ll use this information to test whether an unauthorized user can bypass restrictions or gain access to an unauthorized account or the account of a higher privileged user.
As we run our tests we’re able to pick out holes that would allow an adversary to gain access to an authorized user’s account or expand his own privileges. Read more on why we need two logins per privilege level.
We request that you make no changes to the app while we’re testing. Constructing test cases can be complex, and a moving target makes it even more difficult. The quality of a test suffers when parts of the app we’ve already tested undergo changes beneath the surface. If you really must make any changes, please let us know so that we can make the necessary adjustments.
[ Permalink to above answer | Top ]
We have tested over 500 applications of different kinds so it’s very likely that we have tested one like yours. Please browse through our list of applications we’ve tested to find out.
[ Permalink to above answer | Top ]
1-866-PLYNT-24 | 
