Find and fix your next Cyber Breach before it happens.
Frequently Asked Questions (FAQ)
What is BreachLock™?
BreachLock™ is a secure cloud platform that provides the most exhaustive security testing
available for your complete IT landscape. BreachLock™ covers both manual penetration testing
and dynamic automated scanning for web applications, mobile applications (iOS/Android),
desktop applications, APIs, IoT devices and external/internal networks. Our SaaS platform
lets you request an automated scan or a Pen Test with a click.
Is the security scanning and penetration testing production safe?
We recommend that you test your staging environment. However, we have extensive experience
testing production systems. Our testing is not disruptive, and we replicate stealthy
techniques of real-world attackers which doesn’t cause any downtime. You can also request
testing during non-business hours at no extra charge.
Can you provide client references?
Absolutely, our clients love talking about the good work we do for them. Most of our new
business is generated by referrals. Our clients are high level CIOs, CTOs, CISOs so we need
some time to inform them before you make contact with them.
What kind of reports can I get from BreachLock™?
We provide an exhaustive set of reports in multiple forms. Executive reports are available
that summarizes the latest security posture of your application. Technical reports are
available with detailed explanations of findings and risks. All reports are useful for
developers and admins to understand and fix the findings.
How is BreachLock different from my next door boutique penetration testing company?
BreachLock™ is a secure SaaS solution which means you have access to all resources 24/7/365.
Everything from the ordering process, downloading reports, contacting security experts for
remediation help or requesting a retest is handled via our platform. This means multiple
members of your team can collaborate with our team and keep current with all requests.
How much time does it take to get my Penetration Test report?
We have a quick turnaround time for onboarding and processing new clients. This means you
can get on the testing schedule almost immediately. In most cases, the test takes a maximum
of five (5) to seven (7) business days and you receive the report a day later.
Are your reports compliant with PCI DSS and HIPAA?
BreachLock™ DAST and Penetration Testing methodology is aligned with WASC Threat
Classification v2.0 and OWASP Top 10. This ensures that your applications meet compliance
requirements for PCI DSS, HIPAA, SOC 2, GDPR or any other industry standard or regulation.
Can I order multiple security tests a year?
Absolutely, just discuss your needs with our sales team and they will assist you in
formulating a flexible contract where you pay only for what we test. It's that simple.
Can you test Web applications and networks?
Yes, we provide coverage for web, mobile and custom applications. We also conduct external
as well as internal penetration tests. An Account Manager will learn about your needs, send
the proper scope questions, receive your reply and make sure you get both a very competitive
quote and a detailed service description.
What does a Penetration Test cost?
Each quote is custom so estimates are not possible. The three main variables (black, gray or
whitebox) each have more variables. We rely on your detailed answers to the scope questions
to create and send a price-competitive quote to you.
Is BreachLock™ Penetration Testing is Automated or Manual?
Our Penetration Tests are completely human augmented and replicate hacker activity on your
network and applications. We have a clear distinction between automated and manual security
testing. We have no offering that is fully automated. Even for services such as DAST or
Network Vulnerability Assessment we use a combination of automated and human-augmented
What is BreachLock™'s track record and experience in security testing?
The BreachLock™ team conducts hundreds of security tests every month. Our ethical hackers
are fully qualified and hold certifications like OSCP, OSCE, and CEH. We continuously invest
in security research and have published 100+ CVE’s and 200+ security bugs for companies such
as Microsoft, Adobe, Oracle and many more.
Is BreachLock suitable for my SaaS application?
We also host our SaaS solution in the cloud. Being a first-generation cloud company
ourselves, we understand your environment better than any other Penetration Testing vendor
you will meet.
Can you test IoT solutions or devices?
Yes, those who are using IoT devices approach us for testing their hardware plus software
components. Contact us to schedule a discussion with an Account Manager.
How soon can you start on my Pen Test?
If you have an urgent request we can handle it. Because our team is flexible and scalable,
we have helped many clients start the penetration test with a day’s notice.
What information do we need to provide before a Penetration Test?
After you have given us a green light on the quote, we will start the on-boarding process.
Based on the scope you will receive detailed instructions about the next steps. Due to our
extensive experience in this domain our instructions are clear and easy to follow. Our
portal provides an option for our clients to request expert support using the ticketing
Industry recognitions we have earned
Tell us about your requirements and we will respond within 24 hours.
Fill out the form below to let us know your requirements.
We will contact you to determine if BreachLock is right for your business or organization.