Qseap.com | Twitter | FAQ | Request a Quote

FAQ

This page contains an extensive range of the most common questions people have about Qseap and Qseap's Network and Application Security Services.

FAQ

How much time do you need to send a proposal?

We will send you a proposal within a day. After you request to get a proposal, we will get back to you with some basic queries that will help us create the best proposal that will suit your needs.



What is your delivery model? Can your consultants come onsite to perform the test?

We work on a Global Delivery Model. Usually, our consultants will do most of the work based out of our Security Operations Center. Additionally, if you specifically need, or the project demands onsite presence, our Consultants will be happy to visit you.



Do I have to buy the tools Qseap uses during the test?

No. Qseap mostly uses Open-Source tools, and has licensed versions of all the tools necessary for the test. You don't have to buy any of them for the test.



After I give a test to be carried out to Qseap, what to worry about?

Our Consultants understand that your application is critical to your business. They will give their best to meet the highest standards. After you give the prerequisites, you totally don't have to worry at all!



Are your tests disruptive?

Our Consultants never perform tests that may disrupt the service. You are absolutely safe!



What precautions do I have to take while Qseap is performing the test? You don't have to take any precautions while the test is being performed. We test the applications in their intrinsic form.


What kind of products/applications need security testing? Any product/application can be attacked by a determined attacker. So, every product, both software and hardware should be put through Security Testing. Mission critical applications need to be tested at any cost, as the impact of their failure is very drastic.

I already had a security testing done some time back. Do I still need another round of testing? Each round of testing is done with the available information and known threats at the time of testing. The testing also depends on the past experiences of the Consultant. As the security scenario is changing day-by-day, it's never too soon to retest an application.

My application has never been attacked before. Does it still need testing? New vulnerabilities and threats come up every day. Even if your application has never been attacked before, nobody can ever guarantee that it may not be attacked. All applications are vulnerable to some degree most of the times. It is always advisable to perform a test on your application.

My application is not interfaced to the web. Do I still need testing? It is now well established that applications face most of the risks from insider threats. Insiders have bypassed the physical and logical controls that are in place to protect the perimeter of your application and network. The insider may also have credentials to access the infrastructure. They can most easily violate the trust put on them for various reasons. It is always the safest and best approach to test both internal and external applications.


I already use automated tools to periodically test the security of my application/server. Do I need this test? Tools can never guarantee missing out vulnerabilities. We follow the hybrid approach where our experienced Consultants achieve the accuracy with manual testing, and automation with the help of tools. This hybrid approach guarantees that no vulnerabilities are missed out, which no tool can assure.

I am having critical deadlines. Can Qseap meet my demands of timelines? We understand that your deadlines are vital for us. We will schedule the tests within a day. The tests and the report will generally not take more than 4-5 days. We can deliver even quicker, if the need arises.

What deliverables will be provided to me after the security testing? You will be provided with a detailed and comprehensive report of all the existing as well as potential risks to the application/product. Recommendations and suggestions are also made to ensure that the application meets the highest security standards. Our report will contain solutions to fix the vulnerabilities on a step-by-step basis. A developer or administrator will find it very easy to execute the steps.

Will Qseap share the reports with anyone else? We at Qseap understand that confidentiality is critical to your business. We strictly follow standard security policies and take special precautions to protect the confidentiality. The tests and their results are upheld with uttermost confidentiality and are never shared with any unauthorized entity.