The Frequently Asked Questions guide you through our cybersecurity testing processes. They help us to understand your requirements.
- If you are in Singapore, give us a call or email us.
- If you are not in Singapore, leave us an email. We will schedule a virtual meeting with you.
1. Timeline and Quality Commitment
Q1: What are the general steps for a security assessment project? And how long would it take?
MK Cybersecurity: For a medium project, it would take around 1 month.
- Requirement brief: To confirm the target website URLs and servers – 1-2 days
- Round 1: Initial security assessment and brief report – 1 week
- Fixing period: Your development team to fix the security findings – 1-2 weeks.
- Round 2: Verification of security fixes – 3 days
- Closing period: Your development team to refix the security findings and final report: 3 days.
Q2: Which services we should choose for our security assessment project? Vulnerability Assessment or Penetration Testing or Security Code Review?
MK Cybersecurity: It depends on your need of security assessment.
- If you need a quick security check for common and simple security vulnerabilities, please choose Vulnerability Assessment. Moreover, Vulnerability Assessment also has lower pricing.
- if you need comprehensive security check for all application functionalities, please choose Penetration Testing. Our security researchers will use hacking techniques to assess all application functionalities for complex and application-context vulnerabilities.
- If you completed the Penetration Testing and want to assess the security by scanning the source code, please choose Security Code Review.
Q3: How we know the quality of security assessment performed by MK Cybersecurity?
MK Cybersecurity: We could provide you our security certifications and best-practice methodology. Moreover, we are more result-oriented to give you the reports with critical and high risk findings.
2. Requirement Brief
Q1. We would like to do a security assessment for our websites, mobile applications and servers. What information do we need to provide you?
MK Cybersecurity: Please simply contact us and we will guide you through the below questions.
1. What are the target systems and applications?
Sample answer: We want to do penetration testing / vulnerability assessment / source code review for two public websites, one database server, one iOS application and one Android application.
2. What is the high level system architecture?
Sample answer 1: Our system uses ASP.NET, Windows servers and Microsoft SQL Server.
Sample answer 2: Our system uses PHP, Ubuntu OS on AWS EC2 and AWS RDS.
Sample answer 3: Our system uses customized WordPress, Ubuntu OS on AWS EC2 and AWS RDS.
3. For target websites, please give us the website URLs and after-login screenshots.
Public website: https://example.com. We attach the after-login screenshots in this email.
Admin website: https://admin.example.com. We attach the after-login screenshots in this email.
4. For target mobile applications, please give us the URLs of your application in Google Play and Apple App Store.
Android App: https://play.google.com/store/apps/details?id=com.uptimerobot
IOS App: https://apps.apple.com/us/app/uptime-robot-app/id1104878581
5. For target servers, please give us your server IPs.
Sample answer: We have one server at ip1.example.com and 18.104.22.168.
6. (Only for source code review) For target source code, what is your technical stack of target source code?
Sample answer: We use PHP for our custom WordPress.
3. Value-Added Services
Q1: Do you provide Performance Testing service?
MK Cybersecurity: Currently, we do not provide Performance Testing service.
Q2: If cybersecurity testing services reveal security holes, do you provide security fixes?
MK Cybersecurity: We are also providing web development and server administration service to fix security holes. Please contact us for a quick quotation. The pricing is much reasonable than you expect.