Contact us for your penetration testing needs 1-866-PLYNT-24    |   Contact Us   Plynt UK Website  
Click to get Security Testing Quote

FAQ about Plynt

  1. How soon can I get a proposal?
  2. How soon can I schedule a penetration test?
  3. How much time does it take to do a Plynt penetration test?
  4. What if I want all disruptive tests to be done in off-peak hours?
  5. What will I get after the penetration test?
  6. Will the final report contain solutions I can give my team?
  7. What support can I expect if I need help in fixing the holes?
  8. Do I need to open up all ports on the firewall for Plynt?
  9. Can you test my site periodically, say every quarter?
  10. How's a Plynt penetration test better than Tools?
  11. What kind of information do you need to start the test?
  12. What applications have Plynt tested? Have you tested one similar to ours?
How soon can I get a proposal?

Usually within one working day. When you request a quote, we'll call you to get a few basic details. What does your app do? Who are the users? Roughly how many pages does the app have? How many IPs do you want to test? The information you give us will help us estimate the cost so that we can tailor a proposal that best meets your needs.

How soon can I schedule a penetration test?

Usually in less than a week. But if you're working against a deadline and need to schedule on shorter notice, we'll do our best to get it done even sooner.

How much time does it take to do a Plynt penetration test?

A Plynt penetration test takes between 3-10 days - it depends on the size of your application/network. But we’ll let you know in advance how much time we think the work will take.

What if I want all disruptive tests to be done in off-peak hours?

No problem. Please tell us your preferred windows for disruptive tests and we'll perform them then.

What will I get after the penetration test?

At the end of the Plynt penetration test, you get:
1. A detailed report
2. The Plynt Certificate

In the report we’ll describe the holes we’ve found and describe in detail how they can be exploited and how to fix them. We’ll walk you through the exploit with screenshots so you can understand exactly how a potential attack can disrupt your site. The report explains how you can safeguard against attacks and go to sleep at night knowing that your site is secure.

Once we’re assured that your application complies with the Plynt Certification Criteria you’ll receive the Plynt Certificate. The Plynt Certificate provides a guarantee to both you and your users that your website is secure.

Will the final report contain solutions I can give my team?

Yes. The final report will describe how to fix all the security holes we’ve discovered. If you need to make any changes in logic or if additional settings are required our report will tell you. With our report in hand your developer can implement any changes in code and your administrator can change any settings. Our report will guide you step-by-step, using screenshots to show how we exploited the hole. That way your developers can test the fixes themselves before we do our second test to make certain that the site is secure and all problems have been resolved.

What support can I expect if I need help in fixing the holes?

You can expect all the support you need and deserve. Our reports are detailed and enable you to quickly implement the solutions on your own. However, if you have any questions don’t hesitate to get in touch with our engineers. Every test that we do comes with unlimited email support for a year.

Do I need to open up all ports on the firewall for Plynt?

No. All we need are access to the ports that relate to your application. If, for example, your web application runs on ports 80 and 443 then those are the only ports we’ll need access to.

Can you test my site periodically, say every quarter?

Sure. When you make changes to your site, you want to be sure you have done it safely. We want to make certain that your site is safe year round. If your site is undergoing rapid changes then you’ll want to have the testing done more frequently. It’s up to you to choose -- monthly, quarterly, or semi-annually. Many of our customers choose the quarterly testing option. We also offer periodic test subscriptions at discounted prices, which have the added benefit of offering even higher access to Plynt support. If you expect to add features to your site, please ask your Plynt representative about the Periodic Testing option.

How's a Plynt penetration test better than Tools?

Plynt offers the gold standard of security testing - formally known as Manual Application Penetration Testing. Our experienced testers can probe deeply and uncover holes that no tool can find. (Learn more...) Our tests combine the speed of automation with the accuracy and depth that can only be provided by an intelligent, experienced tester. That means that our results are far more impressive than any that software can achieve.

What kind of information do you need to start the test?

Here’s a pre-test checklist that we’ll need before we can start your test.

Please mail us:
   1. The URL of the application
   2. Two login id/passwords for each privilege level
   3. The timings of any planned downtime
   4. A phone number you can be reached at reliably
   5. Administrators guide/User manual/Help, if available
   6. Any special instructions we need to be aware of

Please verify:
   7. The application is ready to be tested
   8. No changes are planned during the test
   9. The login ids are fully activated

Please note: we need two logins per privilege level. Privilege levels might include Teller, Supervisor, Manager and Administrator. We’ll also need two logins for each category. We’ll use this information to test whether an unauthorized user can bypass restrictions or gain access to an unauthorized account or the account of a higher privileged user.

As we run our tests we’re able to pick out holes that would allow an adversary to gain access to an authorized user’s account or expand his own privileges. Read more on why we need two logins per privilege level.

We request that you make no changes to the app while we’re testing. Constructing test cases can be complex, and a moving target makes it even more difficult. The quality of a test suffers when parts of the app we’ve already tested undergo changes beneath the surface. If you really must make any changes, please let us know so that we can make the necessary adjustments.

What applications have Plynt tested? Have you tested one similar to ours?

We have tested over 500 applications of different kinds so it’s very likely that we have tested one like yours. Please browse through our list of applications we’ve tested to find out.


Request a proposal

Our quote contains the best price, the time estimate, and our methodology; and we'll mail you the quote in 24 hrs.