Frequently Asked Questions – FAQ’s

Ensure your Organization Assets are well evaluated and protected in front of the Cyber attacks

Cyber Legion Ltd is a UK-based cybersecurity start-up that provides IT security assessment services to various organizations around the globe.

Due to the increasing complexity of web applications, cybercriminals are finding more vulnerabilities that can be exploited. It is for this reason that web application testing and security is essential for all businesses.

Cyber Legion provide a continuous cycle of Security Testing combined with remediation via Secure Client Portal, to protect/enhance your assets and help improve the organization security posture.

We’re here to answer your most frequent questions about the services, tools, features and Cyber Legion testing capabilities. If you can’t find what you are looking for, make sure to Get in Touch with us so we can help.

FAQ’s

To order our pay-as-you-go Built-in Security Test & Report services, you must register on the Cyber Legion client portal for free, sign the NDA and the consultancy service agreement, and submit and pay for the service using the Work Request Form.

Once these steps are completed and we have your approval for the targets within the scope of the scan/test, we can schedule the service according to your specified time frame.

Depend about the complexity of the test, usually the final reports are delivered within 24 to 48 hours after the work request is submitted.

The pay-as-you-go (PAYG) pricing model means that users pay based on how much you tests they consume. 

MULTI-DISCOUNT is available for multiple assets / targets.

An asset or a target is a system that we can scan/test against using our tools.

e.g

example.com
IP 1.1.1.1
etc

*As for the network, we scan everything, but if we find several different applications running on different ports they are considered separate assets.

Security scanning, or vulnerability scanning, can mean many different things, but it can be simply described as scanning the security of a website, web-based program, network, or file system for either vulnerabilities or unwanted file changes.

Software composition analysis (SCA) is an automated process that identifies the open source software in a codebase. This analysis is performed to evaluate security, license compliance, and code quality. Companies need to be aware of open source license limitations and obligations.

Static Application Security Testing (SAST) is a frequently used Application Security (AppSec) tool, which scans an application’s source, binary, or byte code. A white-box testing tool, it identifies the root cause of vulnerabilities and helps remediate the underlying security flaws.

Dynamic Application Security Testing (DAST) is a black box testing method that examines an application as it’s running to find vulnerabilities that an attacker could exploit.

This scanning method can help to find certain vulnerabilities in web applications while they are running in production.

OSINT is raw data that is openly available to the public. It may include information like names, addresses, interests, and other personal details. Location and behavioral data, affiliations, and daily patterns are all important pieces of information that can provide an inside look into a target’s life.

A port scan is a method for determining which ports on a network are open. As ports on a computer are the place where information is sent and received, port scanning is analogous to knocking on doors to see if someone is home.

Penetration tests (or pen tests) are attacks on your companies’ software and hardware systems, carried out by ‘ethical hackers’ to expose your system’s vulnerabilities. One example is a web application pen test. Web apps, browsers and plug-ins can house sensitive financial or personal data, so hackers are increasingly putting their efforts towards gaining access to them. The test would examine the endpoint of every web application.

Cyber Legion focus on modular security testing approach that include commercial, open source and custom testing scripts that can be run against targeted assets during the product full development lifecycle from design to production and in complete synch with client’s processes and technology stack.

Using a Secure Client Portal, the latest and most advanced security tools and commitment to innovation, we ensure that our clients continually benefit from Professional Cyber Services to detect, prevent and respond to threats & cyber attacks.

We follow precise testing checklists and Frameworks guidelines  that ensures a complete coverage of the security assessment. OWASP, SANS, NIST, CREST etc

Retesting enables programs to ask hackers to verify whether a vulnerability has been fixed in order to secure the protection of their data. If you submit a valid vulnerability report, programs can elect to invite you to retest the vulnerability to verify the fixes.

You can add as many assets  you have and they will be added to the subscription. Depende of the number of assets cerain discount wuill apply.

You can add more assets/targets to the scope or rotate the targets based on your prioritization model.

If you do not want to include one or more types of scans in the plan, that’s not a problem at all. Just let us know so we’ll  take it out of scope and out of total cost.

Will reduce the cost with around £10.oo for basic scan and £15.00 for advanced scan. This apply for each scan that is not required.

