As we all know, hackers don't follow a set schedule, and can test infrastructure randomly at any given time. Sadly, most customers do follow a pattern when testing their infrastructure once a year. In most cases, this test is done in the fourth quarter each year. We at Citadelo think that this approach is fundamentally flawed. We believe that every application, website, or infrastructure system should be re-tested regularly, as this is the only way to comprehensively uncover system security issues.
With our new “Hacking as a Service” (HaaS) offering, we test our clients' applications, websites, or infrastructure on a regular basis. Our clients benefit from a fixed commitment, ensuring our ethical hackers regularly test their infrastructure and address any issues encountered. The fixed amount of resources is based on the agreed number of days, to ensure the budget remains within the agreed scope.
With this process, we can provide close cooperation to identify risks regularly. Our customers will continue to have complete control over the task or project we work on.
The number of days listed below covers time for penetration testing (Cloud, Application, Mobile and Infrastructure), Source code review, Industrial security, Red and Blue Teaming, IT Security Auditing and or IT security consulting services.
The plans listed below include all fees, label costs, and license fees for the software we use for testing your systems.
|Ad hoc approach||Basic||Premium||Professional|
|Included man-days||Based on quote||9 Days per quarter||10 Days per month||15 Days per month|
|Number of projects||-||Unlimited||Unlimited||Unlimited|
|Access to multiple ethical hackers||-||X||People rotation||People rotation|
|Regular reporting||Yes (project completion)||Quarterly||Monthly||Monthly|
|Real-time reporting||X||high-risk findings
|Total cost||contact sales Team||Fixed monthly cost - contact Sales Team||Fixed monthly cost - contact Sales Team||Fixed monthly cost - contact Sales Team|
**1 After the discovery of high-risk findings and successful PoC. (Proof of Concept)
**2 Limited to the number of man-days included with the professional plan.