FAQ

Industry recognitions we have earned

Provensec awarded  Enterprise Security Top 10 Vulnerability Management Solution Provider 2017
Provensec was awarded by 2017 TAG Cyber Security
Provensec was awarded by CIO Outlook for TOP 10 Retail Security Solution P 2017
Provensec ISO 27001 Certified

Who are we?

Founded in 2012, Provensec has grown to be a leading player in the Security Assessment and Vulnerability Management market. We are a small, passionate and powerful team. We invest a lot of time, energy and resources researching the latest hacking trends and mastering new security testing techniques. Provensec has a proven passion for security. This is evident from responsible disclosures that our team has made regarding leading brands such as Google and LinkedIn.
Provensec has engaged with some of the leading brands in banking and IT industries to make them more secure. We have firsthand experience in working with government institutions focused on national security.
Our multinational footprint includes a security research lab in India and consulting units in The Netherlands, USA and Australia.

CloudPRO-X

CloudPRO-X is a cloud-based vulnerability scanner. It has cutting edge capabilities such as online vulnerability scanning, uptime monitoring, malware/blacklisting monitoring and “on demand” penetration testing
Set up your CloudPRO-X private space using a single dashboard. Then add your system assets for scanning and monitoring. Next, select a security test for each asset which can be run on-demand or scheduled. Reports are issued at regular intervals such as daily, weekly or monthly. Results are clearly illustrated on the dashboard so can be easily managed by you or your tech team.
This SaaS platform hosted at AWS can detect multiple vulnerabilities like XSS, all injection-type attacks, cryptography hacking, LFI, RFI, email spoofing and more. It provides over 40,000 security checks for missing patches and security configurations, new malware infections and OWASP Top 10 risks.
It detects vulnerabilities as other scanners do – but WITHOUT false findings.
Most of our customers fix the security problems themselves using the guidance provided in the reports.
Yes. The results of your tests are Confidential.
No. Our scanning will not harm anything on your site, applications or servers. Our service is designed to be used on “live“ websites, therefore, will not impact your visitors.
CloudPRO-X is a cloud-based security product provided by Provensec, a company whose security products and services are trusted by corporations worldwide. We have been providing security testing solutions since 2012 and are now making these powerful tools available to everyone.
Yes, a bit.

  • Adjust any intrusion prevention or web application firewall solutions to allow our system to run tests.
  • Contact us to obtain specified IP addresses for whitelisting.
The Security Badge is an online certificate of website security. Displaying our security badge demonstrates that your site is free of severe vulnerabilities and also that you care about the security of your visitors and/or clients. It gives everyone confidence that any personal information they enter on the site is safe, resulting in more business for you.

Penetration Testing

  • A penetration test is a security test to identify security vulnerabilities that are exploitable.
  • A penetration test is totally different from a vulnerability scan. A vulnerability scan is automated. A penetration test is a manual test conducted by trained qualified and certified professionals, and uses human interaction and human ingenuity to discover flaws that automated tools often miss.
According to requirement there is verity of Penetration Tests like:

  • Network and configuration penetration tests
  • Web application penetration tests,
  • Wireless network penetration tests,
  • Client-server application penetration tests,
  • Mobile device and apps penetration tests, and
  • Social engineering.
Provensec offers web application penetration testing, Mobile device and apps penetration testing (android, IOS, and blackberry), cloud penetration testing (AWS, AZURE and Google Cloud), and PCI penetration testing.

The cost of penetration testing depends on the client’s goals, the type of risk assessment and the number of assets involved.

This is why we offer a FREE no-obligation consultation. Our technical security experts will learn your goals, determine the scope of the assessment and then provide you with a precise quote.

Depending on the type of testing required and the size of your project, the time it takes to complete a complete a penetration test varies.

In our FREE no-obligation consultation we will ask you some questions regarding your project so we can determine the length of time it will take.

Penetration Test will reveal the weakness that the attacker probably used to gain initial access to your site. These flaws must be fixed at the same time we provided you a report of your penetration test.
Our customers fix the security problems themselves using the recommendation provided in our reports.
  • After implementing significant changes in website, application or network
  • Security audit for HIPAA or PCI-DSS
  • After updating application or changes in system
  • Before submission of application for breach insurance
  • If you store valuable data and have never had one
All our penetration testing engineers hold industry recognized certifications, such as GSEC, OSCP or CEH. In addition, we also ensure that all our penetration testers have strong web development backgrounds, as well as networking experience.
Vulnerability scans preform preconfigured pattern recognition, so there are many aspects of a system that will not be scanned completely. Penetration testing provides coverage for large number and variety of serious security faults that scanners are incapable of finding and testing.
We have performed single engagements for client covering 600 IP addresses, 20 websites, 3 android applications, 2 IOS applications and 2 Static Application Security Testing.

