Frequently Asked Questions
Have questions about True Positives AppSec services? Check out our FAQ below or contact us to learn more!
What is Managed or Outsourced Application Security Testing?
Outsourced or Managed Application Security Testing is a service where you outsource some or all of your software security testing to a third party company specializing in cybersecurity (typically a Managed Security Services Provider or MSSP).
This approach is gaining traction due to its cost advantages, greater efficiency, as well as ease of management and scalability.
What is a managed security service provider (MSSP)?
A Managed Security Services Provider (MSSP) is an outsourced company that handles cybersecurity for other organizations. They specialize in protecting networks, systems, and data from various cyber threats.
Why I should trust True Positive's managed vulnerability scanning?
The True Positives team has over 100 years of combined experience in the AppSec space. In other words, we understand the industry and the different challenges that practitioners face on a daily basis.
Additionally, we have exclusive access to proprietary in-house tools and systems (True Inspect) as well as industry leading DAST technology from Invicti.
All of this provides our clients with managed vulnerability scanning services of unmatched quality and affordability.
How are True Positives Managed AST services priced so far below competitors?
Our proprietary internal systems and tools allow us to operate more efficiently which in turn allows us to offer better pricing and cost savings for our clients.
Does True Positives provide other AppSec services?
True Positives offers a comprehensive range of budget-friendly AppSec solutions.
From expert vulnerability scanning as a service to support for strategic application security planning, advanced testing, and resource optimization - our priority is strong security and cost-effective solutions for our clients.
What makes True Positives an ideal partner for startups and SMB's looking to build their AppSec?
Simply put - we offer affordable and comprehensive security solutions that otherwise would not be available to your organization.
From an initial free consultation with our experts we help you avoid costly blunders while giving you expert tips, advice, and access to enterprise level tools to help secure your applications.
What makes True Positives an ideal partner for AppSec savvy teams and programs?
Beyond providing starting point solutions for SMBs and startups, True Positives offers a range of services that allow your team the flexibility to make their AppSec stronger, more efficient, and cost-effective.
In addition, our security experts are fluent in the intricate dialect of application security with over 100 years of combined AppSec experience, having pioneered enterprise application security long before Microsoft's Trustworthy Computing initiative took flight around 2002.
What else does True Inspect do to ensure the quality of its vulnerability analysis?
We go above and beyond! Alongside our strategic partnership with Acunetix by Invicti, our dedicated technical team, composed entirely of application security automation experts, meticulously oversee every step of the scanning process all the way through processing to final reporting.
This commitment to excellence ensures not only completeness but also top-notch quality in the results we deliver.
How is a 'Target' defined for the purposes of your service, and why does it matter?
A 'Target' is typically defined as a single fully qualified domain name (FQDN), representing a distinct application or service to be tested.
Identifying targets is crucial as it helps tailor our security efforts to specific components of your digital infrastructure, ensuring thorough coverage and protection.
How does True Positives help my organization save money?
Build In-House Expertise: True Positives offers services to help you avoid costly blunders when building out your in-house expertise.
Resource Constraints: Our team helps you become more efficient instead of hiring on additional, expensive full time employees.
Scalability: Our on-demand model offers you security expertise and service that can scale up or down based on your organizational needs.
Access to Advanced Tools: We offer access to proprietary and advanced enterprise level tools that would either be unavailable to you or require expensive and lengthy contracts.Can I see an example of what the True Positives Vulnerability Scan Report looks like?
Here is an example of our True Positives vulnerability scan report that provides a comprehensive view and actionable recommendations to improve your security: https://true-positives.com/hubfs/AppSec-Vulnerability-Scan-Report-True-Positives.pdf
In what format will I recieve my Vulnerability Scan Reports?
True Inspect Vulnerability Scan Reports are provided via email in HTML format in a manner which is highly secure. The reports can easily be printed to PDF via the browser.
Should I take any steps before starting an automated vulnerability scan?
Definitely. Following this checklist will help ensure a smooth and effective external vulnerability scan.
#1. We highly recommend taking a proactive approach by enabling access for vulnerability scanning in advance by pre-whitelisting scan source IPs and domains. True Inspect vulnerability scans will originate from here: 54.208.242.36 scanners.acunetix.com 34.194.143.46 online.acunetix.com Additionally, please note, that True Inspect vulnerability scans aim to be non-destructive, but data impact can't always be guaranteed. Avoid using production environments; if necessary, ensure system integrity. Consider using a dedicated test account with appropriate permissions in production.
#2. Stakeholder Notification Make certain all relevant colleagues and parties are advised, including its purpose and timeline.
#3. Backup Systems Back up critical systems and data before the scan.
#4. Off-Peak Scheduling Schedule the scan during off-peak hours.Issue Response- Be prepared to respond to identified issues or vulnerabilities.
#5. Prepare for Findings & Remediation Be ready to act on scan vendor findings and prioritize remediation.
Are there specific network IPs that the scan traffic will come from?
We highly recommend taking a proactive approach by enabling access for vulnerability scanning in advance.
This can be achieved by pre-whitelisting scan source IPs and domains. For example True Positives vulnerability scans will originate from these IPs which should be You should whitelist these IPs and domains 54.208.242.36 scanners.acunetix.com 34.194.143.46 online.acunetix.com
Additionally, please note, that True Inspect vulnerability scans aim to be non-destructive, but data impact can't always be guaranteed. Avoid using production environments; if necessary, ensure system integrity. Consider using a dedicated test account with appropriate permissions in production.