Industry recognitions we have earned
Founder & CEO, Conteneo
Vice President, Fond
VP of Operations, Brainfights Inc.
BreachLock™ provides end to end Web Application Security Testing as a Service
Requesting a penetration test on your latest release is as simple as clicking a button. Our security researchers swing into action and replicate hacker-like manual penetration testing activity on your cloud infrastructure and applications. You get online as well as PDF reports with screenshots of hacked areas.
Web application penetration testing uses manual and automated testing techniques to identify any vulnerability, security flaws or threats in a web application. The BreachLock™ platform is armed with AI augmented automated scanners and a certified team of security experts
Our reports include vulnerability descriptions, severity ratings, recommendations on fixes and references to external websites. Each report is available in online (HTML) and offline (PDF, CSV) format. Our SaaS platform facilitates collaboration with our security experts and speeds up your patching process.
Our expertise covers your whole IT landscape. Whether it’s your web application, mobile application, external network or internal network segmentation test, we test all of that. This ensures you have one vendor that meets all your security testing needs.
Before we begin testing, BreachLock™ along with your company will determine the full scope that will be tested. Clear and open discussion with the customer is integral at this step. All communication is facilitated via our SaaS portal which enforces our methodical approach and promotes collaboration between teams. At this stage, we determine the companies’ infrastructure such as domains, servers, and other devices with IP addresses. We then determine if any should be excluded and why. Once we have a list of all of the devices to be tested we can then define the testing duration.
We begin to attack vulnerabilities and known weak spots with your web application. We perform this step with the utmost care in order to protect both the web app and your data. We repeat the penetration process using both manual processes and automated tools. We use many methods such as those prescribed in OWASP methodology. Utilizing our SaaS, we are able to scan your systems in order to find the vulnerabilities that are putting your data at risk. The results of this phase are recorded in PDF and online reports that are made available to you within our SaaS portal.
The BreachLock™ team collects and compiles all of the obtained information and provides the customer with an exhaustive report. We also include comprehensive recommendations to aid business leaders as well as the IT team in order to make logical decisions regarding web application security. We provide a list of each vulnerability, including how we tested and how we recommend resolving the risk. At this stage, we provide specific technical details using which the IT team can act quickly. Our online ticketing system can be used to ask any questions to BreachLock™ security researchers.
After both the business leaders and the IT team are able to read the report and act during the remediation process, we will retest to determine the effectiveness of findings resolution. We will rerun our penetration test on the web application. As a result of the retest, you can download an updated report from within our SaaS portal. This report will either show a clean build or a patched vs not patched status for each finding. If all vulnerabilities are solved we will also issue you a security certificate valid for 12 months.
When an application is being developed, one of the most difficult questions to be answered is how it should be tested. Instead of going for endless discussions, the decision-makers should start with answering whether they want to automate vulnerability scanning for their application.
As we are getting more reliant on various applications to make our life easier or make business processes efficient, the threats have certainly increased to the extent that not considering security during the development of an application may cause irreparable damages.To minimize the chances of an application from being attacked as well as subsequent damages – reputational as well as financial, application security testing holds more importance than ever.
When a company invests in protecting its technical infrastructure, this question often comes up in the discussions on the amount to be invested. A decision-maker or a CISO/CTO may get confused between what they should do – invest in a good DAST tool or hire a good penetration tester?