Easy ISMS Tool

ISO 27001 is a requirement for an information security management system (ISMS). An information security management system is a skeleton of policies and procedures that include all legal, physical and technical controls implicated in an organization’s information risk management processes.

Easy ISMS Tool is cloud-based ISMS tool that covers all steps you need to achieve ISO 27001 certification. These include documents, online risk assessment, and templates that are explained with appropriate user guidance. This helps you to accomplish continuous compliance with the ISO 27001 security standard while saving both time and money.

  • Step 1: Set-up your private cloud space with Provensec Easy ISMS Tool where you will get consolidated dashboard, reports, user administration features and more.
  • Step 2: Define your scope in the Easy ISMS Tool, add locations in the scope of ISMS, add business units, add business process and add assets.
  • Step 3: Now manage risk by defining inherent risk, treating identified risks, define an action plan.
  • Step 4: Your SOA will be pre-filled based on the above phases. Select applicable controls and implement them.
  • Step 5: Meet all mandatory requirements
  • Step 6: Monitor your ISMS.

Our cloud based ISMS Tool cost $4999 per year which will give you access to our cloud tool only.

The cost of customized consultation depends on the scope of assignment.

In our free no-obligation consultation we will ask you some questions regarding your ISMS so we can determine the duration and cost of the project.

Partner Program

Private-label products also known as “phantom products” are usually those provided by one corporation for offer under another company’s brand name.
Provensec Labs offers a security solution that is ready for launch with your own branding. Our Cloud Security Scanning product includes these features:

  • Fully automated cloud vulnerability scanning
  • Uptime monitoring
  • Malware monitoring
  • On-demand penetration testing
  • Threat intelligence

If you are an MSP or a security consulting company looking to offer cloud security as a service – start here. We have done all the hard work for you.

Provensec Private Label Security Solution features many things like following:

  • Your own branded cloud-based security as a service system.
  • An easy to use automated cloud based security scanning platform.
  • Dashboard with your own company logo, color scheme, punch line, and the portal has your URL.
  • Monitoring and centrally managing your scanning services across all customers from a single console
  • Get started quicklywith our WordPress plug-in or via an advanced API.
  • Security scanning reports with your company logo are emailed to your clients automatically.
We offer many easy ways to set up your Private Label Security Solutions and get you started. The portal is already set up and hosted on Amazon cloud. When your client logs in they see your chosen URL and logo. Security scanning reports are emailed to your clients automatically and contain your company logo. If you have an existing website you can use of one of the following ways to integrate our signup process and start selling online For more information visit: https://goo.gl/8YM8kt

The Provensec Partner Program is the very backbone of our business model. We are the industry’s first B2B market playerfocusing on helping MSPs and Web Hosting companies to launch their own Security as a Service within 48 hours.

1. Build a new revenue stream without any staffing costs or upfront investment 

You can capture your share of the security market by building a scalable business without adding new headcounts or building in-house security expertise. You get a recurring revenue stream which gives you an immediate branding boost and puts you a step ahead with a competitive edge.

2. Your own branded cloud-based Security as a Service offering 

Provensec can help you launch your own branded SaaS business within 48 hours. Our business model gives you complete control of this solution so that you can create your sales strategy to your advantage. The portal has your URL, logo and punch line. Scanning Traffic originates from a source marked exclusively for your business.

3. Create your own resellers and gain from your partner program 

Our simple licensing system allows you to procure a block of licenses upfront so you are in complete control of your bottom line. This allows you to design your own product portfolio and gain from further B2B enrollments. With higher volumes, you can gain exclusive rights to resell within a certain territory.

Simply schedule a FREE no-obligation consultation with an Account Manager to discuss the investment.

PCI ASV Scanning

All PCI scans should be conducted by AN approved scanning vendor, chosen from the list of approved vendors. All compliant scanning vendors are needed to perform scans by an outlined set of procedures. These procedures dictate that the conventional operation of the client environment isn’t to be impacted which the vendor should never penetrate or alter the client environment.

Qualified Security Assessors (QSA) are licensed to perform annual audits for merchants and service providers to document compliance with PCI. Approved Scanning Vendors (ASV) is permitted to perform the quarterly scans to indicate compliance with the PCI Data Security standard. Many qualified security assessors incorporate approved scanning vendors into their solution portfolio.

Provensec is an Approved Scanning Vendor.

