Frequently Asked Questions – FAQ’s

To order our pay-as-you-go Built-in Security Test & Report services, you must register on the Cyber Legion client portal for free, sign the NDA and the consultancy service agreement, and submit and pay for the service using the Work Request Form.

Once these steps are completed and we have your approval for the targets within the scope of the scan/test, we can schedule the service according to your specified time frame.

Depend about the complexity of the test, usually the final reports are delivered within 24 to 48 hours after the work request is submitted.

The pay-as-you-go (PAYG) pricing model means that users pay based on how much you tests they consume. 

MULTI-DISCOUNT is available for multiple assets / targets.

An asset or a target is a system that we can scan/test against using our tools.

e.g

example.com
IP 1.1.1.1
etc

*As for the network, we scan everything, but if we find several different applications running on different ports they are considered separate assets.

Security scanning, or vulnerability scanning, can mean many different things, but it can be simply described as scanning the security of a website, web-based program, network, or file system for either vulnerabilities or unwanted file changes.

Software composition analysis (SCA) is an automated process that identifies the open source software in a codebase. This analysis is performed to evaluate security, license compliance, and code quality. Companies need to be aware of open source license limitations and obligations.

Static Application Security Testing (SAST) is a frequently used Application Security (AppSec) tool, which scans an application’s source, binary, or byte code. A white-box testing tool, it identifies the root cause of vulnerabilities and helps remediate the underlying security flaws.

Dynamic Application Security Testing (DAST) is a black box testing method that examines an application as it’s running to find vulnerabilities that an attacker could exploit.

This scanning method can help to find certain vulnerabilities in web applications while they are running in production.

OSINT is raw data that is openly available to the public. It may include information like names, addresses, interests, and other personal details. Location and behavioral data, affiliations, and daily patterns are all important pieces of information that can provide an inside look into a target’s life.

A port scan is a method for determining which ports on a network are open. As ports on a computer are the place where information is sent and received, port scanning is analogous to knocking on doors to see if someone is home.

Penetration tests (or pen tests) are attacks on your companies’ software and hardware systems, carried out by ‘ethical hackers’ to expose your system’s vulnerabilities. One example is a web application pen test. Web apps, browsers and plug-ins can house sensitive financial or personal data, so hackers are increasingly putting their efforts towards gaining access to them. The test would examine the endpoint of every web application.

Cyber Legion focus on modular security testing approach that include commercial, open source and custom testing scripts that can be run against targeted assets during the product full development lifecycle from design to production and in complete synch with client’s processes and technology stack.

Using a Secure Client Portal, the latest and most advanced security tools and commitment to innovation, we ensure that our clients continually benefit from Professional Cyber Services to detect, prevent and respond to threats & cyber attacks.

We follow precise testing checklists and Frameworks guidelines  that ensures a complete coverage of the security assessment. OWASP, SANS, NIST, CREST etc

Retesting enables programs to ask hackers to verify whether a vulnerability has been fixed in order to secure the protection of their data. If you submit a valid vulnerability report, programs can elect to invite you to retest the vulnerability to verify the fixes.

You can add as many assets  you have and they will be added to the subscription. Depende of the number of assets cerain discount wuill apply.

You can add more assets/targets to the scope or rotate the targets based on your prioritization model.

If you do not want to include one or more types of scans in the plan, that’s not a problem at all. Just let us know so we’ll  take it out of scope and out of total cost.

Will reduce the cost with around £10.oo for basic scan and £15.00 for advanced scan. This apply for each scan that is not required.

Once we have completed all the scans/tests, we’ll ingested all the discovery data in the Web Portal (2nd Portal) so that you can Analyze, Prioritize, View, Track, Report and Fix any detected vulnerability.

Important: We’ll need  to whitelist your IP addresses to be able access the Portal.

You can change your plan (downgrade / upgrade) at any time, or cancel your subscription at any moment.

In case you are not satisfied with the service, there is a 7 day money-back guarantee since your first payment. However, if you decide to continue using the subscription, no further refunds will be granted.

Our Professional Security Engineers perform the scans and tests and provide you with all the resulting data through the web portal.

Vulnerability testing is an essential part of mitigating your organization’s security risks. By using a vulnerability scanners to identify the points of weakness in your systems, you can reduce the attack surface that criminals might exploit, focusing your security efforts on the most likely targeted areas.

Identifying and Fixing vulnerabilities will help you improve your security defenses for not just your business but your staff, clients, customers, and partners.

• Identify weaknesses
• Prevent attacks
• Protect sensitive data
• Protect reputation
• Avoid fines and ransom costs

Unauthenticated Testing

This tests the hosts in scope for any identified vulnerabilities in software versions or configuration issues on exposed services. It does not login to the system, therefore does not run more detailed checks that would only be possible when using local administrative user credentials.

Authenticated Testing

This tests the hosts in scope for any identified vulnerabilities in software versions or configuration issues, by logging into the host as an administrative user. This performs a much more detailed review and covers patch checking and configuration issues for the unexposed services on the host. If you wished to check all patching levels of systems across your network, an authenticated test would be the best option.

Our specialized team of security professionals hold industry qualifications such as CREST, OSCP, CISSP, CISM, CEH and Cloud security certification such as AWS, azure, GCP etc.

We are a SC Cleared team combine this with many years of industry experience at the highest level working across all industry sectors. We are skills hands-on engineers with clear track record of implementing, running managing security testing programs across various organizations.

Security Testing is a type of assessment that uncovers vulnerabilities of the system and determines that the data and resources of the system are protected from possible intruders. It ensures that the software system and application are free from any threats or risks that can cause a loss.

This statement refers to Cyber Legion services that are delivered through Web Client Portals.

→ Web Portal 1 – Features & Capabilities 

• Private & Secure Client Portal
• NDA, Contract & Digital Signature
• Estimates, Invoices & Payments
• Work Request Scheduler
• Client File Upload/Download
• Complete Project Management Solution
• Private meeting & messaging

→ Web Portal 2 – Features & Capabilities

• Private & Secure Client Portal
• Client Workspace
• Rea Time Finding Analytics & Statistics
• Assets & Vulnerability Details
• Artefacts & Attack Path
• Engagement & Testing Reporting

You can Start for Free by register your account on the Secure Client Portal and benefit of a large are of services, all at your fingerprints.