Pentesting as a Service (PTAAS)
Penetration Testing as a Service or PTAAS, is a cybersecurity approach that involves systematically assessing the security of a computer system, network, or application by simulating an attack from a malicious source. This service is critical for businesses in safeguarding their digital assets and ensuring the resilience of their cybersecurity measures.
The importance of PTAAS lies in its ability to proactively identify and address vulnerabilities before they can be exploited by malicious actors. Regular penetration testing is essential in today’s rapidly evolving threat landscape, where new vulnerabilities emerge daily.
What is Securecom’s PTAAS?
Securecom’s Penetration Testing as a Service is a simple, scalable, secure and cost-effective way to perform continuous security testing.
A penetration test (pen test) is an authorised simulated attack performed on a computer system to evaluate its security. Penetration testers use the same tools, techniques, and processes as attackers to find and demonstrate the business impacts of weaknesses in a system. Our PTAAS platform takes the traditional, highly manual process and delivers it through a self-service, on-demand portal. Process automation is used to reduce cost and speed-up delivery, while the service is backed by expert and accredited testers for those elements that should not be automated.
Pen testing consists of three parts:
- Scanning of the target infrastructure or application to identify any weaknesses.
- Human testing to see whether these weaknesses can be exploited to attack the system.
- Reporting on vulnerabilities including remediation advice.
The PTAAS platform automates the first and third parts of this process, reducing cost whilst still providing the core human testing by accredited testers. This human testing is important as a certified report is required for audit and compliance purposes.
Key features
- Fixed annual fee.
- Two penetration tests and two retests per year (OWASP, PTES, OSSTMM standards).
- Access to Certified penetration testers.
- Unlimited external vulnerability scans per year.
- Access to a self-service portal that allows scans and tests to be scheduled or commissioned on-demand.
- Self-service dashboard, full reporting and remediation recommendations.
- Integration with DevOps processes, JIRA, Teams and Slack for faster vulnerability identification and remediation.
- API for custom integrations if required.
Still have questions and want to know more?
Fill in your details and we will get in touch with you.
PTAAS Benefits:
Vulnerability Identification: Pinpoint weaknesses in systems, networks, and applications, allowing for targeted remediation efforts.
Risk Management: Prioritize and address the most critical security risks to effectively manage and reduce overall cybersecurity risk.
Compliance Assurance: Meet industry and regulatory compliance requirements through regular security assessments.
Cost-Effectiveness: Access specialized skills and tools without the need for a full-time, in-house testing team, resulting in a more cost-effective solution.
Hands-on intrusion testing: Certified testers actively attempt to exploit any vulnerabilities found, identifying the real versus the theoretical risks.
Continuous Monitoring: Provide ongoing security assessments to adapt to the dynamic threat landscape and ensure a consistently strong security posture.
Pricing
Pricing is based on the extent of the service required, the size of the system and number of IP’s to be tested. A demonstration session is required to determine final pricing.
| Service | Indicative pricing |
| External infrastructure | $2,500 – $10,000 |
| Unauthenticated Web App | $5,000 – $10,000 |
| Authenticated Web App | $10,000 – $25,000 |
| Mobile App | Contact Securecom |
| Internal Infrastructure | Contact Securecom |
A fresh approach to ICT managed services
Millennium Centre, Building B Level 2, 602 Great South Road, Greenlane, Auckland