iViZ Cloud based Application Penetration Testing

Step 1: Determine the number of tests you need

Business Critical Apps
Number Number of major release/year Total number of Comprehensive Test/Year Total number of Non-Comprehensive Test/Year 5 4 20 40

Non-Business Critical Apps

Number Number of major release/year Total number of Non-comprehensive tests/year/App Total number of Comprehensive Test/Year 10 2 20

Comprehensive Test: Automated Testing+ deep manual testing with exploitation and Business Logic Testing Non-Comprehensive Test: Automated Test+ Minimal manual validation

Non comprehensive test at least once a month apart from month when Comprehensive test is done

Optional to conduct full fledge test. You can choose number based on budget.

Logic Testing

iViZ Cloud based Application Penetration Testing

Step 2: Vendor Evaluation Checklist

Quality of Results
False Positive Removal (Yes/No) % of WASC Class Covered No of Hours of Business Logic Test per App Proof of Concept for Exploitation (Yes/No) Manual Validation to remove False Positive Vendor 1 Vendor 2 iViZ Yes 100 16 Yes Yes

Operational Metrics
Ability to scan during non-business hours Maximum number of scans that can be run in parallel Average turn around time per scan Yes Any 1 to 5 days

Management Metrics
Is there any consolidated dashboard? Can you view on demand metrics? Can you have vulnerability analytics? Yes Yes Yes Ask Vendor Ask Vendor Ask iViZ

Total Cost

Note: This is not normal manual validation and scan monitoring but deep business logic testing

Depends on your application size. You should ask your vendor.