Pentest as a service (PTaaS)

Continuous and selective penetration tests allow us to guarantee the security of your IT systems.

The annual penetration test is the cornerstone - it is supported by regular, selective pentests (aka PTaaS). This involves "on-demand" testing. For example, if a lot has suddenly changed or with a focus on a specific new function.

Penetration testing
Damian Strobel

Damian Strobel

Founder and CEO

"PTaaS is customized for each company and can vary greatly from client to client. We will find a solution!"

What is PTaaS - Penetration Testing as a Service?

In a digitalized world, changes are made to software, hardware and networks on a daily basis - this quickly reduces the significance of a one-off penetration test. Everything may have been fine yesterday - but the latest product update can make things look very different. From our practical experience, we see how often and how quickly security vulnerabilities arise and remain undetected for a long time - many of them could be discovered in a very short time. To make this possible, DSecured offers "Pentest as a Service".

PTaaS is a flexible and scalable service that enables companies to carry out regular penetration tests - we at DSecured call these short spot tests "mini pentests".

In general, the definition of PTaaS is not really uniform. In the DACH region, PTaaS usually means concentrated short penetration tests that are carried out by a human and have a specific focus that is specified by the client. In other countries, PTaaS can also be an automated process that continuously searches for security vulnerabilities and is intended to replace a penetration tester. Hybrid models are also possible.

DSecured PTaaS follows the hybrid model: we carry out mini pentests manually and always run our automated tools in parallel.

What is tested with Pentest as a service?

PTaaS is a customized solution that is tailored to the client's requirements. As with a normal penetration test, the scope and Go/NoGos are defined in advance. As a rule, a certain number of hours per month is agreed, which the company can request at any time. A Mini Pentest is usually carried out within a very short time (2-3 hours) to search for major vulnerabilities. The goal is often a new function in an existing application or the launch of a new website or a new API. Communication is kept as short as possible and reports are usually shared with the relevant development team via email (or another channel). The tests can also be carried out automatically - for example, if the client has a large external network in the cloud.

DSecured PTaaS ALWAYS includes (free of charge) our external attack surface monitoring platform Argos, so we can use our time efficiently and search where automated solutions would not get us anywhere.

Who is PTaaS suitable for?

PTaaS is suitable for any company that works in an agile manner and in which deployment cycles of a few days or weeks are common. PTaaS is also suitable for companies that operate a large number of apps or websites and want to ensure that these are regularly checked for vulnerabilities. Even if the need for protection is particularly high - because financial data or personal data is stored, for example - it is worth considering whether a combination of an annual penetration test and PTaaS makes sense.

How much does PTaaS cost?

We are flexible here - most customers book a fixed number of hours per month. This is multiplied by our hourly rate. Depending on the number of hours and duration, we can offer discounts. It is also possible to carry out short tests "on demand" - but this can lead to waiting times. We therefore recommend booking a fixed number of hours - this way, both sides can plan ahead. PTaaS starts at DSecured with an hourly quota of 8 hours per month. We currently charge €1599.00 per month for this. The minimum term is 3 months.

Start continuous pentesting with DSecured PTaaS and improve the security of your applications.

Comparison of penetration testing and PTaaS

Classic penetration testing Penetration testing as a service
Scope Uniquely defined goals and scope Adaptable to new threats and business needs
Reporting Comprehensive report after completion of the test Ongoing short reports and updates on individual findings
Engagement Short-term commitment for a specific period Long-term partnership with continuous monitoring and testing
Flexibility Low: Fixed plan and scope, difficult to adapt High: Flexible approach to respond to new threats and changes
Cost structure One-off: Fixed costs for the defined test period Subscription-based: Regular payments over the term of the contract
Scalability Limited: Fixed resources for the duration of the test High: Resources can be adjusted as required
Continuous security None: Security is only checked during the test period Yes: Continuous monitoring and regular safety tests

Some companies we have been able to help

Grab
PayPal
BMW
Goldman Sachs
Starbucks
ATT
TikTok
Hilton

Further questions and answers on the topic
"Pentest as a service (PTaaS)"

How long does a Pentest as a Service (PTaaS) at DSecured typically take?

PTaaS is a continuous process that can vary depending on the scope and complexity of a company's IT infrastructure. As a rule, a contract is concluded for a defined scope with fixed hours. This lasts a minimum of 3 months.

What types of security vulnerabilities can be identified by Pentest as a Service (PTaaS)?

Our penetration testers focus on critical security vulnerabilities in your applications. However, it always depends very much on what the goal is, what the scope is and what working method is agreed upon.

What recommendations can be made for Pentest as a Service (PTaaS)?

The aim of PTaaS is to be able to react quickly and in a focused manner - without wasting time on complex reports. Finding security vulnerabilities is important. We therefore recommend having a time budget of at least 15 hours per month so that our testers can test relevant parts of your systems on demand.

What information does DSecured need to get started with a Pentest as a Service (PTaaS)?

Basically the same as for a regular pentest: scope, duration, no-gos.

Contact DSecured

Get a pentest offer