Frequently Asked Questions
Find and fix your next Cyber Breach before it happens.Schedule a Discovery Call
Frequently Asked Questions (FAQ)
On this page you can find answers to Frequently Asked Questions. Contact us if you need more information.
What is BreachLock™?
BreachLock™ is a secure cloud platform that provides the most exhaustive security testing available for your complete IT landscape. BreachLock™ covers both manual penetration testing and dynamic automated scanning for web applications, mobile applications (iOS/Android), desktop applications, APIs, IoT devices and external/internal networks. Our SaaS platform lets you request an automated scan or a Pen Test with a click.
Is the security scanning and penetration testing production safe?
We recommend that you test your staging environment. However, we have extensive experience in testing production systems. Our testing is not disruptive, and we replicate stealthy techniques of real-world attackers which doesn’t cause any downtime. You can also request testing during non-business hours at no extra charge.
Can you provide client references?
Absolutely, our clients love talking about the good work we do for them. Most of our new business is generated by referrals. Our clients are high level CIOs, CTOs, CISOs so we need some time to inform them before you make contact with them.
What kind of reports can I get from BreachLock™?
We provide an exhaustive set of reports in multiple forms. Executive reports are available that summarizes the latest security posture of your application. Technical reports are available with detailed explanations of findings and risks. All reports are useful for developers and admins to understand and fix the findings.
How is BreachLock different from my next door boutique penetration testing company?
BreachLock™ is a secure SaaS solution which means you have access to all resources 24/7/365. Everything from the ordering process, downloading reports, contacting security experts for remediation help or requesting a retest is handled via our platform. This means multiple members of your team can collaborate with our team and keep current with all requests.
How much time does it take to get my Penetration Test report?
We have a quick turnaround time for onboarding and processing new clients. This means you can get on the testing schedule almost immediately. In most cases, the test takes a maximum of five (5) to seven (7) business days and you receive the report a day later.
Are your reports compliant with PCI DSS and HIPAA?
BreachLock™ DAST and Penetration Testing methodology is aligned with WASC Threat Classification v2.0 and OWASP Top 10. This ensures that your applications meet compliance requirements for PCI DSS, HIPAA, SOC 2, GDPR or any other industry standard or regulation.
Can I order multiple security tests a year?
Absolutely, just discuss your needs with our sales team and they will assist you in formulating a flexible contract where you pay only for what we test. It's that simple.
Can you test Web applications and networks?
Yes, we provide coverage for web, mobile and custom applications. We also conduct external as well as internal penetration tests. An Account Manager will learn about your needs, send the proper scope questions, receive your reply and make sure you get both a very competitive quote and a detailed service description.
What does a Penetration Test cost?
Each quote is custom so estimates are not possible. The three main variables (black, gray or whitebox) each have more variables. We rely on your detailed answers to the scope questions to create and send a price-competitive quote to you.
Is BreachLock™ Penetration Testing is Automated or Manual?
Our Penetration Tests are completely human augmented and replicate hacker activity on your network and applications. We have a clear distinction between automated and manual security testing. We have no offering that is fully automated. Even for services such as DAST or Network Vulnerability Assessment we use a combination of automated and human-augmented testing.
What is BreachLock™'s track record and experience in security testing?
The BreachLock™ team conducts hundreds of security tests every month. Our ethical hackers are fully qualified and hold certifications like OSCP, OSCE, and CEH. We continuously invest in security research and have published 100+ CVE’s and 200+ security bugs for companies such as Microsoft, Adobe, Oracle and many more.
Is BreachLock suitable for my SaaS application?
We also host our SaaS solution in the cloud. Being a first-generation cloud company ourselves, we understand your environment better than any other Penetration Testing vendor you will meet.
Can you test IoT solutions or devices?
Yes, those who are using IoT devices approach us for testing their hardware plus software components. Contact us to schedule a discussion with an Account Manager.
How soon can you start on my Pen Test?
If you have an urgent request we can handle it. Because our team is flexible and scalable, we have helped many clients start the penetration test with a day’s notice.
What information do we need to provide before a Penetration Test?
After you have given us a green light on the quote, we will start the on-boarding process. Based on the scope you will receive detailed instructions about the next steps. Due to our extensive experience in this domain our instructions are clear and easy to follow. Our portal provides an option for our clients to request expert support using the ticketing system.