We're making the following actions for more security of our customers
To reduce the SNR which might results due to the penetration testing traffic against our customer's assets, all of our team testing traffic will be coming from one of BugSwagger VPN servers that'll help our customers avoiding any noise and keep an eye on everything.
Once the engagement started, we open a real-time communication channel between the customer and our team members to make sure we have a very smooth connection together. This communication channel doesn't have a specified expiration time. We'll be available all the time on this channel as long the customer have any questions or concerns regarding the findings or the penetration testing engagement in general.
Upon the client's request, we may encrypt the penetration testing report and destroy all engagement results from our side making them unrecoverable for more safety and security for our customers.
We prefer to not conduct our penetration tests on the customer production environment. And we're considerating similar behaviors to avoid anything that could lead to disturbing the business servability. We're performing all of our tests on dedicated environments that have been already prepared by the client before. ("e.g prelive/staging.")
Any critical security vulnerabilities that will be discovered during our security assessment is being immediately reported to the client on an initial report through our opened communication channel or any other secure way that client might choose.
The penetration testing report we issue for our customers can be easily imported with one click to most of SDLC workflow such as Jira, Github, Gitlab, Trello.
Once the customer fixes any of our report findings, we make the patch verification process of the deployed fix on the same day that we receive his request on, as well without any additional or extra fees.
We're determining our vulnerability severity classifications based on the customer business model, and other wells know frameworks like CVSS. making it easy for our customers to work on high-priority things first.
Our penetration testing report includes how to fix each vulnerability in a more customized way.