FAQ - Digital Interruption

What test is right for me?

If you’re a company looking to make sure you’re secure and you mostly use off the shelf software to run your business, you may be more interested in an infrastructure test. If you’re writing custom applications, an application test is right for you.

What’s the difference between black, white and grey box testing?

Penetration testing can come in different “flavours” – white box, grey box and black box. This describes how much knowledge we’re given during the assessment or even before the assessment begins. This may sound confusing but our expert consultants will help you decide which is best for you.

In a white box test, we’ll attack the web application with full source code access or root access to the infrastructure. This lets us find more issues in less time. This can be useful if this is your first penetration test.

In a grey box test we use information about the environment, technologies and design to help focus our attacks. This allows us to use your expert knowledge of the application to direct the areas of testing.

In a black box test we perform attacks based on no knowledge of the application or network. This could mean testing takes longer but will give you an idea of what can be discovered by external attackers.

We use technology "x". Are you able to assess it?

Yes! The experience that comes from finding hundreds of vulnerabilities in all environments shows we have a knack for testing all kinds of applications. Our consultants were some of the first to find vulnerabilities in Virtual Reality applications and in Android Wear.

What qualifies DI Security to help me with my organisations security?

We have a team of dedicated and experienced security professionals with backgrounds in development, privacy and regulation. Our consultants have run successful security assessments and pen tests for organisations of all sizes, from major banks to small startups. We presented our research and give workshops at a tech conferences worldwide.

My data is stored in the cloud, does this mean it is secure?

We wish the answer was “yes” but even data stored in the cloud can be vulnerable. We can help you assess your data processes to get peace of mind that your data is secure and help to fix any misconfigurations that may allow an attacker to perform sensitive operations.

"What does a standard test look like?"

Scoping

The first step is to get in touch with our experts and we'll help you understand what you're need and how much it will cost.

Scheduling

Once the scope is agreed, we will schedule the engagement in our calendar. We'll advise you on what you need to do to prepare for the engagement ensuring there no delays. This may include creating test environments or test accounts.

Engagement

This is when we actually perform the penetration test or other engagement. We can do this either on site or remote, depending on your needs and how we access the environment. During testing we'll look for vulnerabilities and inform you immediately if we find anything critical.

Reporting

When testing is complete we'll start creating the report. This is where we highlight any vulnerabilities discovered with recommendations on how to mitigate the risk. Reports are an important part of good penetration test so we take pride in the reports we create. For other engagements, we'll discuss reporting needs with you in advance as this may be dependent on requirements.

Retest

You need time to fix any vulnerabilities we might discover. All our testing includes a free retest for all off site assessments. After a retest, we will issue an updated report highlighting which vulnerabilities have been fixed.

Invoicing

After we send you the report, we'll send over an invoice for our services. We believe that security should be accessible and affordable to all companies so we price our services at a rate specifically for SMEs and startups.