February 27, 2018
Pen-testing as an industry has only been around for about twenty years. It’s evolving fast and the relentless innovation can make it hard to keep up - nothing stands still for long. Yet one aspect of the business hasn’t changed a single bit in twenty years - an archaic process that's proved stubbornly resistant to progress:
Take a look at typical booking process below. I wish I could say I was exaggerating here, but this is absolutely standard based on my experience as both a vendor and client. Just look at the effort the client must put in and how long they’re expected to wait:
Task 1: Shortlist vendors, draft and send 3 RFI’s = 3.5 hrs
Task 2: Fill out 3 scoping questionnaires = 4 hrs
Task 3: Read proposals and select a vendor = 2 hrs
+Wait 1 day for response from chosen vendor
Task 4: Co-ordinate diaries = 2.5 hrs
Task 5: Fill out ‘Permission to test’ form = 2.5 hrs
Task 6: Set up vendor on procurement system = 2.5 hr
Task 7: Calling & emailing during test itself = 1.5 hrs
Task 8: Reading test report =.5 hrs
Now, add weekends into that and a client is lucky if its delivered in a month. On top of which, they’ve had to put in nearly three days of effort themselves.
The model is broken, there's simple too much faffing and not enough testing. Ask any pen-tester and they’ll tell you they hate getting dragged into this process. Ultimately, that’s what pushed us at OnSecurity to do something about it; as pen-testers, we just got sick of the faff. The online platform we built eliminates the admin. By booking tests online and viewing results in realtime - bringing overall delivery time down from 40 days to 4.
There’s still much more we could do, (and more on that in my next blog) but in the meantime, get in touch below if you want to book pen-tests without the pain.