YuLife, a financial technology company, recently chose OnSecurity for their penetration testing needs. The decision to choose OnSecurity was due to their transparent method of scoping and pricing projects. According to a user from YuLife, "We chose OnSecurity for its transparent method of scoping and pricing penetration testing projects. This allowed us to have a clear understanding of the costs and scope of the project before we even began."
The onboarding process was described as "unbelievably straightforward" by the YuLife team, who were initially unsure of how many testing hours were needed. OnSecurity set up a brief scoping call to discuss the web app's functionality and provided a prompt estimate which was accurate. The users from YuLife stated, "It was so straightforward that I ended up calling to confirm that I hadn't made a grave error. We also weren't sure initially how many testing hours we needed, OnSecurity set up a brief scoping call where we illustrated the web app's functionality and gave us a prompt estimate. The estimate was very accurate and the test itself used just under the quoted level of hours."
The testing process:
The testing process was smooth, with clear instructions for granting access and a simple IP setup for allowing OnSecurity into the environment. The testing process is dynamic and findings are reported in real-time through a web portal with detailed written reports on how to recreate the issue. The users from YuLife stated, "The testing process was a breeze. Really clear instructions as to how to grant access. Very simple IP setup for allowing them into our environment. The testing process is dynamic so findings are reported as soon as they are found in their web portal with excellent written reports on how to recreate the issue."
One of the key differences that YuLife noticed between OnSecurity and their previous suppliers was the cost-effective approach. OnSecurity's approach allows the cost and time of testing to grow with the organisation in a transparent manner. The overall process is also collaborative, allowing the testers to work directly with development teams through their integrations with Jira. According to the representative from YuLife, "The approach is cost-effective, the more complex your application is the longer the testing will take. This allowed the cost and time of testing to grow with the organisation in a transparent manner. The overall process is collaborative, allowing the testers to work directly with development teams through their integrations with Jira."
The testing outcome:
YuLife was satisfied with the output of the test, receiving highly detailed reports with CVSS scores and steps to reproduce each issue. They were so pleased with the outcome that they moved all of their penetration testing requirements over to OnSecurity and have pre-booked for the next year. The representative from YuLife stated, "We were provided with highly detailed reports when there were things to discuss. Each issue was thoughtfully assigned a CVSS score and was given excellent steps to reproduce. We tried OnSecurity out with an initial project, we were delighted with the outcome so we moved all of our penetration testing requirements over to them. After several quarters of identically straightforward experiences, we've pre-booked the next year!"
In conclusion, YuLife's experience with OnSecurity was positive from start to finish. The transparent method of scoping and pricing, straightforward onboarding process, efficient testing process, cost-effective approach, and detailed reports all contributed to their satisfaction with the service.
YuLife has already pre-booked OnSecurity for the next year and plans to continue using their services in the future.
If you would like to get your pentesting quote, you can do so here.