- customer needs not to worry about hardware and maintenance requirements of the software
- and in most of the cases customer has to pay only for what he is using i.e. in case of DynamoDB customer has to pay only for the amount of data he is storing or retrieving.
In the term SaaS, 'service' word is being used as figuratively i.e. its like outsourcing your software's infrastructure and maintenance needs. When I said pTaaS i.e. Pen-Testing as a Service, I meant it literally rather than figuratively; i.e. by pTaaS I meant outsourcing your penetration testing work.
The biggest hurdle in outsourcing some XYZ service is the amount of information that needs to be exchanged between the client and service provider; if the information exchange involves sharing something confidential then probably that service XYZ cannot be outsourced. As penetration testing in itself is a form of black box testing so it can be easily outsourced as pen-tester hardly needs any implementation or even design information.
Although some forms of pen-testing can be better categorized as gray or white box testing but that's not actual pen-testing; this is what I feel at least. Pen-Testing is basically thinking from an attacker's or hacker's point of view and then probing a piece of software for security vulnerabilities. Lesser information (off course about the targeted software) a pen-tester has in the beginning of the pen-testing, more effective and more practical pen-testing results are going to be !! When someone knows the internal details of a product YYY then for him it is comparatively easy to figure out the issues with that product YYY. But the real art lies in starting with zero information and then ultimately figuring out a way to compromise the whole product; this is what our pen-testing services are all about.
If you allow us to do this service for you, then;
- we will be doing a complete analysis of your website by exploring all possible issues because of which your website can be compromised;
- and finally we will be sharing a detailed report of how those issues can be exploited along with the suggestions to fix those issues.
PS: In my last post I promised to discuss about UI Redressing attack and usage statistics for 'X-FRAME-OPTIONS'; please excuse me for changing the topic today; I will be writing on that topic very soon.
-Archana