Penetration Testing as a Service | Cybersecurity Platform

Penetration Testing as a Service

Breadth of automation.
With the depth of human assessment.

Advanced Automation Backed by a Suite of Solutions

Our penetration testing as service (PTaaS) is a hybrid solution that combines the breadth of automation with the depth of human assessment. The platform provides an in-depth automated vulnerability assessment, automatically validates risk, and then rates that risk against a suite of risk databases. PTaaS can be used to assess web applications, APIs and network/cloud devices.

Certified Experts Bring Unique Intelligence

This is where the Edgescan advantage comes into full play. The unique intelligence behind the hybrid penetration testing solution comes from our team of security experts. Our security professionals are battle-hardened with many industry accreditations such as CREST, OSCP, CEH and more. Their experience and expertise give them a wisdom and insight which uniquely supplements our automated platform.

Types of Penetration Testing

API PTaaS

Continuous assessment using a combination of both automated tooling and certified CREST/OSCP expertise, smart API specific security automation and human expertise. On-demand penetration testing coupled with continuous vulnerability assessment, exposure validation, risk rating and support.

Web Application PTaaS

Continuous web application assessment using a combination of both automated tooling and certified CREST/OSCP expertise. On-demand penetration testing coupled with continuous vulnerability assessment, exposure validation, risk rating and support. Authenticated and unauthenticated testing for complete web application coverage.

Network/Device PTaaS

Continuous internal and external assessments of networks, hosts and devices, using a combination of both automated tooling and certified CREST/OSCP expertise. On-demand penetration testing coupled with continuous vulnerability assessment, exposure validation, risk rating and support. Authenticated and unauthenticated testing for complete web application coverage.

Reduce costs and overhead for pen testing and vulnerability management by 60%.

Hybrid Solution Provides Accurate & Actionable Results

PTaaS is a hybrid solution that combines the breadth of automation with the depth of human assessment (our experts are battle-hardened and CREST, OSCP and CEH certified) coupled with vulnerability analytics.

Backed by a Suite of Security Solutions

Leverage our security team’s deep technical expertise AND the entire portfolio of solutions to provide vulnerability assessment, exposure validation, API scanning, ASM and risk rating.

 

On-demand Retesting

Retesting on demand can be done against a single or multiple vulnerabilities. Edgescan’s hybrid approach means that each vulnerability sent for retesting is manually verified by our testing team. This provides significant flexibility both commercially and technically and allows an organization to remediate and retest as often as needed with the overheads of traditional penetration testing.

Phases of Penetration Testing as a Service (PTaaS)

1. Onboarding:

Your target assets (API, Web Applications, Endpoints) are onboarded into the edgescan platform.

2. Assessment:

Based on your requirements, the “Asset” ( try that instead of application) undergoes initial enumeration, automated assessment, validation and risk prioritization.

3. On demand Penetration Test:

A penetration test is delivered using OSCP/CREST certified experts. Focusing on complex business logic and authorization weaknesses which are contextual to your unique web application, API or network deployment.

4. Continuous automated assessment:

Occurs for the period of the licence and includes validation, prioritization, support and unlimited retesting.

The Edgescan Penetration Testing Process

Our team of certified experts are focused on testing sensitive areas of an asset and testing for vulnerabilities that cannot be uncovered through vulnerability scanning alone; resulting in the discovery of issues automated tools usually miss such as Contextual/Business logic or complex multi-step vulnerabilities.

 $The full suite of Edgescan solutions are utilized when conducting a pen test. The scanning engine assists and speeds up recon and discovery allowing Edgescan to scale without losing accuracy.

During an assessment, the Edgescan validation engine queries millions of vulnerability examples stored in our data lake; our data is sourced from thousands of security assessments and penetration tests performed on millions of assets utilizing the Edgescan Platform. Vulnerability data is then run through our proprietary analytics models to determine if the vulnerability is a true positive. If it meets a certain numeric threshold it is released to the customer; we call this an auto-commit vulnerability. If the confidence level falls below the threshold, the vulnerability is flagged for expert validation by an Edgescan security analyst. 

This hybrid process of automation and combined human intelligence is what differentiates us from scanning tools and legacy services providing real and actionable results. 

create_report1-3-23

Never Compromise Threat Protection:

Request Demo