Finding upload & real-time client collaboration
What do you like best?
The automation side of it and findings upload.
I also really get to feel like a part of the client's security team within the company, rather than working completely externally, because the real-time findings means client teams see findings as they are uploaded and we can collaborate on finding a fix
What do you dislike?
If I do recovery/recon and I use customized scripts in that tool or very specialized/customized tooling or plugins/parameters, the import isn't 100% accurate, but that's improving as we add more data to filter. If I want to import an XML with that customized data, it doesn't always support that data
What problems are you solving with the product? What benefits have you realized?
- Customer collaboration
- Instead of using a blank blackbox test, we come in and because the clients are already onboarded, we know what their vulnerabilities were last time, we already know who they are, everything is already logged, so we just level it up to their needs, which is really easy. We can also see when you did the last test, so we can notify the client when they need a new test.
- We can do free retesting for clients because everything is already in the platform and it's easy to see what was tested last.
- This allows us to stay up to date with a client, let them know when they need security testing, and essentially replace some of their need for an internal security team