Pentest as a service (PTaaS)

Continuous and selective penetration tests allow us to guarantee the security of your IT systems.

The annual penetration test is the cornerstone - it is supported by regular, selective pentests (aka PTaaS). This involves "on-demand" testing. For example, if a lot has suddenly changed or with a focus on a specific new function.

Damian Strobel

Founder and CEO

"PTaaS is customized for each company and can vary greatly from client to client. We will find a solution!"

What is PTaaS - Penetration Testing as a Service?

In a digitalized world, changes are made to software, hardware and networks on a daily basis - this quickly reduces the significance of a one-off penetration test. Everything may have been fine yesterday - but the latest product update can make things look very different. From our practical experience, we see how often and how quickly security vulnerabilities arise and remain undetected for a long time - many of them could be discovered in a very short time. To make this possible, DSecured offers "Pentest as a Service".

PTaaS is a flexible and scalable service that enables companies to carry out regular penetration tests - we at DSecured call these short spot tests "mini pentests".

In general, the definition of PTaaS is not really uniform. In the DACH region, PTaaS usually means concentrated short penetration tests that are carried out by a human and have a specific focus that is specified by the client. In other countries, PTaaS can also be an automated process that continuously searches for security vulnerabilities and is intended to replace a penetration tester. Hybrid models are also possible.

DSecured PTaaS follows the hybrid model: we carry out mini pentests manually and always run our automated tools in parallel.

What is tested with Pentest as a service?

PTaaS is a customized solution that is tailored to the client's requirements. As with a normal penetration test, the scope and Go/NoGos are defined in advance. As a rule, a certain number of hours per month is agreed, which the company can request at any time. A mini-penetration test is usually carried out within a very short time (2-3 hours) to search for major vulnerabilities. The goal is often a new function in an existing application or the launch of a new website or a new API. Communication is kept as short as possible and reports are usually shared with the relevant development team via email (or another channel). The tests can also be carried out automatically - for example, if the client has a large external network in the cloud.

DSecured PTaaS ALWAYS includes (free of charge) our external attack surface monitoring platform Argos, so we can use our time efficiently and search where automated solutions would not get us anywhere.

Who is PTaaS suitable for?

PTaaS is suitable for any company that works in an agile manner and in which deployment cycles of a few days or weeks are common. PTaaS is also suitable for companies that operate a large number of apps or websites and want to ensure that these are regularly checked for vulnerabilities. Even if the need for protection is particularly high - because financial data or personal data is stored, for example - it is worth considering whether a combination of an annual penetration test and PTaaS makes sense.

How much does PTaaS cost?

We are flexible here - most customers book a fixed number of hours per month. This is multiplied by our hourly rate. Depending on the number of hours and duration, we can offer discounts. It is also possible to carry out short tests "on demand" - but this can lead to waiting times. We therefore recommend booking a fixed number of hours - this way, both sides can plan ahead. PTaaS starts at DSecured with an hourly quota of 8 hours per month. We currently charge €1599.00 per month for this. The minimum term is 3 months.

Start continuous pentesting with DSecured PTaaS and improve the security of your applications.

Request a quote

Comparison of penetration testing and PTaaS

	Classic penetration testing	Penetration testing as a service
Scope	Uniquely defined goals and scope	Adaptable to new threats and business needs
Reporting	Comprehensive report after completion of the test	Ongoing short reports and updates on individual findings
Engagement	Short-term commitment for a specific period	Long-term partnership with continuous monitoring and testing
Flexibility	Low: Fixed plan and scope, difficult to adapt	High: Flexible approach to respond to new threats and changes
Cost structure	One-off: Fixed costs for the defined test period	Subscription-based: Regular payments over the term of the contract
Scalability	Limited: Fixed resources for the duration of the test	High: Resources can be adjusted as required
Continuous security	None: Security is only checked during the test period	Yes: Continuous monitoring and regular safety tests

PTaaS includes the following services

Web App Penetration Testing

A large part of the internet is based on websites and web applications.

API Penetration Testing

Modern websites based on complex frontend frameworks usually are connected to some kind of API.

Vulnerability Scanning

Automated vulnerability scanning for your IT infrastructure or application.

Pentest as a Service: Additional info

How much does a pentest cost?

It's difficult to tell how much a test will cost because every test is individual - but we always find a solution that fits every budget.

How often should you have a penetration test carried out?

The frequency of a pentest depends on various factors - here is an overview.

What types of penetration testing are there?

The word "penetration testing" is a very general word and can describe various types of testing. An overview is available here.

How does a penetration test usually work?

The process of a pentest is usually always the same - but the steps differ depending on the type of test.

Some companies we have been able to help

Further questions and answers on the topic
"Pentest as a service (PTaaS)"

How long does a Pentest as a Service (PTaaS) at DSecured typically take?

PTaaS is a continuous process that can vary depending on the scope and complexity of a company's IT infrastructure. As a rule, a contract is concluded for a defined scope with fixed hours. This lasts a minimum of 3 months.

What types of security vulnerabilities can be identified by Pentest as a Service (PTaaS)?

Our penetration testers focus on critical security vulnerabilities in your applications. However, it always depends very much on what the goal is, what the scope is and what working method is agreed upon.

What recommendations can be made for Pentest as a Service (PTaaS)?

The aim of PTaaS is to be able to react quickly and in a focused manner - without wasting time on complex reports. Finding security vulnerabilities is important. We therefore recommend having a time budget of at least 15 hours per month so that our testers can test relevant parts of your systems on demand.

What information does DSecured need to get started with a Pentest as a Service (PTaaS)?

Basically the same as for a regular pentest: scope, duration, no-gos.

Get a pentest offer