Once we have completed all the scans/tests, we’ll ingested all the discovery data in the Web Portal (2nd Portal) so that you can Analyze, Prioritize, View, Track, Report and Fix any detected vulnerability.

Important: We’ll need  to whitelist your IP addresses to be able access the Portal.

You can change your plan (downgrade / upgrade) at any time, or cancel your subscription at any moment.

In case you are not satisfied with the service, there is a 7 day money-back guarantee since your first payment. However, if you decide to continue using the subscription, no further refunds will be granted.

Our Professional Security Engineers perform the scans and tests and provide you with all the resulting data through the web portal.

Vulnerability testing is an essential part of mitigating your organization’s security risks. By using a vulnerability scanners to identify the points of weakness in your systems, you can reduce the attack surface that criminals might exploit, focusing your security efforts on the most likely targeted areas.

Identifying and Fixing vulnerabilities will help you improve your security defenses for not just your business but your staff, clients, customers, and partners.

  • Identify weaknesses
  • Prevent attacks
  • Protect sensitive data
  • Protect reputation
  • Avoid fines and ransom costs

Unauthenticated Testing

This tests the hosts in scope for any identified vulnerabilities in software versions or configuration issues on exposed services. It does not login to the system, therefore does not run more detailed checks that would only be possible when using local administrative user credentials.

Authenticated Testing

This tests the hosts in scope for any identified vulnerabilities in software versions or configuration issues, by logging into the host as an administrative user. This performs a much more detailed review and covers patch checking and configuration issues for the unexposed services on the host. If you wished to check all patching levels of systems across your network, an authenticated test would be the best option.

Our specialized team of security professionals hold industry qualifications such as CREST, OSCP, CISSP, CISM, CEH and Cloud security certification such as AWS, azure, GCP etc.

We are a SC Cleared team combine this with many years of industry experience at the highest level working across all industry sectors. We are skills hands-on engineers with clear track record of implementing, running managing security testing programs across various organizations.

Security Testing is a type of assessment that uncovers vulnerabilities of the system and determines that the data and resources of the system are protected from possible intruders. It ensures that the software system and application are free from any threats or risks that can cause a loss.

This statement refers to Cyber Legion services that are delivered through Web Client Portals.

→ Web Portal 1 – Features & Capabilities 

  • Private & Secure Client Portal
  • NDA, Contract & Digital Signature
  • Estimates, Invoices & Payments
  • Work Request Scheduler
  • Client File Upload/Download
  • Complete Project Management Solution
  • Private meeting & messaging

 

→ Web Portal 2 – Features & Capabilities

  • Private & Secure Client Portal
  • Client Workspace
  • Rea Time Finding Analytics & Statistics
  • Assets & Vulnerability Details
  • Artefacts & Attack Path
  • Engagement & Testing Reporting

 

You can Start for Free by register your account on the Secure Client Portal and benefit of a large are of services, all at your fingerprints.

On demand Security Testing Service References

A complete Organization discovery, inventory and classification, risk scoring and security ratings, continuous security monitoring, malicious asset and incident monitoring with advance security verifications/checklists – OWASP, SANS, NIST, CREST frameworks.

Sample of checklists

  • Web applications, services, and APIs
  • Mobile applications and their backends
  • Cloud storage and network devices
  • Domain/subdomains names, SSL certificates, and IP addresses
  • IoT and connected devices
  • Public code repositories such as GitHub, GitLab, and BitBucket
  • Email servers

A continue full security research (penetration testing) suitable network, websites/applications, APIs, IoT devices advance security verifications/checklists – OWASP, SANS, NIST, CREST frameworks.

You will pay only for severe findings as bellow:

  • Critical severity flaw= £3500
  • High severity flaw= £2500
  • Medium severity flaw = £500
  • Negotiable for large number of findings/assets

A complete Startup security testing program suitable network, websites/applications, APIs, IoT devices with advance security verifications/checklists – OWASP, SANS, NIST, CREST frameworks.

A complete Security Managed service package for your organization with advanced Cyber Security services such as Attack Surface ManagementVulnerability Assessment & Management, Risk Assessment, SAST & DAST scanscontinue Vulnerability discoveryPenetration Testing etc to support your business and improve your security resilience.

