11 Jan
2023
8
min read

What is a Credit?

We offer a range of credit packages that unlock our managed security testing, but what are credits?

Thomas Ballin
Founder

Credits enable your teams to access security testing without the need for lengthy procurement processes. Simply assign your engineers an allotment of credits that they can draw from as and when they need.

Credits can be used to commission bitesize assessments, referred to as Tasks. Alternatively, credits can be used to validate remediation or test for false positives from automated scans.

Tasks

Tasks put the control back in your hands by empowering you to choose the focus, depth, and priority of security testing. Generally this means assigning a task for each material feature or vulnerability group that you’d like us to test, but tasks can be as specific or general as you require.

The following are some examples of tasks:

Task Scope Objective Credits
Test user registration flow https://example.com/register Identify OWASP-10 vulnerabilities 1
AWS CIS benchmark Account: 123456789012 Ensure compliance with CIS Benchmarks 1
Log4J exploitability scan 192.168.1.0/24 Identify exploitable versions of Log4J 1
WordPress health check https://blog.example.com Check for common WordPress misconfigurations and missing patches 1
TLS configuration check https://example.com/ Check the TLS and x.509 configuration 1

Every task will detail the scope, the objective, and any constraints. This means that where you’d like a task to cover a broad functionality we can be fully transparent about any constraints that might have so that you can make a risk-based judgement.

We can support you in understanding how many tasks you might need during our initial discovery exercise, and your dedicated testing cluster is always on hand to update and amend tasks as your assets develop and change.

Baseline Tests

A task bundle can be created to enable Baseline testing. This is a collection of tasks that have been strategically combined to establish a point-in-time understanding of the security posture of an asset, or collection of assets.

Bundle Tasks Credits
Marketing site bundle Automated scan (inc. validations), web stack review, sampled manual checks 3
Small web portal Automated scan (inc. validations), web stack review, up-to 3 core features 5
Full cloud audit CIS Benchmarks, IAM policy audit, SG / ACL review, Common services review 4

Iterative Tests

The true power of tasks begins to be unlocked through Iterative testing. As soon as your team complete a development sprint, you can commission a task that focuses on the incremental change without the need to do a full baseline test every time.

What’s more, by integrating Cytix into your existing workflow, we can setup triggers to automatically commission tasks every time there’s a major change. That way you can be confident that every time code is pushed into your master branch or a ticket is closed in Jira, we’ll be ready to help.

Continuous Tests

With Continuous testing you set the number of tasks you’d like completed each month and we’ll do the rest. This always-on approach has all the benefits of a bug bounty program with the bonus of being delivered by a trusted partner with full understanding of you and your systems.

The advantages of continuous testing are huge, from constantly being tested against the latest published exploits, to being able to clearly track your performance over time, you can rest easy in the knowledge that we’re always in the background working away.

Validations

Validation credits can be used to help manage vulnerabilities through their lifecycle.

A validation credit can be consumed to investigate a specific finding identified by automated scans. This can be useful in removing false positives that create noise and to enrich findings with context that enables you to make pragmatic decisions about how to prioritise your vulnerability management programme.

A validation credit can also be used to validate a fix applied by an engineer for a known vulnerability, to ensure that it has been applied correctly.

bug report

Get a Free Trial  From Cytix

Haven’t tried Cytix yet? Try our free trial to see how it works.

Get a Free Trial

Start Detecting Vulnerabilities Others Miss Today

  • Detect Vulnerabilities Faster
  • Patch Vulnerabilities Faster
  • Be more compliant
Learn More
business
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.