Integrating Manual Penetration Testing into Attack Surface Management
We are thrilled to announce the next stage of our evolution at Informer by enhancing our attack surface management platform to include manual penetration testing services. From July, all penetration tests will be delivered via our SaaS platform, breaking away from the traditional penetration testing model. This is a major milestone in our vision to being a SaaS-led cyber security partner, combining the power of continuous security monitoring alongside the intelligence of our ethical hacking team.
Why are we making this change?
Modern security-minded organizations need a modern approach to penetration testing. In today's climate of agile development process, increased utilisation of cloud services, and constantly evolving infrastructure changes it’s imperative to have a security assessment program aligned to rapid changes in digital environments to gain vulnerability insights quicker and more efficiently than ever before.
By moving our penetration testing services into our attack surface management platform you will benefit from being able to access penetration testing results as soon as they are discovered to speed up remediation. Rather than waiting weeks for a report, you can now create your own reports with detailed information for target assets and vulnerabilities directly in the platform either during your test or once completed.
How our new integrated penetration testing process works
Once your engagement has been scoped we get to work creating your company profile and adding your target assets into the platform. From here the onboarding process is as simple as logging into your account to view your pending test, add additional users, create alerts, and set up your Jira integration.
From day one of your penetration test, you can access security insights and vulnerability findings complete with CVSS scores, evidence, and remediation advice. If you take advantage of our Jira integration tickets will be created automatically for your team to start implementing fixes immediately. As you would expect, retesting remains a critical step of the process and we address this by writing custom scripts to make retesting simple and more effective so that you can run these whenever you like and as often as you like.
We still provide one-off tests
There will be no change in providing our range of penetration testing services. Whether you need a web application, mobile application, or infrastructure penetration test at any time we are here to help.
Our aim is to speed up the process by enabling you to start getting results in real-time which in turn provides you the vulnerability information you need to secure your business.
A new era for penetration testing and external attack surface management
This release will bring a range of timesaving efficiencies alongside providing a more immersive and dynamic experience to penetration testing. Over the coming months, we will be adding additional updates as part of our roadmap to further enhance the functionality we provide.
To further strengthen your vulnerability management process by combining our platform’s continuous monitoring capabilities with penetration testing you have a single platform for automated security testing and the expertise of manual penetration testing.