Sioma Labs

How soon can I schedule a penetration test?

It will depend on how fats you need to get it done, But! if you're working against a deadline and need to schedule on shorter notice, we'll do our best to get it done even sooner.

Test How fast can I get a proposal?

Usually in less than a week. But if you're working against a deadline and need to schedule on shorter notice, we'll do our best to get it done even sooner.

How long does it take for Sioma Labs to do a penetration test?

For Sioma Labs a penetration test takes between 3-10 days - it depends on the size of your application/network. But we'll let you know in advance how much time we think the work will take.

What if I want all disruptive tests to be done in off-peak hours?

No problem. Please tell us your preferred windows for disruptive tests and we'll perform them then.

What will I get after the penetration test?

At the end of the Sioma Labs penetration test, you get:
1. A detailed report
2. The Sioma Labs Certificate:

IIn the report we'll describe the holes we've found and describe in detail how they can be exploited and how to fix them. We'll walk you through the exploit with screenshots so you can understand exactly how a potential attack can disrupt your site. The report explains how you can safeguard against attacks and go to sleep at night knowing that your site is secure.

Once we're assured that your application complies with the Sioma Labs Certification Criteria you'll receive the Sioma Labs Certificate. The Sioma Labs Certificate provides a guarantee to both you and your users that your website is secure.

Can all disruptive tests be done at off-peak hours?

No issues on that. Please tell us your preferred windows for disruptive tests and we'll perform them then.

Will the final report contain solutions that I can give my team?

You can expect all the support you need and deserve. Our reports are detailed and enable you to quickly implement the solutions on your own. However, if you have any questions don't hesitate to get in touch with our engineers. Every test that we do comes with unlimited email support for a year.

Do I need to open up all ports on the firewall for Sioma Labs?

No. All we need are access to the ports that relate to your application. If, for example, your web application runs on ports 80 and 443 then those are the only ports we'll need access to.

Can you test my site periodically, say every quarter?

Sure. When you make changes to your site, you want to be sure you have done it safely. We want to make certain that your site is safe year round. If your site is undergoing rapid changes then you'll want to have the testing done more frequently. It's up to you to choose -- monthly, quarterly, or semi-annually. Many of our customers choose the quarterly testing option. We also offer periodic test subscriptions at discounted prices, which have the added benefit of offering even higher access to Sioma Labs support. If you expect to add features to your site, please ask your Sioma Labs representative about the Periodic Testing option.

How's a Sioma Labs penetration test better than Tools?

Sioma Labs offers the gold standard of security testing - formally known as Manual Application Penetration Testing. Our experienced testers can probe deeply and uncover holes that no tool can find. (Learn more...) Our tests combine the speed of automation with the accuracy and depth that can only be provided by an intelligent, experienced tester. That means that our results are far more impressive than any that software can achieve.

What kind of information do you need to start the test?

Here's a pre-test checklist that we'll need before we can start your test.

Please mail us:

1. The URL of the application

2. Two login id/passwords for each privilege level

3. The timings of any planned downtime

4. A phone number you can be reached at reliably

5. Administrators guide/User manual/Help, if available

6. Any special instructions we need to be aware of

Please verify:

7. The application is ready to be tested

8. No changes are planned during the test

9. The login ids are fully activated

Please note: we need two logins per privilege level. Privilege levels might include Teller, Supervisor, Manager and Administrator. We'll also need two logins for each category. We'll use this information to test whether an unauthorized user can bypass restrictions or gain access to an unauthorized account or the account of a higher privileged user.

As we run our tests we're able to pick out holes that would allow an adversary to gain access to an authorized user's account or expand his own privileges. Read more on why we need two logins per privilege level.

We request that you make no changes to the app while we're testing. Constructing test cases can be complex, and a moving target makes it even more difficult. The quality of a test suffers when parts of the app we've already tested undergo changes beneath the surface. If you really must make any changes, please let us know so that we can make the necessary adjustments.

What applications have Sioma Labs tested? Have you tested one similar to ours?

We have tested over 500 applications of different kinds so it's very likely that we have tested one like yours. Please browse through our list of applications we've tested to find out.