Frequently asked questions
About Strike's products
Strike is the platform that helps companies to make cybersecurity part of their development cycle. To achieve that, the platform offers a set of automated tools to help cybersecurity teams work efficiently, as well as a Pentesting service to find vulnerabilities of major impact.
All automated tools will be available in any plan you choose. On the other hand, you will be able to access Pentesting in the Standard, Premium and Custom plans.
Use Strike to access automated tools that help you make cybersecurity part of your development cycle. These are:
Automated scans: recurrent scans over your system for vulnerabilities of the most prevalent types as the development team works.
Attack surface monitor: digs into your attack surface to maintain a constant inventory of your company's digital assets.
Phishing monitor: scan the web to find websites that are trying to impersonate your company.
In addition, you can access Strike's public API to consume the data your way or use the Vulnerability Manager to your heart's content.
About Strike's Pentesting
Pentesting is the short term for penetration testing, which consists of a series of standardized attack simulations to discover vulnerabilities of any given system. Those are part of the common practices regarding offensive security.
In this process, a cybersecurity expert will test the system in creative and counterintuitive ways. Then, they will find vulnerabilities and report them.
This will help your company tremendously, because you’ll be able to fix them right away and prevent potential cyberattacks.
Strike’s Pentesting is the unique way to protect your system throughout Pentests performed by Strikers. Strikers are world-class ethical hackers that will test your company’s vulnerabilities in creative and counterintuitive ways, reporting vulnerabilities in real time. This is a continuous process and its main goal is to make cybersecurity part of your company’s development cycle.
First, Strike will connect your company with the Strikers that match your needs, as well as language and time zone if that is important in your case. Later on, they will start the pentest and look for potential vulnerabilities immediately. Once that’s done, you’ll be able to see all of your vulnerabilities found in Strike's Platform. Strikers will also suggest ways to fix their findings.
Multiple aspects differentiate Strike's pentesting from the traditional one.
First of all, Strike works with a Flexible Scope. This means that once you start the pentest, you’ll be able to change aspects like designated hours or even your objectives during the process. Also, you’ll be able to have fluid communication with the Strikers via chats on Slack, where you can ask them your questions and listen to their feedback.
Also, Strike offers real-time reports that will allow you to see all of the vulnerabilities that are being found by your Striker and fix them right away. Another aspect that differentiates Strike’s Pentesting from the traditional one is the multiple plans available: Standard, Premium and Custom. Each of these plans is thought specifically for your company’s needs and size.
Strike offers three different Pentesting plans, these are Standard, Premium, and Custom. The main difference between them is the amount of Pentesting hours assigned to your company. You can decide which is the ideal plan for your case following these criteria:
Standard: the ideal plan if you need one or two pentests during the year, or if you need to achieve compliance with certain regulations.
Premium: the ideal plan for most companies looking to make cybersecurity part of their development cycle.
Custom: the perfect plan for large corporations looking for complete cybersecurity and pentesting solutions of the highest quality.
All plans include access to automated tools in addition to manual pentesting.
Pentests are processes that happen during a certain period and cover the biggest amount of scope possible. This means that the more vulnerabilities are exploited, the better. On the other hand, Bug Bounty is about exploiting one vulnerability more deeply. As a consequence, while Strike’s Pentesting covers a bigger surface in a wider way, in Bug Bounty there’s a smaller surface but a deeper process.
Strike's Pentesting can be performed for web applications, mobile applications, and cloud applications.
Yes, and there are many ways to do that.
First of all, you can use Strike's platform as part of your workflow: you will find a Kanban board to follow vulnerabilities by status. Strike's platform is encrypted, so it's the best place to centralize any workflow.
On the other hand, you will be able to integrate Strike with your Jira board with native integration. Also, you can use Strike's public API to connect it with your custom workflow.
Yes, Strike’s pentesting is a part of Red Team assessments.
Strikers are part of Strike's global community of Ethical Hackers. They are certified with worldwide recognitions and certifications such as OSCP, OSWE, OSCE, or CREST. Strikers work from all over the world in a decentralized way, so there will always be one that matches perfectly with your pentesting needs.
All of our Strikers are chosen throughout a sophisticated onboarding process. Since Strike aims for the top 1% of ethical hackers in the world, the team makes sure they have important certifications and their work is top tier. Background checks and continuous validations are done consistently for every Striker to ensure that their work is excellent.
Strikers are from all parts of the world and work in a decentralized way.
Strikers are assigned 24 hours after the pentest is created. This assignment is not random: Striker’s skills will adjust to your cybersecurity needs, technology, company size, industry, and even region and language if that’s important in your case.
Yes, they do. Every Striker is certified and uses standard international pentesting methodologies, such as OWASP Top 10, OSSTMM, ISO 27000, and many others.
While you’re doing your pentest, you can chat with Strikers anytime using Slack. There will be an open chat where you can ask them your questions and discuss with them the vulnerabilities that were found. Also, you will be able, to have weekly follow-ups and support meetings.