How To Take The Pain Out Of Pentesting
Blog Home
>

How To Take The Pain Out Of Pentesting

Pen-testing as an industry has only been around for about twenty years. It’s evolving fast and the relentless innovation can make it hard to keep up - nothing stands still for long. Yet one aspect of the business hasn’t changed a single bit in twenty years - an archaic process that's proved

Dave Hewson
Chief Executive Officer
February 27, 2018

Pen-testing as an industry has only been around for about twenty years. It’s evolving fast and the relentless innovation can make it hard to keep up - nothing stands still for long. Yet one aspect of the business hasn’t changed a single bit in twenty years - an archaic process that's proved stubbornly resistant to progress:

Booking a pen-test.

Take a look at typical booking process below. I wish I could say I was exaggerating here, but this is absolutely standard based on my experience as both a vendor and client. Just look at the effort the client must put in and how long they’re expected to wait:

Task 1: Shortlist vendors, draft and send 3 RFI’s = 3.5 hrs

  • Wait 2 days for response from 3 vendors

Task 2: Fill out 3 scoping questionnaires = 4 hrs

  • Wait 5 days chasing answers from other depts

Task 3: Read proposals and select a vendor = 2 hrs

+Wait 1 day for response from chosen vendor

Task 4: Co-ordinate diaries = 2.5 hrs

  • Wait 3 days for stars to align

Task 5: Fill out ‘Permission to test’ form = 2.5 hrs

  • Wait 5 days for legal to sign off

Task 6: Set up vendor on procurement system = 2.5 hr

  • Wait 3 days for both accounting teams to liaise

Task 7: Calling & emailing during test itself = 1.5 hrs

  • Wait 10 days for report to be written and sent

Task 8: Reading test report =.5 hrs

  • 1 day wondering why the hell that took so long?

Now, add weekends into that and a client is lucky if its delivered in a month. On top of which, they’ve had to put in nearly three days of effort themselves.

The model is broken, there's simple too much faffing and not enough testing. Ask any pen-tester and they’ll tell you they hate getting dragged into this process. Ultimately, that’s what pushed us at OnSecurity to do something about it; as pen-testers, we just got sick of the faff. The online platform we built eliminates the admin. By booking tests online and viewing results in realtime - bringing overall delivery time down from 40 days to 4.

There’s still much more we could do, (and more on that in my next blog) but in the meantime, get in touch below if you want to book pen-tests without the pain.

More recommended articles

Top SaaS Cybersecurity Threats 2023
Pentest Files: More EC2 Credential Retrieval through Server-Side Request Forgery
Understanding The Modern Cyber Criminal
Protect
Scan
Radar
Pricing
Penetration Test
Overview
External Infrastructure Testing
Physical Penetration Testing
Web Application
Internal Infrastructure Testing
Mobile Application
Phishing Simulation
Cloud Security Testing
Social Engineering
Resources
About
Blog
Contact

© 2023 ONSECURITY TECHNOLOGY LIMITED (company registered in England and Wales. Registered number: 14184026 Registered office: Floor T, Castlemead, Lower Castle Street, Bristol, England, BS1 3AG). All rights reserved.

Terms and Conditions
Privacy