  • Small Organization = £999.00/Organization/month
  • Medium Size Organization = £1999.00/Organization/month
  • Large organization = £3499.00/organization/month

A full DAST scan suitable for web apps, webservices/APIs, networks etc with advance security verifications/checklists – OWASP, CREST frameworks.

Cyber Legion team will run in-depth continue Dynamic Application Security Testing – DAST scans against your web app, API or network with targeted scan profiles.

All the results will be available on the Client Portal.

1 x domain or 1 x IP

e.g

exmaple.com & 1.1.1.1

Small app start from:

 

Sample of checklists:
 
  • Authentication bypass
  • Password policy
  • Login limitation policy
  • Session management
  • Hijacking
  • Predictable identifiers
  • Reply and expiration attacks
  • Privilege escalation
  • Horizontal access
  • Cryptographic algorithm strength
  • Key management
  • Data-in-transit & data storage protection
  • Key management & algorithm logic
  • Information disclosure
  • Injection vulnerability (XSS, SQL, HTML, XML, JSON, OS command)
  • Path traversal
  • Object identifiers
  • Local and remote file inclusion
  • Stack-based bounds checking

+

  • Custom Checklists against latest Threat and Vulnerabilities

A full Penetration Testing suitable websites/applications advance security verifications/checklists – PTF, OSSTMM, PTES. SANS, NIST, CREST frameworks.

  • Addresses – The biggest cost factor for an external penetration test is the number of IP addresses on your Internet perimeter. This will dictate how much time is spent in testing. One way to reduce this cost is to only perform a penetration test on the Internet hosts that have ports open and services listening on the Internet.
 
Sample of checklists:
 
  •  
  • Port scanning
  • Authentication bypass
  • Password policy
  • Login limitation policy
  • Session management
  • Hijacking
  • Predictable identifiers
  • Reply and expiration attacks
  • Privilege escalation
  • Horizontal access
  • Cryptographic
  • Validate and exploit known vulnerabilities
  • Network segmentation
  • Credential capture
  • Insecure network protocols
  • MITM attacks
  • VLAN/ACL issues algorithm strength
  • Key management
  • Data-in-transit & data storage protection
  • Key management & algorithm logic
  • Information disclosure
  • Injection vulnerability (XSS, SQL, HTML, XML, OS command)
  • Path traversal
  • Object identifiers
  • Local and remote file inclusion
  • Stack-based bounds checking

+

  • Custom Checklists against latest Threat and Vulnerabilities

A full Penetration Testing suitable websites/applications advance security verifications/checklists (OWASP,SANS,NIST, CREST frameworks approach)

 
Sample of checklists:
 
  • Device Decomposition
  • Dependencies
  • Authentication bypass
  • Default/Weak Passwords
  • Missing Security Updates
  • Insecure Web Administration
  • Use of Insecure protocols
  • Check for known configuration weaknesses
  • Insecure Data Storage
  • Wireless Vulnerabilities
  • Bluetooth Vulnerabilities
  • GSM Network Vulnerabilities
  • Infrared Network Vulnerabilities
  • LPWAN Network Vulnerabilities

A full Penetration Testing suitable for mobile applications with advance security verifications/checklists (OWASP,SANS,NIST, CREST frameworks approach)

 
Sample of checklists:
 
  • Authentication bypass
  • Password policy
  • Login limitation policy
  • Session management
  • Hijacking
  • Predictable identifiers
  • Reply and expiration attacks
  • Privilege escalation
  • Horizontal access
  • Cryptographic algorithm strength
  • Key management
  • Data-in-transit & data storage protection
  • Key management & algorithm logic
  • Information disclosure
  • Injection vulnerability (XSS, SQL, HTML, XML, JSON, OS command)
  • Path traversal
  • Object identifiers
  • Local and remote file inclusion
  • Stack-based bounds checking

+

  • Custom Checklists against latest Threat and Vulnerabilities

A full SAST scan with advance security verifications/checklists (OWASP frameworks approach)

Cyber Legion team will run in-depth continue Static Application Security Testing – SAST scans against your repository with targeted scan profiles.

All the results will be available on our Secure Client Portal.

