A Range of Credit Packages that unlock Managed Security Testing

Credits enable your teams to access security testing without the need for lengthy procurement processes. Simply assign your engineers an allotment of credits that they can draw from as and when they need.

Credits can be used to commission bitesize assessments, referred to as Tasks. Alternatively, credits can be used to validate remediation or test for false positives from automated scans.

Tasks

Tasks put the control back in your hands by empowering you to choose the focus, depth, and priority of security testing. Generally this means assigning a task for each material feature or vulnerability group that you’d like us to test, but tasks can be as specific or general as you require.

The following are some examples of tasks:

‍

Task	Scope	Objective	Credits
Test user registration flow	https://example.com/register	Identify OWASP-10 vulnerabilities	1
AWS CIS benchmark	Account: 123456789012	Ensure compliance with CIS Benchmarks	1
Log4J exploitability scan	192.168.1.0/24	Identify exploitable versions of Log4J	1
WordPress health check	https://blog.example.com	Check for common WordPress misconfigurations and missing patches	1
TLS configuration check	https://example.com/	Check the TLS and x.509 configuration	1

‍

Every task will detail the scope, the objective, and any constraints. This means that where you’d like a task to cover a broad functionality we can be fully transparent about any constraints that might have so that you can make a risk-based judgement.

We can support you in understanding how many tasks you might need during our initial discovery exercise, and your dedicated testing cluster is always on hand to update and amend tasks as your assets develop and change.

Baseline Tests

A task bundle can be created to enable Baseline testing. This is a collection of tasks that have been strategically combined to establish a point-in-time understanding of the security posture of an asset, or collection of assets.

‍

Bundle	Tasks	Credits
Marketing site bundle	Automated scan (inc. validations), web stack review, sampled manual checks	3
Small web portal	Automated scan (inc. validations), web stack review, up-to 3 core features	5
Full cloud audit	CIS Benchmarks, IAM policy audit, SG / ACL review, Common services review	4

‍

Iterative Tests

The true power of tasks begins to be unlocked through Iterative testing. As soon as your team complete a development sprint, you can commission a task that focuses on the incremental change without the need to do a full baseline test every time.

What’s more, by integrating Cytix into your existing workflow, we can setup triggers to automatically commission tasks every time there’s a major change. That way you can be confident that every time code is pushed into your master branch or a ticket is closed in Jira, we’ll be ready to help.

Continuous Tests

With Continuous testing you set the number of tasks you’d like completed each month and we’ll do the rest. This always-on approach has all the benefits of a bug bounty program with the bonus of being delivered by a trusted partner with full understanding of you and your systems.

The advantages of continuous testing are huge, from constantly being tested against the latest published exploits, to being able to clearly track your performance over time, you can rest easy in the knowledge that we’re always in the background working away.

Validations

Validation credits can be used to help manage vulnerabilities through their lifecycle.

A validation credit can be consumed to investigate a specific finding identified by automated scans. This can be useful in removing false positives that create noise and to enrich findings with context that enables you to make pragmatic decisions about how to prioritise your vulnerability management programme.

A validation credit can also be used to validate a fix applied by an engineer for a known vulnerability, to ensure that it has been applied correctly.

‍