Product Spotlight: Bundled Penetration Testing

Announcing new in-app pentesting to help you feel less vulnerable! This new feature adds to Thoropass’s (formerly Laika) comprehensive approach to compliance automation by continuing to be an all-in-one compliance hub. 

Thoropass’s Bundled Pentest is aimed to help eliminate the need for customers to find and vet a pentest vendor on their own. Thoropass users can scope and arrange a pentest with our trusted partners, track progress, view draft reports, and download their final report for audit evidence, all within the Laika app. 

Using Thoropass’s in-app pentesting, we did the legwork for you. No more worries about quality issues, confusion, overspending, or wasting time. Our partnering pentest firms consist of cybersecurity experts with a track record of high-quality service for startups, big tech, and financial institutions. 

Our partnership and scale allows us to provide pentest services to our customers for the lowest cost, without sacrificing quality. 

What is a pentest and why do I need it? 

Penetration testing (or pen testing) is like a fire drill for your computer systems. During a pentest, cyber-security experts conduct a test to exploit vulnerabilities in a computer system. The test identifies any weak spots in system security that create openings for attackers. 

For SOC 2 & ISO 27001 certifications, a pentest is required or at least strongly recommended by reputable audit firms, including Laika Compliance and others. 

For PCI DSS, HITRUST, & FedRAMP certifications a pentest is explicitly required. Auditors require it, and if you’re selling to enterprises, they’ll ask about it. 

Save cost and time

After seeing our customers paying up to $20k for a pentest, we did the leg work to secure pentest services at a competitive rate. 

Our bundled pentest is integrated with the rest of Thoropass’s platform. This means our customers benefit even more from the in-app experience. The pentest results directly feed into security controls as evidence. 

How does it work?

Customers fill in our simple scoping questionnaire, which is used to calculate the exact scope needed for their pentest. The pentest service can easily scale up or down according to the customer’s compliance goal and tech stack. 

Straight from Laika’s in-app experience, navigate to Pentest and submit a request:

Data from the customer’s scoping form is sent to their compliance architect, who confirms the pentest package that will best serve the customer’s needs. Then, sit back and relax while our vendors and internal teams run the tests, giving you full transparency along the way.

Submit as evidence: The customer accesses and downloads their final pentest report, and automatically attaches it to relevant controls in Thoropass as evidence for auditors. Thoropass’s bundled in-app penetration tests include grey-box pentests designed to meet common compliance standards. Read more about penetration testing. 

Need a pentest and not sure where to start? Reach out for a demo today!