Clients are sick of the old-school model of being charged an extra day for a pen-tester to create a drawn-out PDF. They are sick of the waiting too - a week or two weeks is simply too long for agile teams to wait to find out about issues.
Old school pdf Pentest reports have either far too much or too far little detail, depending on who is reading them a CEO or a CIO.
However, with OnSecurity all findings are reported securely online so it's much easier for users to filter the information and decide for themselves the level of detail they need to see.
Management can see top-line actions, while developers and security teams can drill down into the technical detail.
Waiting 3 weeks for a test to start and 2 weeks after the test has finished to receive the results isn't good enough anymore. The fact is, most vulnerabilities found during a pen-test can be shared within hours, not weeks.
Our testers report their findings in real time when the information is fresh, evidence is available and the tester motivated.
Developers can now speak to testers directly via Slack clarifying issues and remediation advice. This allows them to fix issues as we find them and have them retested for free within the testing window.
Conor is our Co-Founder and Head of Product Strategy at OnSecurity. Conor has over a decade of IT security experience, and has held a number of impressive letters after his surname, including M.Sc, CRT, GCIH and CISSP.