Skip to content

Frequently Asked Questions

Have questions about True Positives AppSec services? Check out our FAQ below or contact us to learn more!

What is a Cybersecurity Managed Security Services Provider (MSSP) for Application Security Testing?

For businesses unable, unwilling, or worn out by the burden of conducting application security testing in-house, a Cybersecurity MSSP provides a smarter alternative. More and more organizations are finding relief in outsourcing AppSec testing, ensuring continuous security without the cost, complexity, or resource drain of managing it internally.

How does T+ deliver its managed AppSec Testing services?

Our flagship AppSec Testing MSSP Services are designed for enhanced simplicity, affordability, and reliability:

  • Annual Subscription Service: Offered on a per-target (FQDN) basis.
  • Configurable Testing Frequency: Tailored to your specific risk profile and operational cadence.
  • Invicti-Powered DAST Automation: Utilizes advanced scanning technology to rapidly detect vulnerabilities.
  • Verified Results: Findings are validated and refined to eliminate false positives, ensuring clear, actionable insights.
  • Optional Manual Penetration Testing: Provides deep-dive expert analysis for complex threat scenarios.
  • Comprehensive Risk Management & DevSecOps Reporting: Delivers detailed, integrated reports aligned with modern security practices.
  • Continuous Service Quality Oversight: Ongoing reviews and improvements maintain optimal performance.
  • Broad Expert Domain Support: In access to specialized expertise in Risk Management, Application Security, and DevSecOps to support your overall security strategy. 

What sets T+ Managed AppSec Testing services apart?

Distinctive Attributes of the T+ Approach to Managed AppSec Testing:

Cost-Effective: Priced to maximize your security budget.

Comprehensive Support: Personalized service and dedicated customer success support delivered by experts, with guidance in Risk Management, Application Security, and DevSecOps.

Experienced Leadership: Founded by AppSec veterans with over a century of combined enterprise experience from leading firms such as @Stake, Microsoft, Cisco, Intel, Symantec, and Rapid7.

Innovative Testing: Pioneers in DAST and hybrid testing, blending advanced automation with expert manual inspection to secure high-risk applications.

How are True Positives Managed AST services priced so far below competitors?

Our proprietary internal systems and tools allow us to operate more efficiently which in turn allows us to offer better pricing and cost savings for our clients.

Does True Positives provide other AppSec services?

True Positives offers a comprehensive range of budget-friendly AppSec solutions.

From expert vulnerability scanning as a service to support for strategic application security planning, advanced testing, and resource optimization - our priority is strong security and cost-effective solutions for our clients.

What makes True Positives an ideal partner for startups and SMB's looking to build their AppSec?

Simply put - we offer affordable and comprehensive security solutions that otherwise would not be available to your organization.

From an initial free consultation with our experts we help you avoid costly blunders while giving you expert tips, advice, and access to enterprise level tools to help secure your applications.

What makes True Positives an ideal partner for AppSec savvy teams and programs?

Beyond providing starting point solutions for SMBs and startups, True Positives offers a range of services that allow your team the flexibility to make their AppSec stronger, more efficient, and cost-effective.

In addition, our security experts are fluent in the intricate dialect of application security with over 100 years of combined AppSec experience, having pioneered enterprise application security long before Microsoft's Trustworthy Computing initiative took flight around 2002.

What else does True Inspect do to ensure the quality of its vulnerability analysis?

We go above and beyond! Alongside our strategic partnership with Acunetix by Invicti, our dedicated technical team, composed entirely of application security automation experts, meticulously oversee every step of the scanning process all the way through processing to final reporting.

This commitment to excellence ensures not only completeness but also top-notch quality in the results we deliver.

How is a 'Target' defined for the purposes of your service, and why does it matter?

A 'Target' is typically defined as a single fully qualified domain name (FQDN), representing a distinct application or service to be tested.

Identifying targets is crucial as it helps tailor our security efforts to specific components of your digital infrastructure, ensuring thorough coverage and protection.

How does True Positives help my organization save money?

Build In-House Expertise: True Positives offers services to help you avoid costly blunders when building out your in-house expertise.

Resource Constraints: Our team helps you become more efficient instead of hiring on additional, expensive full time employees.

Scalability: Our on-demand model offers you security expertise and service that can scale up or down based on your organizational needs.

Access to Advanced Tools: We offer access to proprietary and advanced enterprise level tools that would either be unavailable to you or require expensive and lengthy contracts.

Can I see an example of what the True Positives Vulnerability Scan Report looks like?

Here is an example of our True Positives vulnerability scan report that provides a comprehensive view and actionable recommendations to improve your security: https://true-positives.com/hubfs/AppSec-Vulnerability-Scan-Report-True-Positives.pdf

In what format will I recieve my Vulnerability Scan Reports?

True Inspect Vulnerability Scan Reports are provided via email in HTML format in a manner which is highly secure.  The reports can easily be printed to PDF via the browser.

Should I take any steps before starting an automated vulnerability scan?

Definitely. Following this checklist will help ensure a smooth and effective external vulnerability scan.

#1. We highly recommend taking a proactive approach by enabling access for vulnerability scanning in advance by pre-whitelisting scan source IPs and domains. True Inspect vulnerability scans will originate from here: 54.208.242.36 scanners.acunetix.com 34.194.143.46 online.acunetix.com Additionally, please note, that True Inspect vulnerability scans aim to be non-destructive, but data impact can't always be guaranteed. Avoid using production environments; if necessary, ensure system integrity. Consider using a dedicated test account with appropriate permissions in production.

#2. Stakeholder Notification Make certain all relevant colleagues and parties are advised, including its purpose and timeline.

#3. Backup Systems Back up critical systems and data before the scan.

#4. Off-Peak Scheduling Schedule the scan during off-peak hours.Issue Response- Be prepared to respond to identified issues or vulnerabilities.

#5. Prepare for Findings & Remediation Be ready to act on scan vendor findings and prioritize remediation.

Are there specific network IPs that the scan traffic will come from?

We highly recommend taking a proactive approach by enabling access for vulnerability scanning in advance.

This can be achieved by pre-whitelisting scan source IPs and domains. For example True Positives vulnerability scans will originate from these IPs which should be You should whitelist these IPs and domains 54.208.242.36 scanners.acunetix.com 34.194.143.46 online.acunetix.com

Additionally, please note, that True Inspect vulnerability scans aim to be non-destructive, but data impact can't always be guaranteed. Avoid using production environments; if necessary, ensure system integrity. Consider using a dedicated test account with appropriate permissions in production.