Provensec is certified as a PCI Approved Scanning Vendor (ASV) to help merchants and their consultants validate and achieve compliance with the PCI Data Security Standard. Provensec PCI Compliance is an on-demand compliance testing and reporting service. Using the service, we can run PCI scan for you and provide you a compliance report which you can submit directly to acquiring banks.

A network security scan must be completed every 90 days by an approved PCI scanning vendor. Provensec is a PCI approved scanning vendor (ASV). To achieve network status compliance, all hosts should be scanned using Provensec managed PCI ASV scan, and there can be no PCI vulnerabilities found from the scans. Using Provensec managed PCI ASV scan, you can scan your network in segments and re-scan for vulnerabilities on target IPs. Segmented scanning allows you to scan hosts that you have remediated without having to scan your complete network.

All external IP addresses must be scanned for PCI compliance.
In “Security Scanning Procedures” document PCI SSC mentioned what IP address should be scanned to satisfy compliance needs.

"The PCI requires all Internet-facing IP addresses to be scanned for vulnerabilities. If active IP addresses are found that were not initially provided by the customer, the ASV must consult with the customer to determine if these IP addresses should be in scope. In some instances, companies may have a large number of IP addresses available while only using a small number for card acceptance or processing. In these cases, scan vendors can help merchants and service providers define the appropriate scope of the scan required to comply with the PCI. In general, the following segmentation methods can be used to reduce the scope of the PCI Security Scan.
Providing physical segmentation between the segment handling cardholder data and other segments. Employing appropriate logical segmentation where traffic is prohibited between the segment or network handling cardholder data and other networks or segments
Merchants and service providers have the ultimate responsibility for defining the scope of their PCI Security Scan, though they may seek expertise from ASVs for help. If an account data compromise occurs via an IP address or component not included in the scan, the merchant or service provider is responsible."

Scan duration depends on the responsiveness of your server. Some scans finish in close to an hour, while others take over four hours to complete

Our scans are designed to be low impact and non-intrusive. It’s most unlikely that you will experience downtime due to the scan. You may, however, notice slightly reduced performance from your server because the scan is run. Therefore, we suggest that you simply schedule your scans to run throughout your off hours.

You will be notified by email when your scan completes.

No, you cannot find us there we have bought bulk scans from our partners who are listed on PCI DSS website. We are providing a managed service on top it where we do scan, compliance and everything and at the end of the service, you get a complaint report.

As per the requirements within the PCI scanning procedure specifications, an IPS should be set not to block a scan.

Depending on your network, it should be necessary to include the scanner IPs to your list of trustworthy IPs. Therefore, the service can send probes to the IP addresses in your account throughout scan processing.

We provide 3 reports:

  • Attestation of Compliance Report: states whether your organization is compliant with PCI from a scanning aspect. It must contain your primary contacts details, your address, the ASV’s main contacts details and their business address.
  • Executive Summary: provides a table with each of your externally facing hosts with a statement of “Compliant” or “Non-Compliant” followed by a list of the vulnerabilities affecting the hosts and whether these vulnerabilities cause a PCI Fail.
  • Vulnerability Details: provides a list of all the vulnerabilities and which hosts that are affected by them with Proof-Of-Concept (POC)

Depends on the SAQ you are filling in. Click here to create a request for free scope consultation on PCI DSS.

Yes, we are qualified to perform PCI penetration test and PCI ASV using our managed ASV scan service.

Success Stories

Watch our many extraordinary clients endorse our quality

Client Testimonials

Rodney Adams, Principal Software EngineerRodney Adams, Principal Software EngineerConfinet™ Product Suite R&D

When looking for a firm to perform penetration testing on your website or applications, you need a firm with proven experience that employs a methodical and rigorous approach to security testing. You also want a firm that is responsive and easy to work with. We found all of these qualities with provensec, and we will continue to use them in the future to protect the security of our business, applications, and customers. Rodney Adams, Principal Software Engineer.

Mike EveryMike EveryFoley Services

The provensec team was very responsive, helpful and knowledgeable starting with our first sales inquiry right through our penetration testing and review.

CEOCEOCiviCore

We have contracted with several security firms in the past. We found Provensec's work to be the most comprehensive and thorough. We will definitely use them for application and security testing in the future

Jonny Weiss, Director of EngineeringJonny Weiss, Director of EngineeringParking Panda

I enjoyed working with Provensec because they were fast, delivered everything that was promised on time, and managed to do it for a very competitive price. Our security has improved thanks to Provensec's penetration testing. I would highly recommend them to other companies looking for penetration testing or other security testing.

Ben Gustafson, Co-FounderBen Gustafson, Co-FounderClassroom Mosaic

Sam and his team were very responsive to our needs. We contacted them with a tight deadline and they delivered several days ahead of schedule! We highly recommend provensec because of their responsive customer service!

