The traditional pentest is dead
Clients are sick of the old-school model of being charged an extra day for a pen-tester to create a drawn-out PDF. They are sick of the waiting too - a week or two weeks is simply too long for agile teams to wait to find out about issues.
The format is broken
Old school pdf Pentest reports have either far too much or too far little detail, depending on who is reading them a CEO or a CIO.
However, with OnSecurity all findings are reported securely online so it’s much easier for users to filter the information and decide for themselves the level of detail they need to see.
Management can see top-line actions, while developers and security teams can drill down into the technical detail.
Real Security requires Real-time reporting.
Waiting 3 weeks for a test to start and 2 weeks after the test has finished to receive the results isn’t good enough anymore. The fact is, most vulnerabilities found during a pen-test can be shared within hours, not weeks.
Our testers report their findings in real time when the information is fresh, evidence is available and the tester motivated.
Online reporting changes the dynamic
Developers can now speak to testers directly via Slack clarifying issues and remediation advice. This allows them to fix issues as we find them and have them retested for free within the testing window.
About Conor O’Neill
Conor is our Co-Founder and Head of Product Strategy at OnSecurity.
Conor has over a decade of IT security experience, and has held a number of impressive letters after his surname, including M.Sc, CRT, GCIH and CISSP.
Feel free to connect with him on LinkedIn or get in touch with us at OnSecurity to discuss how we can help your business get more insight from your security reporting.