We provide our customers with a detailed and human readable result of the penetration test (pen-test). We start our reports with an introduction to which part of the website is being tested, followed by the approach taken to properly assess it along with a summary to achieve an understandable start to the results. Next, we provide you with the findings along with the description, then we arrange all the risk factors into three categories:
- High Risk: This unsecured side of the website requires immediate attention and must be resolved as soon as possible.
- Medium Risk: Not as harmful as the high risk, but does require attention as it is a potential vulnerability.
- Low risk: Is not very harmful and does not require immediate attention, but should be resolved to keep the website as secure as possible.
Information on CVSS (common vulnerability scoring system) and CVE (common vulnerability and exposures) rating along with the evidence of the vulnerability, detailed description of the risk factor along with our recommendation on how to tackle the issue(s) will be provided. Our report also contains a graphical summary of the analysis allowing the viewer to easily understand the statistics of the pen-test making the detailed report more understandable. We try our level best to compile such a report which is as readable as possible even by someone who has minute knowledge of such programs and analytics.
To make this process as tailored as possible to your work schedule we provide the functionality of scheduled scans. This option is very helpful as it is automated and you can set the time of scans along with the intervals between the scans either hourly, daily, weekly etc. as the user demands it to be. With this feature the scan will start at the given time and date along with generating a report and sending it to the assigned email to be viewed wherever and whenever the user wants to. With scheduled scan enabled the user can focus on his/her business leaving the security testing to our software and the user just needs to review the results and take action if needed. Another added benefit of scheduled scans is your website remains secure at all times as there is not the chance of forgetting to perform a scan and leaving any part of the website unsecured.
As an added security feature we provide validated scans only. This makes sure that no one else can perform a pen-test on your website and figure out the weak spots to execute an attack. With this feature only verified and allowed domains are able to perform a scan / pen-test on your website to keep all vulnerabilities confidential and your website as secure as possible.
History and records of scan
With our program you can keep track of your website’s security over time. Our software has the ability to store all previous scan data in an organized manner according to the date and time of the scans so the user can effortlessly find any scan that has took place in the past by doing an easy search according to the date and time of the scan results. This feature makes it easier to compare your websites security over time by doing side by side comparisons on improvements and threats being found. This helps to keep track of all changes made to your website over time.
This scan history does not remain permanently and can be chosen to be deleted whenever by the user/administrator.
PDF, HTML, and JSON report format
We have 3 options for generating a report. We want to make sure that our user can receive the reports in the format that suits them the best. We mainly use three formats: PDF, HTML (Hypertext markup protocol), and JSON (Java script object notation). It depends what the reports are being used for. PDF reports are more intuitive and can be revealed to the websites users to show transparency and increase their level of trust in the website. HTML and JSON is most suitable for an in-depth look by a programmer to understand the findings.