Frequently Asked Questions
Query, Don't keep it to yourself. Ask us and let us know what we help you find?
-
Why should I use Armour Infosec?
At Armour Infosec, we believe that modern applications deserve something better than generic vulnerability scanners and overpriced penetration testing consultants. We have built a best in class SaaS platform which provides on-demand pentesting by connecting you to top application pentesters around the world.
-
What types of applications can be tested?
Our vetted and trusted group of pentesters, is highly experienced in doing assessments and penetration testing of web applications, mobile applications, web APIs, external networks, and the Cloud. If your application does not fall into these categories, we're still happy to have a chat and see if we can help.
-
How are vulnerability report scores calculated?
After a lead pentester has reviewed a vulnerability report, the report is assigned a score, and that score is included in the average of a pentester's vulnerability report scores.
-
Who are the pentesters?
Armour Infosec Pentester are a community of highly skilled pentesters who are passionate about what they do and who are always striving to be at the top of their game. This curated community is made up by security professionals with many years of experience and specialized skills. They all have a strong drive to keep to up to date on the latest vulnerabilities and exploits, and the tools and methodologies to find them.
-
Can I get a sample report from a Armour Infosec Pentest?
Yes, schedule a demo and we will provide you with one.
-
Can a pentester publicly disclose vulnerabilities found in my site?
Only with your permission. If a pentester wants to publicly disclose a vulnerability (anonymized or de-anonymized) to benefit the community, they will request your permission and act in accordance with your response.
-
Do Mobile Devices Present Security Risks?
Lorem, ipsum dolor sit amet How do you Startup? consectetur adipisicing elit. Accusamus ipsa error, excepturi, obcaecati aliquid veniam blanditiis quas voluptates maxime unde, iste minima dolores dolor perferendis facilis. How do you Startup blanditiis voluptates Lorem, ipsum dolor sit amet How do you Startup amet How do.
-
What kinds of vulnerabilities do the pentesters usually find?
Our pentesters find vulnerabilities of all types, but they most commonly report vulnerabilities in your business logic and vulnerabilities that falls into the OWASP Top 10 categories.
-
Can I share my credentials (usernames + passwords) with the pentesters for authenticated testing?
Yes, the majority of the pentests we do are on authenticated parts of a service and we offer a secure way of sharing the user credentials through the platform.
-
Do I need approval from my cloud provider (AWS and others)?
The big cloud providers (AWS, Azure, GCP) do not require prior notification of normal penetration testing. But if you are using a smaller provider you should check with them and Armour Infosec can help provide info.
-
If I don’t fully understand a vulnerability report submitted by a pentester. Can I communicate with the pentester?
Yes, communication is key! You can write comments directly to the pentesters asking them to clarify a specific report. You can also write internal comments to your team members to enhance collaboration. We also know that pentest findings don’t always get fixed right away, so we allow direct communication with the pentesters for months following the completed pentest engagement.