How to take the pain out of pen-testing

February 27, 2018

Pen-testing as an industry has only been around for about twenty years. It’s evolving fast and the relentless innovation can make it hard to keep up - nothing stands still for long. Yet one aspect of the business hasn’t changed a single bit in twenty years - an archaic process that's proved stubbornly resistant to progress:

Booking a pen-test.

Take a look at typical booking process below. I wish I could say I was exaggerating here, but this is absolutely standard based on my experience as both a vendor and client. Just look at the effort the client must put in and how long they’re expected to wait:

Task 1: Shortlist vendors, draft and send 3 RFI’s = 3.5 hrs

Task 2: Fill out 3 scoping questionnaires = 4 hrs

Task 3: Read proposals and select a vendor = 2 hrs

+Wait 1 day for response from chosen vendor

Task 4: Co-ordinate diaries = 2.5 hrs

Task 5: Fill out ‘Permission to test’ form = 2.5 hrs

Task 6: Set up vendor on procurement system = 2.5 hr

Task 7: Calling & emailing during test itself = 1.5 hrs

Task 8: Reading test report =.5 hrs

Now, add weekends into that and a client is lucky if its delivered in a month. On top of which, they’ve had to put in nearly three days of effort themselves.

The model is broken, there's simple too much faffing and not enough testing. Ask any pen-tester and they’ll tell you they hate getting dragged into this process. Ultimately, that’s what pushed us at OnSecurity to do something about it; as pen-testers, we just got sick of the faff. The online platform we built eliminates the admin. By booking tests online and viewing results in realtime - bringing overall delivery time down from 40 days to 4.

There’s still much more we could do, (and more on that in my next blog) but in the meantime, get in touch below if you want to book pen-tests without the pain.