Have you ever had a penetration test or vulnerability assessment that just didn’t seem right? Maybe there were questions that were left unanswered, or one of the findings just seemed a bit “off”. EliteSec is now offering a new service - penetration testing second opinions.
Not all security firms are created equal, and some firms may provide a “copy-and-paste” report by literally copying and pasting findings from an automated tool without doing the due diligence required to make sure the findings are accurate. Automated tools aren’t bad, but they shouldn’t be the only thing relied upon in a test!
Perhaps your report has some questionable findings, something along the lines of a weird HTTP web server takeover, but you have little to no information on how to resolve it, let alone how to reproduce it. What about a severity rating without any justification? Or my personal favourite, the “barely there” report, which is a report that claims there is little-to-no issues when you know for a fact that you haven’t updated a few Javascript libraries for the past 3 years.
At EliteSec, we pride ourselves in our professional approach to penetration testing. We also realize that these tests are a serious investment for your company, so we want to make sure you’ve gotten your money’s worth.
We are now offering second opinion reviews for any penetration test or vulnerability assessment you may have received in the past from another firm. We will review the findings and give you our own interpretation of the results in a meeting to go over and discuss the findings, the potential resolutions, and our honest opinion.
EliteSec will charge our standard hourly rate for the review, but the debrief meeting will be done at no cost. Most reports can be reviewed in 1-2 hours, but we will let you know when we’ve had a chance to look at the report and the details provided. Note that we will not be re-testing the environment, just giving you an honest opinion on what is in your existing report.
Our goal is to empower and educate our clients, so by offering our second opinion penetration test review, we hope to help raise more awareness for this sometimes sensitive subject. Contact us today for your second opinion!
– John
At EliteSec, we offer full penetration testing services to meet your compliance, contractual, or general security needs. Contact us today and we’ll be happy to discuss your unique needs!