Penetration Test Offerings
Multiple types of Penetration Tests/Engagements fall within the expertise of Oneleet’s penetration testing team, some of them being:
- Network Pentesting;
- Mobile App Pentesting;
- Web App Pentesting;
- Wireless Network Pentesting;
- Social Engineering Pentesting;
- Pentest Program Management;
- IoT Ecosystem Testing;
- Red Team Assessment;
- Digital Risk Assessment;
- Secure Code Review.
At Oneleet, we offer 3 different types of Penetration Test packages.
| Feature | Compliance | Comprehensive | Custom |
|---|---|---|---|
| Description | A high-level assessment of your product, evaluating the effectiveness of your security measures in mitigating potential breaches for compliance purposes. | A thorough penetration test that examines all aspects of your application’s attack surface to identify vulnerabilities across all categories. | A thorough penetration test that examines all aspects of your application’s attack surface to identify vulnerabilities across all categories. |
| Target | Web Applications Mobile Applications APIs | Web Applications Mobile Applications APIs Networks Cloud Assessmentss Secure Code Reviews Social Engineering | Web Applications Mobile Applications APIs Networks Cloud Assessmentss Secure Code Reviews Social Engineering Red Teaming IoT Devices |
| Use cases | Vulnerability testing of existing & new features. Often sufficient for early-stage companies going through SOC 2 | Vulnerability testing of existing & new features. Microservices testing. Testing based on several OWASP frameworks | Companies with multiple applications, red teaming, etc. |
| Testers | Manual test with a penetration tester that is at minimum OSCP & OSCE/OSWE certified | Manual test with a penetration tester that is at minimum OSCP & OSCE/OSWE certified | Manual test with a penetration tester that is at minimum OSCE/OSWE certified |
| Customizable Report | Not Included | Included | Included |
| Support | Answer within 48H | Dedicated point of contact that answers within 24H | Dedicated point of contact that answers within 24H |
| Free Retesting | 12 months | 12 months | 12 months |
| Rush delivery | Optional | Optional | Included |
| Letter of Engagement | Included | Included | Included |
| Letter of Attestation | Included | Included | Included |
| Customized Letters | Not included | Included | Included |
| Onboarding Support | Slack | Slack & Live | Slack & Live |
| Dedicated Customer Success Manager | Not included | Included | Included |
| Used Standards | Pentest conducted in accordance with industry-standard methodologies such as OWASP Top-10 | Pentest conducted in accordance with industry-standard methodologies such as OWASP WSTG, OWASP ASVS, etc. | Pentest conducted in accordance with industry-standard methodologies such as OWASP WSTG, OWASP ASVS, etc. |