Frequently Asked Questions

What is the difference between a vulnerability assessment and a penetration test?

In many scenarios, the terms “vulnerability assessment” and “penetration testing” may be used interchangeably. But we refer to the vulnerability assessment as being non-exploitable; meaning we will report on detected vulnerabilities but will not attempt to actively exploit these findings.
But in an external penetration test we will conduct a more thorough, in-depth test that will seek to actively exploit detected vulnerabilities in order to compromise, or set up a scenario where we demonstrate to compromise, your systems and assets just like an outside hacker or attacker would. In an internal penetration test, we will focus on testing devices found behind the firewall or located so that they are not directly internet facing.

What tools do we use?

Our vulnerability assessments and penetration tests are mostly conducted manually because we believe that there is no substitute for the human mind. But even then, we do need the help of some tools to conduct the test more efficiently and thoroughly. Some of the tools that we use are Metaspoilt, Retina, Burp Suite, NMap etc. But the tool selected for your engagement may vary based on our perception of the appropriate tool necessary to properly assess your environment.

How expensive is it?

Beetles offers the best assessment and testing services at the most reasonable and inexpensive rates. The rates differ based on the number of IP addresses provided for testing as well as the web domain or application. We provide fully customized and packaged solutions based on the demands of our clients.

How frequently will the tests be performed?

Our basic service fee provides for the performance of a single test at a time of your choosing. We also offer more frequent testing intervals for the same discounted price per occurrence. As best practice, we strongly urge all organizations to conduct an internal vulnerability assessment annually or after any major changes in patching practices or solutions. Periodic vulnerability assessments are also an excellent mechanism for demonstrating the effectiveness of your overall cyber security monitoring program to regulatory authorities.

What is required to perform a remote test and how will you attach to my network?

We will consult with your administrative personnel to determine the most effective manner in which to perform the internal vulnerability assessment. Generally, your test can be performed through allowing Beetles a temporary Virtual Private Network (VPN) connection toy our internal network. We will, however, require domain-level administrative access in order to perform the test and we will require you to set up a dedicated account for this purpose. We will make sure that you enable necessary logging and implement practices to ensure our administrative and VPN privileges are disabled after the completion of our testing.

Who will perform the tests?

Your tests will be conducted by direct employees of Big Web Technologies Ltd. All our employees are local talents and are subject to extensive background checks and have confidentiality and non-disclosure agreements with our firm.

What is the time frame for performing a vulnerability test?

We can perform your internal vulnerability assessment within one to two weeks, in general, after we receive the official work order. If you require an expedited test, we can customize a schedule for you.

How will I receive the finding from the vulnerability assessment?

We issue a formal report for all our review services. This report will include an overview of the findings from our test as well as any recommendations regarding remediation. You will be invited to join our proprietary Beetles Program Platform, where you will be kept updated on the current status of your test as well as have access to all your results. You will receive formal reports of our review services here and the report will include the details of the findings from the test as well as any recommendations regarding remediation. You will also be able to download a PDF copy of your report, if you wish to do so.

Be A Part Of Our Team