As a digital agency, we often need to test our websites for vulnerability issues.
Recently we came across a few projects that require our clients to run penetration testing. We were shocked when we talked to a few penetration companies, and the prices that came back were in the low 5-figure.
We were wondering why it is so expensive?
The funny thing is that we were not trying to run in-depth penetration testing. The project is just an interactive website that has no backend connected to it.
In the end, my client engaged a penetration testing company and paid for the test.
And we managed to look into the report and fixed the items inside.
A few months later, a similar project also required to do penetration testing. We went through the same process and engaged with another company.
Another report came after a week of waiting, and this report looks similar to the one we had previously and asking us to fix very similar kind of problems.
So, we decided if we can create a tool that detects all these kind of issues at a much quicker speed and lower cost.
The other thing is to remove the middleman agency as we think security scanning should be quick and instant, not a ping-pong process that requires a few days to resolve.
We will continue to improve this tool such that one day, we can offer such a solution to small businesses who could run such penetration testing without paying a 5-figure bill.
The intention to build this tool is never to replace these companies as we believe Enterprise will still require such services for their websites or apps. There are so many problems our tool may now be able to detect, whereas these companies can.
We also think this tool may be useful for them to improve their service-offering for smaller tasks.