Our focus is security audits for web-applications. Our experts are familiar with any vulnerability types that may apply - SQLi and other kind of injections, XSS (Cross Site Scripting), CSRF, Remote File Upload/Execution, Security Misconfiguration, Sensitive Data Exposure, issues with Authentication and Session Management, etc. We produce reports that contains absolutely no false positives.
First of all, ThisIsQA is a team of security experts. All our pentesters are experienced professionals with a extremely good background in doing security audits. The company's CTO, Nikolay Babiy is listed on the GoogleGoogle Application Security Hall of Fame 0x0A list as one of the best Security Researchers doing security testing of Google products.
Security Testing Services Cost
Penetration testing can't be cheap if it is done qualitatively. Hovewer, we are so sure that there are no web-applications without possibility to find threats - we are always open to work using pay-on-result scheme, e.g. client pays only for vulnerabilities found.
Time is money - and we know how to work within time limits. We are often faced with both situations - when there is a need to conduct the penetration testing for web-applications before public release, and when software is already live, but existing vulnerabilities are being exploited by hackers.
Support and Assistance
During the security audit, dedicated expert teams are available online, by email, and by phone. The reports provided after the test will not only show found vulnerabilities to the client - they will also explain them and provide recommendations on how to avoid similar issues in the future.
Confidentiality and Ethical Standards
We understand how critical the confidentiality and integrity of customer's data is - so yes, of course, we will sign the NDA (Non-Disclosure Agreement). We will never take personal copies of client’s data, never perform unauthorized testing, and will not discuss findings with unauthorized people.