Jim Grago, CEO ClixSense.comJim Grago, CEO ClixSense.comClixSense

We were looking for a company to do vulnerability and penetration testing and, after researching this extensively, we decided to use Provensec. We made the right choice! The entire process was painless, the support we received was phenomenal and the process was quick and easy. Moving forward we will continue to use their services as they are top notch!

Buddy Kresge, FounderBuddy Kresge, FounderKnontou LLC

Absolutely we are willing to be a reference and would certainly recommend you! We will be a customer for a long time.

CTO, Mid-Atlantic legal technologyCTO, Mid-Atlantic legal technology

We decided to go with Provensec for our independent security testing and auditing needs because of their rigorous manual and automated testing protocols. Their customer service and planning of the audits were superb and their engineering team diligent and thorough. I would certainly recommend them.

Matthew Burnell, Founder/CEO ClickBidMatthew Burnell, Founder/CEO ClickBidClickBid Paperless Auctions

Provensec has been a huge benefit to our application security. They found critical issues we had missed and it allowed us to patch and remove these issues quickly. They are fast, thorough and documentation is very concise. I highly recommend Provensec.

Aaron LienAaron LienAbsolute Performance

Provensec was simple and easy to work with, on point, and responsive to every request. I liked that they were able to accommodate our needs of a quick turn around for our pci audit and were helpful through the process. Yes I would recommend them to anyone that is needing audit help.

Education Programs Support ServicesEducation Programs Support Services

We have been using Provensec for our external penetration testing since early 2013.  Their staff is easy to work with and very knowledgeable.  We perform extensive internal testing on all of our systems before deployment and Provensec was able to confirm our internal security findings as well as identify a few undiscovered vulnerabilities.  Their reports are thorough, easy to interpret, contain clear evidence of how they discovered the vulnerability, as well as specific recommendations on how to remediate the issues. We have been extremely pleased with our interactions and plan to continue to engage Provensec for our external penetration testing.

Peter LuckPeter LuckROCC , UK

When taking a web based application to market, I need assurances outside of my own development team that the software is secure, stable and suitable for deployment to the web. Provensec were friendly and efficient right from our initial engagement with them and were always happy to work within my changing timescales and priorities. Provensec recently carried out full security testing for our web application and I’m happy to say they reported no major issues but did provide us with some great insight into small improvements that we could make to really make our application bulletproof. The report I received from Provensec was highly detailed and more than enough to pass on to my development team for resolution of the minor issues found. I would strongly recommend the team at Provensec and look forward to working with them again in the future.

Scott BaughScott BaughCorpedia

Corpedia's experience with Provensec was exceptional. Communication was prompt, service was great and the assessment thorough. Follow-up documentation and test case data was also very helpful. We would certainly use this service again!

Eric BechhoeferEric BechhoeferNRG Systems

As a product developer, we have extensive experience in both hardware, firmware and software development. That said, we have little experience or confidence in our experience in the test, verification and validation of the security of our system. We know what we did not know. We depended on the expertise of Provensec to identify and report on the security of our design. Provensec quickly identified a number of vulnerabilities and counseled us on how to correct them. We feel confident that our system can now protect our clients data, and feel fortunate that we could engage Provensec to do this.

Matthew Hammond Matthew Hammond Learning Technology Section, University of Edinburgh

Provensec provided us with a fast, efficient and high quality service. The agreed testing was carried out quickly and communication throughout was fantastic. The final report was well presented, detailed and gave us confidence in the quality and robust nature of the testing carried out. Provensec services are fully featured, responsive and represent excellent value for money.

Vedat AralVedat AralInfosend

We are a PCI compliant payment processor. We developed a web application and were in immediate need for an experienced, reliable external penetration tester. We found Provensec via web search and they were kind enough to fit us in quickly. Sam and the team proved to be responsive and reliable. They had it completed in the time frame they promised. The security reports they provided were thorough with specific examples. The technical details were informative and actionable.

Brian P. EskraBrian P. EskraLP Software, Inc.

When we started researching other Vulnerability testing companies, we were shocked by the cost and long project timelines. We then came across Provensec. What a breath of fresh air. The cost was reasonable and they were able to perform automated and manual scans immediately to meet our tight deadlines. We later had an emergency situation where we needed a manual test over the weekend to meet a client deadline for Monday. I contacted Provensec on Friday afternoon and had my results by Monday morning! Amazing customer service and great results. This company has gone above and beyond to meet our needs. I would recommend giving them a try if you’re in the market for Vulnerability testing solutions.