Contact Us
Contact Us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

FAQ

A list of frequently asked questions (FAQs) and answers around our service offerings

Know more
Get a FREE 30 min consultation

Are you happy for Defendza to keep you informed on the latest developments in cyber security (attack reports, guidance, DIY articles)? Of course you can unsubscribe at any time. Please see our privacy policy

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Frequently Asked Questions

We offer a wide range of assessment based services, customised to suit your business requirements. 

How much does a penetration test cost?

We are proud to offer project flexibility options such as cancellations, reporting customisation in addition to pricing structure. 

A penetration test pricing is often calculated around a resource's time towards testing the functions of an asset for e.g. Number of servers, VLANs, hosting environment, physical locations in a company or number of dynamic pages, input fields and privilege levels in an application. Based on the client and environment, further complexities are added into time calculation such as custom features, architecture complexity, positioning in the network, hosting facilities, etc. Therefore, a walkthrough or a knowledge document as a pre-requisite to scoping always adds to accuracy.

Our assessment pricing involves transparency around sub-elements of a project based on the utilisation of resources on man day basis. This is further categorised in phases based on the nature of assessment and objectives agreed. Once we have your requirements, we produce a customised proposal including pricing to help you make an informed decision.

How soon you can schedule my project?

We understand that customers have deadlines to meet. We also understand go lives could be delayed due to penetration tests not scheduled in time.

Penetration testing activities such as planning, preparation and execution need time, therefore we ask all our clients to give us 3-4 weeks lead time. With that said, based on time and requirements we may fulfil urgent project requirements. Please get in touch as soon as you are confident on timelines. 

How long does a pentest take?

Duration of an assessment varies based on the size of the asset in scope. For instance, an application with multiple pages with dynamic content and form fields would take longer to assess than a static website with a simple search function. Similarly, networks based assessments include restrictions, size, accessibility factors while determining the timescales.

Unauthorised or authorised exercises differ in timescales due to the lead time required to build a knowledge about the functionality of the asset.

Do you perform compliance requirements based testing?

We often get queried on how to meet compliance requirements and if our assessments would be sufficient evidence of an audit. Our assessment is in compliance with the highest penetration testing standards such as CREST and cover the well known standards such as OWASP, SANS Critical Security Controls, CIS Controls and NIST standards. Please ensure that you discuss these pre-requisites with your Defendza account manager before moving forward.

Do you offer any remediation help?

Client servicing underpins everything we do.

Our comprehensive reporting provides both strategic and tactical recommendations. 

  • Which assets pose risk by highlighting the vulnerabilities and associated risks
  • What is the impact and likelihood of the attacks associated with identified threats
  • How our remediation advice (both tactical and strategic levels) is helpful

Post-engagement, we offer a free of charge debrief where we perform walkthroughs of the project, understanding of risks and helping customers to prepare a remediation plan.

Our web and phone support is available to all customers where we promise to answer all queries between 24-48 hours.

How do you handle client communications?

We take customer communication as seriously as reporting or assessment execution. We engage with customers throughout a project, and ensure that customer contacts are up to date in the language they understand. Post engagement, a free debrief is conducted to help management as well as technical audiences understand the weaknesses and prepare a mitigation plan.

How often should a penetration test be conducted?

In a usual asset's lifecycle, a penetration test is conducted at least once a year. 

During any changes such as infrastructure refresh, major upgrades or modifications, a penetration test is advised to be aware of gaps presented by the infrastructure (applications, systems, networks) changes. Some compliance requirements such as PCI DSS, sector based commission technical audits, vendor assurance requirements mandate regular penetration tests.

How disruptive is pen test activity?

Defendza adheres to CREST code and conduct ensuring high technical standards of professional security testing. We attempt to identify and tweak our assessments based on the fragility of the assets in scope. Our methodology ensures that all our assessments are designed to perform safe assessments without disrupting everyday business. 

Low level attacks, Denial of Service attacks are explicitly deemed out of scope for all assessments. 

Remote or Onsite assessment - What's the difference?

This depends upon on the project requirement. For internal network penetration testing, wireless security penetration testing, internally accessible assets, onsite assessments are performed either at customer premises, data centre or service provider site.

Many a time, penetration testing can be performed remotely. We provide our external IP addresses during every remote assignment so that customer logging and monitoring processes and procedures are aware of this activity. 

Do you follow any testing methodologies?

Defendza's assessment methodology is reviewed by CREST, and we adhere to CREST's code and conduct to ensure we maintain high technical standards during professional security assessments. 

For penetration tests, our methodology encompasses OWASP, SANS Top 20 Critical Controls and CIS, NIST or other standards are included based on the customer request.

Do you perform automated or manual assessments?

While automated scans are useful to identify low level hanging fruits such as missing patches or common vulnerabilities, they do not cover in-depth reviews of an asset.

During a penetration test, majority of the execution phase involves manual approach however Defendza utilises automated tools for specific activities as port scanners, web proxies as an early step to the engagement. A penetration test uncovers flaws such as business logic issues that are otherwise uncovered during an automated test.

How are vulnerability tests different from penetration tests?

A vulnerability scan is performed with the use of automated tools to identify known weaknesses. No exploitation of weaknesses is involved in this test.

A penetration is in-depth assessment focussed on identifying and exploiting the weaknesses to measure the impact and likelihood of an attack. It combines machine and manual approaches to identify hidden weaknesses.

What are the different types of pen tests available?

Defendza's assessment methodology ensures rigorous examination of your assets i.e. networks, web applications, web services and/or mobile applications to identify and exploit a range of security vulnerabilities. These assessments vary in size and scope based on the drivers of the engagement and business decisions. Three different penetration test strategies are black box (without prior knowledge), grey box (with some knowledge) and white box (with all information) assessments.
Learn more about our range of offerings here

What does a penetration test tell you?

A penetration test is an exercise to identify technical risks affecting software and hardware in scope. An accurately scoped penetration can add an assurance that the products and security configurations, controls are configured in line with good practices, and no common or publicly known vulnerabilities affect the assets in scope, at the time of the test.

What is a penetration test?

A penetration test is a form of cyber security assurance provided by demonstrating weaknesses in an asset. The objective of this assessment is to  identify security weaknesses in the target networks, applications and/or systems that could impact negatively on a customer's business or reputation if they led to the compromise or abuse of systems.

Book a Pen Test Today
Call Us Now

Testimonials

"My experience to date with Defendza has been very positive, I look for a flexible, knowledable security "partner" when I engage a PT firm. Pentest means many things to many people and there are many different use cases for both the testing activity and the report generated and I need someone to work with me to get the absolute best value out of my security budget."

Information Security Officer
Insurance Group

Excellent people to work with. Very good knowledge of requirement and give us correct findings with excellent remedy to improve our security for our B2B portal site."

Head of Technical & Business Improvement
Leading Pharmaceutical Manufacturer

"I thought it was a highly professional and thorough exercise and I would have no hesitation recommending Defendza to any of my connections."

Director, Software Engineering
Global Information and Analytics Company

"Good personal service. We are delighted with the work Defendza did for us. Highly recommended."

CTO
Manchester headquartered Global Fashion Brand

"Extremely satisfied with approach, speed and end results. Thanks."

COO
International fashion label and store

"My experience of the Defendza team was 5 star.  They were so helpful, and their technical delivery and client communication were excellent."

Director, Software Development
Corporate Services Company