Astra Security
Go to website
Back
Articles on:General Questions (Pentest)
Learn about the Pentest Product & Vulnerability Scanning

Categories

  • General Questions (Pentest)
  • Getting Started (Pentest)
  • Integrations (Pentest)
  • General Questions (WebPro)
  • Getting Started (WebPro)
  • Configuring Security (WebPro)
  • Malware Scanner (WebPro)
  • Booster Rules (WebPro)
  • Troubleshooting (WebPro)
  • Account & Billing
  • Legal & Security
  • How do you define a target for the vulnerability scanner?
    A target is a domain or URL that will be tested by our vulnerability scanner. It can be the URL of a web application, website, API etc. Examples of some unique targets: https://app.example.com https://example.com/portal https://www.example.com What is the scope of the vulnerability scan? Target URL Let us say you set https://app.example.com/admin as the target URL. The scanner willSome readers
  • What are the different vulnerability scan types?
    Different Scan Modes When you click on 'Start a Scan' button on Scan page, you'll be given a choice to run three modes of scans. We've described below what each of these types of scans mean: Automated Scan: Our ever evolving vulnerability scanner scans your application for vulnerabilities in this scan. You can choose to configure it to scan behind login too. Any possiblFew readers
  • Validity of Vulnerability Assessment Report, Vetted Report & Pentest Report
    Validity of Pentest Report, Vulnerability Scan Report & Vetted Report by Astra Pentest.Few readers
  • What are the various support levels within Pentest Platform pricing?
    The Scanner, Expert and Pentest plans come with different levels of support to help you ensure your applications are proactively secure. We've tried to make Astra's Pentest Platform massively self served, and are happy to help whenever you need us. Here's how the support coverage look like for each of the plans:Few readers
  • What are false positives & how to work with them?
    Vulnerability scanners are built to report every possible vulnerability or potential vulnerability in the application. If certain conditions within the application or server match a known vulnerability, the scanner reports the vulnerability within the dashboard along the description, request, response & steps to fix the vulnerability.Few readers
  • How to extend the validity of Astra's Pentest Certificate?
    After a successful Pentest, a publicly verifiable Pentest certificate is issued which looks like this. The validity of the certificate is 180 days. There are two ways validity of the certificate can be extended for another 180 days: Getting a Vetted scan: If you have been issued a Pentest certificate by Astra in the last 180 days, then you can request a vetted scan (https://help.getastra.com/en/artiFew readers
  • Is there any downtime when a vulnerability scan or a Pentest is happening?
    We've not had a situation where Astra's vulnerability scanner or Pentest has caused any downtime. This is because: Our vulnerability scanner sends requests in a controlled manner to your application The intent of a Pentest is not to stress test the application but to uncover vulnerabilities in the application A Pentest or a Vulnerability Scan is different from DDoS testing. We do not perform any DDoS testing which often leads to you having a downtimeFew readers
  • How much time does a Pentest (VAPT) take?
    A Pentest can take anywhere between a minimum of 8-15 working days after our engineers have all the required information from you. Here are a few factors that determine the timelines: How quickly our security engineer are provided with the required information for the Pentest. The required information can differ depending on the type of asset (web app, mobile app, network devices, APIs etc.). As soon as you sign-up, in the Getting Started flow you are asked this information. Our customer succFew readers
  • We have one main domain and multiple sub-domains which have similar app running as main domain. How will the pricing work?
    Since we work with hundreds of SaaS businesses, we understand that there some SaaS businesses who have customer dashboards running on their sub-domains. If you application is structured like this: www.domain.com app.domain.com app1.domain.com app2.domain.com In the above case here's how we tend to structure the pricing IF app.domain.com, app1.domain.com & app2.domain.com all have above 90% similar code base: In case of Pentest Plan: In our assFew readers
  • How Astra’s Pentest platform helps with SOC2 & ISO27001 compliances?
    Here are some of the ways in which Astra’s Pentest platform can help your organization: While Astra doesn’t help with end to end SOC2 & ISO27001 compliance, but Astra does help with Pentest/VAPT and continuous vulnerability scanning which often is recommended within these compliances. The compliance is best done by organizations like Sprinto, Cyber Sierra, Secure Frame etc. If you would like an introduction to any of these providers via Astra, we’re happy to introduce you.Few readers

Not finding what you are looking for?

Chat with us or send us an email.

  • Chat with us
  • Send us an email
© 2023Astra Security