What was the scope of their involvement?
We initially talked about our needs and explained our work and infrastructure. This was our first time running a penetration test. For the initial run, they suggested tests that made sense for our application. We followed their advice, and they started testing two weeks later.
They tested in our acceptance environments, telling us in advance when they blasted a high number of requests. We had to freeze our environments, since releasing new things during testing can change everything.
They updated us as soon as they checked anything. Two weeks after testing, they provided a report that explained everything we had to correct. That was nice, since we had a few bugs. They didn’t find a lot of faults, but we corrected the ones they found right away.
Two months after the first test, Berezha Security performed the same ones. They checked the old bugs and wrote a clearer report for our clients. We're hoping to assess our security with Berezha again next year by performing black box testing on our server and database.
What is the team composition?
I had two main contacts, so I could always reach out to someone. At the end of the project, we met with the four others who tested our site's security. We met remotely with everyone who worked on our issues.
How did you come to work with Berezha Security?
We were referred to them by another partner, who said that they were professional. They recommended them specifically because they offered extra security services. They don't just perform checks for companies, but are also active in the outside world.
How much have you invested with them?
We tested Android and iOS apps, the API, and the web application for a bit less than €5,000 (approximately $5,900).
What is the status of this engagement?
We worked with Berezha between April and May 2018.