One time security assessment with unlimited patch verification.
Continuous 24/7 security and integrity monitoring with just-in-time penetration testing of new code and functionality.
Application’s code is changed:Consider how frequently you deploy new or updated code into production.
Application's impact on business is:Evaluate financial, reputational and legal consequences for your business in case of the application breach or unavailability caused by attackers.
Application's size is:Consider dynamic content (e.g. PHP, JSP or ASPX) and web services related to the application (e.g. any APIs or microservices).
Application's complexity is:Consider application business logic, number of available functions and features, as well as different user roles and privileges.
I will provide test user accounts for testing:
No login/password pair is required to use application.
Some functionality of the application (e.g. member zone) requires supplementary credentials (e.g. login/password pair).
Application has several different roles (e.g. user, privileged user, superuser, etc) with configurable access permissions.
Application was previously tested:Consider a vulnerability scan, source code review, security audit or penetration test.
Application stores or processes sensitive data:Consider any confidential information (e.g. financial records or data, intellectual property, trade secrets, etc), privileged information (e.g. third-party communications, etc) Personally Identifiable Information (PII) and Protected Health Information (PHI).
I do testing for compliance purposes (e.g. PCI DSS):Consider any regional, national or industry-specific regulations, law or imposed industry standards.
Based on the information you provided about the application, we recommend: