WebSafety Ninja

Please describe your company and your position there.

I'm the development team lead. We are creating web-based apps for e-commerce.

For what projects/services did your company hire WebSafety Ninja?

We were looking for an external cybersecurity company to perform a security audit of our website and backend-apps. Because we store a lot of customer information, we needed to make sure there were no potential data leaks.

How did you select this vendor and what were the deciding factors?

WebSafety Ninja contacted us about a small security issue. And explain how to fix it. Later we searched online for cybersecurity firms in our area and added WebSafety Ninja to our shortlist. Because WebSafety Ninja already helped us with an issue we have chose for them.

Describe the project in detail and walk through the stages of the project.

They performed a thorough security audit of our website and web apps, identifying potential risks in our infrastructure. They used penetration testing to scan for vulnerabilities. After they finished, they delivered a report on all of our risks and provided a list of security recommendations. Together we are working on implementing those fixes.

How many resources from the vendor's team worked with you, and what were their positions?

We had a project manager and a penetration tester.

Can you share any outcomes from the project that demonstrate progress or success?

They were able to identify far more risks than our internal tests could. Also they provide a report with the impact of the risks, they explain how a hacker could make use of the risk, and how we can fix it.

How effective was the workflow between your team and theirs?

They kept us updated during the security audit. Daily check-ins on Slack helped us stay on schedule.

What did you find most impressive or unique about this company?

The company is very practical. That is something that suits us well.

Are there any areas for improvement or something they could have done differently?

n.a.

Please describe your company and your position there.

Training people online to become Data and Software Engineers.

For what projects/services did your company hire WebSafety Ninja?

We do regular security and performance tests on our learning platform which are always done by an external security companies.

How did you select this vendor and what were the deciding factors?

After communicating with other companies, we felt as we were promised a lot, but didn’t get anything. With WebSafety Ninja we got the feeling that they are really technical guys, who know what they are doing. The WebSafety Ninja team has a high tech level, deep knowledge; they ask the right questions. They gave a really fair offer, we didn’t overpay for the services.

Describe the project in detail and walk through the stages of the project.

We wanted to achieve 2 main goals:

• Check the container infrastructure (if it’s possible to break out them somehow and the resources to run cold)
• Check the training platform and all interfaces (if it’s possible to enter it somehow) In the first case we just gave them the platform, the IP address. With the second one we gave some more details like interfaces and addresses. Then they try to destroy or break something as a regular user. We also had some additional tests, like our marketing website. We weren't really focused on it, but WebSafety Ninja did a basic check, too.

At last, a couple of hours were for the VPN check. We dedicated up to 5 hours, but it took nearly 2. We were asked to pay exactly for the time they spent, it wasn’t overpaid.

How many resources from the vendor's team worked with you, and what were their positions?

My team and I worked with the founder of the company Maksym and the lead pentester Alex.

Can you share any outcomes from the project that demonstrate progress or success?

We expected to get the detailed audit report and we fully received it. Talking about communication, data was encrypted, so it really felt secure and safe. WebSafety Ninja has fulfilled our expectations. We were super happy with the audit.

How effective was the workflow between your team and theirs?

It was pretty good. From our side we clarified what we were expecting to do and Maksym gave us the advice. Work was pretty strict, fast and effective. We got all the audit communication when it was necessary.

What did you find most impressive or unique about this company?

Unique was how they approached us. At the moment we met WebSafety Ninja, I couldn't find any information about them and it was quite interesting. I liked their approach; we got a really good security issue report. So I decided to give them a chance and I didn’t regret it.

Are there any areas for improvement or something they could have done differently?

When we conduct the audit, WebSafety Ninja didn’t have a clear website, any certificates or customer refference (at the moment, everything has improved a lot). Invoicing, reputation, and showing a deep understanding of security is great, but from a business side they can improve their marketing approach.

Introduce your business and what you do there.

I’m an executive at a SaaS provider company in IT automation.

What challenge were you trying to address with WebSafety Ninja?

We’re continuously improving our services to improve their quality. We needed help optimizing our solution in security-related matters so that customers could have more trust in it.

What was the scope of their involvement?

WebSafety Ninja gave us hints and warnings to optimize our services as part of a bounty hunter program to identify performance or security issues, acting as independent researchers. They gave us reports on the vulnerabilities they found that we used to analyze our situation and overall performance. We had a workshop where WebSafety Ninja showed us critical issues we needed to address. After that, we developed a plan together to improve the quality of our services regarding security.

What is the team composition?

We had two senior specialists from WebSaftety Ninja assigned to our project.

How did you come to work with WebSafety Ninja?

They approached us and told us there were ways to optimize our solution in terms of QA and security. Since we were impressed by their proactive approach, we had a meeting with them where they showed us the services they offered. WebSafety Ninja’s presentation was quite good, so we decided to start a business partnership with them.

How much have you invested with them?

We spent less than $5,000.

What is the status of this engagement?

We worked together from around March–June 2021.

We’ll rehire them because we have some checkpoints to review our performance and quality.

What evidence can you share that demonstrates the impact of the engagement? 

Our overall performance has increased 30%–35% thanks to WebSafety Ninja’s consulting services and reports. We mitigated all the issues they found, which enabled this increase in the quality of our service.

How did WebSafety Ninja perform from a project management standpoint?

In terms of project management, they worked quite professionally. Their reports and contract agreements were all very professional. They also delivered within the required timeframe.

What did you find most impressive about them?

WebSafety Ninja was proactive; they came up with customized solutions and had good skills in security-related areas. The team was also very flexible if we needed adjustments and could easily adapt to our scenario. This flexibility would make them a really good fit for any company. Additionally, they worked fast and were very quick with their assignments. 

Are there any areas they could improve?

I don’t have any suggestions for improvement.

Do you have any advice for potential customers?

My advice would be to explain your business scenario and pain points and be open to WebSafety Ninja’s suggestions. If you feel like you need a customized solution, ask them because the team is flexible in this regard. You should look into your business requirements and wait for their feedback.

Please describe your company and your position there.

I'm the CEO of a B2B SAAS company providing services for the pharmaceutical industry

For what projects/services did your company hire WebSafety Ninja?

We aim at serving our clients the best and secure services. As part of our internal review, we were looking for a specialised external viewpoint on assessing our system security, audit and identify potential security vulnerabilities.

How did you select this vendor and what were the deciding factors?

We were looking to work with a small team of experts rather than dealing with junior consultants from large tech firms. The initial contact was very professional and easy to work with so we decided to go on with the mission.

Describe the project in detail and walk through the stages of the project.

We provided them with the list of systems we wanted to test. For some, we even provided customer-like access to further analyse the potential risks of our systems from the outside or with some credentials. We agreed on a deliverable (standard vulnerability list with priority levels and description) They performed both scripted pentest and manual finessing, displaying a broad knowledge of angle points. The report was clear, intelligible, and professional.

How many resources from the vendor's team worked with you, and what were their positions?

We didn't get into the details of their own team but at least 2 analysts worked on the case.

Can you share any outcomes from the project that demonstrate progress or success?

The report was directly usable and transformed in actions to be taken, with priority orders. Ideas were good and the team cleared out some questions we had. Exactly what we wanted!

How effective was the workflow between your team and theirs?

We had regular updates, we managed to open some time windows for them to use if they had to heavily load the servers, which they didn't. No damage during the testsing phase and a quick delivery of the end-report.

What did you find most impressive or unique about this company?

We knew what we wanted in terms of budget and deliverables and they didn't push us overboard with unexpected costs or undesired outcome. We did appreciate working with a small company and people that are passionate about their job.

Are there any areas for improvement or something they could have done differently?

All good

Please describe your company and your position there.

Nettwerk Music Group is the umbrella company for Nettwerk Records, Nettwerk Management, and Nettwerk One Publishing. Nettwerk Music Group was founded in 1984 and for nearly 40 years has followed one motto: We release music that we love. Initially specializing in electronic music genres such as alternative dance and industrial, Nettwerk became a powerful player in pop and rock in the late 1980s and 1990s.

Today, Nettwerk is a diversified, independent group across a variety of genres, with an overarching philosophy to help inspiring artists grow their careers and realize their creative vision. At Nettwerk, we pride ourselves on our ability to anticipate shifts in consumer behavior and effectively leverage technology to place great music in the hands of fans.

With offices around the globe, Nettwerk continues to achieve international critical and commercial success with its label, management, publishing, and sync rosters. My position here is Senior VP of Information Technology.

For what projects/services did your company hire WebSafety Ninja?

To do penetration tests on any sites or services owned by Nettwerk and available over the internet.

How did you select WebSafety Ninja and what were the deciding factors?

We were initially approached by them with a small security hole they had noticed. I was impressed with their overall knowledge and methodology for discovering external security issues so we hired them based on that.

Describe the project in detail and walk through the stages of the project.

We used them specifically for external penetration tests. I gave them a list of targets to focus on specifically several web based applications we had written in house. They were very professional. Sent a list of issues, gave several sources explaining the security issue and offered suggestions for fixes.

How many resources from the WebSafety Ninja team worked with you, and what were their positions?

I worked primarily with the head of the company and nobody else. He interfaced with all penetration testers and made sure we got the compiled reports, etc.

Can you share any outcomes from the project that demonstrate progress or success?

Our systems people are good at all the standard stuff, keep ports blocked, install software patches as they come out, rotate passwords, etc. We had one small issue with how one of our webservers that was hosting one of our web app's was configured. WebSafety Ninja found that hole.

Luckily we still had several years worth of logs and were able to see that nobody else had actually exploited that hole and it was a very simple problem to fix. If it were not for WebSafety Ninja that security issue would still exist and we would be completely unaware of it so it was VERY good that we hired them.

How effective was the workflow between your team and theirs?

They were extremely un-obtrusive in their efforts to find security holes however they did inform us when their people would be working so we would not be alarmed if our internal staff noticed the probes and thought we were being hacked.

What did you find most impressive or unique about this company?

They were extremely easy to talk to. They had great general knowledge and were generally easy to deal with.

Are there any areas for improvement or something they could have done differently?

Nope, they were great.

Please describe your company and your position there.

I am the Managing Director of Win Health Medical Ltd. We provide Medical Devices to the NHS and General Public

For what projects/services did your company hire WebSafety Ninja?

To invstigate potential Cyber Security issues on our company website

How did you select this vendor and what were the deciding factors?

We searched online and found this company. We then arranged an introductory call and decided to proceed based on our initial impressions

Describe the project in detail and walk through the stages of the project.

They performed a thorough seurity audit and made suggestions as to where our security could be improved. We are now implementing their suggestions.

How many resources from the vendor's team worked with you, and what were their positions?

We had a project manager and one penetration expert (as far as we know)

Can you share any outcomes from the project that demonstrate progress or success?

They were able to carry out an audit and make suggestions which we are now implementing

How effective was the workflow between your team and theirs?

They did keep us updated and in a timely manner.

What did you find most impressive or unique about this company?

They explained why their suggestions were relevant to us, which made sense.

Are there any areas for improvement or something they could have done differently?

Not that we noticed

Please describe your company and your position there.

SimplyPayMe is an all encompassing business management and payments solution for SMEs enabling them to run their companies and get paid all from one single mobile application. I am the CEO.

For what projects/services did your company hire WebSafety Ninja?

We hired them to perform penetration testing on our various applications to detect any security concerns, if applicable.

How did you select this vendor and what were the deciding factors?

We had a strict timeline and they were able to turn around quickly and deliver everything they promised within the timeline we had within reasonable price points.

How many resources from the vendor's team worked with you, and what were their positions?

Our main contact was Max (Founder).

Can you share any outcomes from the project that demonstrate progress or success?

The level of depth and detail in the reports received following the testing was exceptional and ticked all the boxes we needed to show, again, while they were under tight time pressure.

How effective was the workflow between your team and theirs?

They have always been highly responsive and as far as I am aware this has been great.

What did you find most impressive or unique about this company?

They have a high level of attention — not only to detail but to other people — paired with a brilliant level of professionalism.

Are there any areas for improvement or something they could have done differently?

We gave them a big task with a small timeline and they executed exquisitely. There is nothing that could have been done any better during this project.

Please describe your company and your position there.

I am the CTO of an Australian based SaaS RegTech solution for Education and Aged Care.

For what projects/services did your company hire WebSafety Ninja?

To undertake penetration testing of our web applications.

How did you select WebSafety Ninja and what were the deciding factors?

They had undertaken a complimentary scan of our public websites and provided a report that allowed us to patch a vulnerability. I then had them provide a statement of work for the product penetration testing.

Describe the project in detail and walk through the stages of the project.

We provided access to a non-production version of our product platform and provided in-depth penetration testing over several days before providing a report.

How many resources from the WebSafety Ninja team worked with you, and what were their positions?

Our primary contact was Max, a Security Researcher but I understand several of the team assisted with the penetration test itself.

Can you share any outcomes from the project that demonstrate progress or success?

The report highlighted vulnerabilities that we were quickly able to address providing a more safer and more secure solution for our customers.

How effective was the workflow between your team and theirs?

It worked very well, effective and responsive.

What did you find most impressive or unique about this company?

They provided a thorough and detailed report with recommendations that could be easily and rapidly. They acted professionally and well-mannered in the workflow.

Are there any areas for improvement or something they could have done differently?

No, it was a great service.

Please describe your company and your position there.

I am founder and Chief Product Officer at Talexio

For what projects/services did your company hire WebSafety Ninja?

We commissioned WebSafetyNinja to run a number of penetration tests on our cloud based product.

How did you select this vendor and what were the deciding factors?

We asked around for recommendations and we also searched online for such software providers.

Describe the project in detail and walk through the stages of the project.

We had a couple of initial meetings with the team at WebSafetyNinja. We created test accounts on the live system and also on our staging environments. We also supplied WebSafetyNinja with our API specifications so that they can try to penetrate the APIs directly.

How many resources from the vendor's team worked with you, and what were their positions?

1 security analyst and 2 penetration testers.

Can you share any outcomes from the project that demonstrate progress or success?

WebSafetyNinja provided us with an Executive Summary and also a detailed report. They were able to identify some issues which were resolved by our product team within a few hours.

How effective was the workflow between your team and theirs?

Communication was good, clear and timely.

What did you find most impressive or unique about this company?

We appreciated their input, attention to detail, and timely execution of their tasks.

Are there any areas for improvement or something they could have done differently?

No obvious areas for improvement.

Please describe your company and your position there.

I'm the owner of a software company.

For what projects/services did your company hire WebSafety Ninja?

We asked them to review our Open Source project and our cloud deployment of it in an AWS environment.

How did you select this vendor and what were the deciding factors?

They found a small vulnerability on our public website. We were impressed with how they operated (they reported it to us over email, didn't push for a reward).

Describe the project in detail and walk through the stages of the project.

We gave them access to the deployed software. They did not get any special privileges as the goal was to find out whether they could escalate privilege and access files that were not supposed to be accessible.

How many resources from the vendor's team worked with you, and what were their positions?

From our perspective, we interacted with two people. A lead and someone who did the actual pentesting.

Can you share any outcomes from the project that demonstrate progress or success?

They shared a detailed report of their findings that helped us understand the security state of our application.

How effective was the workflow between your team and theirs?

They communicated succinctly and promptly over email. Quite happy with that.

What did you find most impressive or unique about this company?

I was impressed with how transparent and straightforward they were.

Are there any areas for improvement or something they could have done differently?

I don't think there's anything that they could have done better.