Frequently asked questions
Strike’s Pentesting
Pentesting is the short term for penetration testing, which consists of a series of standardized attack simulations to discover vulnerabilities of any given system. Those are part of the common practices regarding offensive security.
In this process, a cybersecurity expert will test the system in creative and counterintuitive ways. Then, they will find vulnerabilities and report them.
This will help your company tremendously, because you’ll be able to fix them right away and prevent potential cyberattacks.
Strike’s Pentesting is the unique way to protect your system throughout Pentests performed by Strikers. Strikers are world-class ethical hackers that will test your company’s vulnerabilities in creative and counterintuitive ways, reporting vulnerabilities in real time. This is a continuous process and its main goal is to make cybersecurity part of your company’s development cycle.
First, Strike will connect your company with the Strikers that match your needs, as well as language and time zone if that is important in your case. Later on, they will start the pentest and look for potential vulnerabilities immediately. Once that’s done, you’ll be able to see all of your vulnerabilities found in Strike’s Platform. Strikers will also suggest ways to fix their findings.
Multiple aspects differentiate Strike’s pentesting from the traditional one.
First of all, Strike works with a Flexible Scope. This means that once you start the pentest, you’ll be able to change aspects like designated hours or even your objectives during the process. Also, you’ll be able to have fluid communication with the Strikers via chats on Slack, where you can ask them your questions and listen to their feedback.
Also, Strike offers real-time reports that will allow you to see all of the vulnerabilities that are being found by your Striker and fix them right away. Another aspect that differentiates Strike’s Pentesting from the traditional one is the multiple plans available: Continous Pentesting and One-Shot Pentesting. Each of these plans is thought specifically for your company’s needs and size.
Strike has two pentesting plans that will fit perfectly with your company’s size and needs.
Continuous Pentesting is ideal for big enterprises with already established products in the market. Its main goal is to find vulnerabilities continuously throughout one year, making cybersecurity part of your company’s development cycle.
One-Shot Pentesting is the other option available. This is a three-month process ideal for scaling companies that need quick testing on their system. It’s great if your company needs Compliance reports or tests for a specific product or feature.
Pentests are processes that happen during a certain period and cover the biggest amount of scope possible. This means that the more vulnerabilities are exploited, the better. On the other hand, Bug Bounty is about exploiting one vulnerability more deeply. As a consequence, while Strike’s Pentesting covers a bigger surface in a wider way, in Bug Bounty there’s a smaller surface but a deeper process.
Strike’s Pentesting can be performed for web applications, mobile applications, and cloud applications.
Yes, and there are many ways to do that.
First of all, you can use Strike’s platform as part of your workflow: you will find a Kanban board to follow vulnerabilities by status. Strike’s platform is encrypted, so it’s the best place to centralize any workflow.
On the other hand, you will be able to integrate Strike with your Jira board with native integration. Also, you can use Strike’s public API to connect it with your custom workflow.
Yes, Strike’s pentesting is a part of Red Team assessments.
Automated Scans is one of Strike’s complementary products, and is available in all plans. In this process, your system will be scanned automatically every two weeks. As a consequence, all of the vulnerabilities found will be sent to your Striker so he can complement that with his manual pentest.
However, it’s important to note that Automates Scans by itself is not enough, because the vulnerabilities found are more common and not deep.
Strikers
Strikers are part of Strike’s global community of Ethical Hackers. They are certified with worldwide recognitions and certifications such as OSCP, OSWE, OSCE, or CREST. Strikers work from all over the world in a decentralized way, so there will always be one that matches perfectly with your pentesting needs.
All of our Strikers are chosen throughout a sophisticated onboarding process. Since Strike aims for the top 1% of ethical hackers in the world, the team makes sure they have important certifications and their work is top tier. Background checks and continuous validations are done consistently for every Striker to ensure that their work is excellent.
Strikers are from all parts of the world and work in a decentralized way.
Strikers are assigned 24 hours after the pentest is created. This assignment is not random: Striker’s skills will adjust to your cybersecurity needs, technology, company size, industry, and even region and language if that’s important in your case.
Yes, they do. Every Striker is certified and uses standard international pentesting methodologies, such as OWASP Top 10, OSSTMM, ISO 27000, and many others.
While you’re doing your pentest, you can chat with Strikers anytime using Slack. There will be an open chat where you can ask them your questions and discuss with them the vulnerabilities that were found. Also, you will be able to have weekly follow-ups and support meetings.