1 x repo or app

e.g

exmaple.com

Small app start from:

 
Sample of checklists:
 
  • Programming Language Tools
  • OWASP’s list of criteria strategies
  • OWASP’s Top Ten web application security vulnerabilities
  • Accuracy
  • Compatibility
  • Correct libraries
  • Compilation instructions
  • All required code

+

  • Custom Checklists against latest Threat and Vulnerabilities

A full monthly vulnerability scanning suitable network, websites/applications, IOT devices etc advance security verifications/checklists – OWASP, SANS, NIST, CREST frameworks

 
Sample of checklists:
 
  • Authentication bypass
  • Password policy
  • Login limitation policy
  • Session management
  • Hijacking
  • Predictable identifiers
  • Reply and expiration attacks
  • Privilege escalation
  • Horizontal access
  • Cryptographic algorithm strength
  • Key management
  • Data-in-transit & data storage protection
  • Key management & algorithm logic
  • Information disclosure
  • Injection vulnerability (XSS, SQL, HTML, XML, JSON, OS command)
  • Path traversal
  • Object identifiers
  • Local and remote file inclusion
  • Stack-based bounds checking

+

  • Custom Checklists against latest Threat and Vulnerabilities

A full Penetration Testing suitable websites/applications with advance security checks.

A full Penetration Testing suitable for websites/applications with advance security verifications/checklists – OWASP, SANS, CREST frameworks. Black , White and Grey Box available.

 
Sample of checklists:
 
  • Information Gathering
  • Configuration and Deployment Management Testing
  • Identity Management Testing
  • Authentication Testing
  • Authorization Testing
  • Session Management Testing
  • Input Validation Testing
  • Testing for Error Handling
  • Testing for Weak Cryptography
  • Business Logic Testing
  • Client-side Testing

+

  • Custom Checklists against latest Threat and Vulnerabilities

A full Vulnerability Assessment suitable for webservices/APIs with advance security verifications/checklists – OWASP, CREST frameworks

 
Sample of checklists:
  • Broken Object Level Authorization
  • Broken User Authentication
  • Excessive data exposure
  • Lack of resources and rate-limiting
  • Broken Function Level Authorization
  • Mass assignment
    Security misconfiguration
  • Injection
  • Improper assets management
  • Insufficient logging and monitoring

+

  • Custom Checklists against latest Threat and Vulnerabilities

Vulnerability Scanning Tools to explore our wide ranges of security testing services. Get advantage of Cyber Legion managed security testing services and integrated testing tools to scan you application, network and find every vulnerability that matters. All findings are delivered in a single dashboard with advanced tracking, collaboration and reporting options. 

Discover, Analyze, Prioritize, Track, Visualize & Report

We can help improve your Business

Ensure your Organization Assets are well  protected in front of the Cyber Attacks

Delivery Workflow

Register for Free and get your test done withn 24 to 48 hours

See Workflow

Sample Report

Here is a sample report of a Security Testing Engagement

See Sample Report PDF

Work Request

Order your security test and Get Your Report

Get Your Test Report

1. Client Onboarding

Access to all of Cyber Legion's services is provided through the Web Secure Client Portal. To create a Free account, you can sign up through the portal, or contact the Cyber Legion team and they will set up an account for you.

2. NDA , Agreements & Digital Signature

The integration of Digital Signature in our Web Client Portal allows us to legally sign all necessary documents and agreements, enabling us to carry out security assessments on targeted systems.

3. Submit Work Request

Our pricing structure is adaptable to meet the needs of all clients. By filling out the Work Request Form, you can select from pre-existing services or request a personalized proposal.

The Cyber Legion team will acknowledge your order, set up a project in your account, and proceed with the testing and delivery.

4. Security Testing & Report

We meet agreed upon SLAs and follow security testing framework checklists. Based on our commitment, our team of engineers will utilize all of our tools, automation, and testing capabilities to achieve the objectives.

Within the agreed upon timeframe, you will receive a report on the security test that was conducted, including the results, recommendations, and references for addressing any identified issues.

5. Retesting & Validation of Remediation

We not only identify potential threats, risks, and vulnerabilities, but also provide detailed recommendations for resolution. To ensure complete remediation, we offer complimentary retesting and a range of ongoing security testing options for continued vulnerability detection and verification.