Ronin-Pentest Best Testing Program Description

We will soon be launching our new vulnerability scanning platform and in advance of the big
launch we’re looking for a select group of companies to partner with to help us carry out beta
testing so we can make sure the platform is working perfectly when we go live.

If you have a website which has functionality behind authentication and an API for a mobile app or
similar and up to 15 servers or internet accessible endpoints (office or home routers). This is
exactly the kind of infrastructure that will allow us to test all our features effectively and you’re just
the sort of partner we’re looking for. Don’t worry if you don’t have all of these things this is a guide
not a requirement.

Here’s a quick explanation of how it will work;

Step 1 On-boarding - This is necessary to set up network access because we need to be able to
scan your assets without WAFs or firewalls in the way. This is because we need to be testing your
code for vulnerabilities and not the configuration of your WAF/firewall which is designed to block
exactly the sort of traffic we need to send in order to test effectively.

The onboarding process should take about a 1 hour meeting with a technical point of contact from
your team. After we’re all set up we can do free testing for you and in return we’d appreciate
feedback on your experience so we can use the data to improve our service. If you’re happy with
how things go then we’d love to have a testimonial from you which we can put on our website.

It doesn’t matter if you already do annual pentests or not. If you do then vulnerability scanning is a
good addition to your security program as you will no doubt make changes to your website and
network more frequently than once a year. It’s good practice to run a vulnerability scan every time
you deploy a new change to ensure it doesn’t expose you to any vulnerabilities.

If you don’t already do pentests then starting with vulnerability scanning is a good way to your
security program up and running. Our tools will help security issues so you can get them fixed.
Then when you have your first pentest the consultant will be able to focus on issues that only a
human can find. This will reduce the cost and time required for the test.

Step 2 Scanning - After we’ve got you on-boarded we will run scans against all the assets in scope
for testing. We’ll manually check the results to make sure no false positive issues are included and
we’ll prepare a full report.

Step 3 Report Delivery – We’ll deliver the report to you and have a second meeting so we can
explain all the issues and make sure you know what to do to get them fixed.
Then you’ll have some time to make the fixes we normally suggest about 2 weeks.

Step 4 Re-test - When you’ve had a chance to make the fixes we’ll run the scans again to confirm
the fixes are effective and deliver you an updated report showing the originally reported issues as
either Closed (fixed) Part Closed (partially fixed) or Open (not fixed)

Step 5 Review – After the process is complete we’ll have a third meeting where you can give us
feedback on the whole experience. What you liked, what you didn’t like. What worked and where
improvements could be made.

In essence we will be delivering our Done-For-You service in return for feedback so we can test the
new platform in a real world context. We’ve already done extensive testing in lab conditions and
now we need to take the variety of the real world into account and make sure we’ve prepared for
all eventualities.