The age old penetration test is dead, long live the penetration test...So as discussed before a 1-off penetration test does not work, why?
So, our 1-off penetration test is only a point-in-time assessment and has its place for deep-dive penetration tests but more often than not the value of a 1-off penetration test is erroded the day the report is finished... like driving a car out of a dealership, it looses half its value in an instant.
We dont have experienced consultants running scans and chasing False positivesWe dont have 300 reports to manage and attempt to track what, how when was fixed not to mention risk priority.
Bring forth... edgescan
For the Last year we have been developing a pretty decent vulnerability management tool. It answers questions like
Some screen shots of edgescan given a picture is worth 1000 words
What are my biggst security concerns on network and application layers?
What is the history of each asset and what changes have occured..the dashboard answers such questions.
My to do list!! Ordered by risk, date, asset etc etc. what do I need to remediate and which issues take a high priority.
Also advice on how to fix discovered issues.
Each of my assets organised by criticality. A snapshot of each asset. Is it more secure than the last scheduled assessment?
Are my issues in the network later (administration/config) or the application layer (development/devops)?
Yes, you can download deep technical reports or executive level reports on one or more assets if you wish. Select date ranges for historic reporting also.