<img height="1" width="1" style="display:none;" alt="" src="https://ct.pinterest.com/v3/?event=init&amp;tid=2612386726082&amp;pd[em]=<hashed_email_address>&amp;noscript=1">

Frequently Asked Questions

Have a question? We are here to help.

Does BMP have a platform or user interface for managing my assessments?

Absolutely, our comprehensive assessment platform is accessible to all customers on the Argos and Astro plans.

Through this platform, you can initiate new projects, collaborate with your project team, evaluate your results, request retesting, and examine your security assessment accomplishments at a programmatic level.

Will I still be able to schedule my tests with a Customer Success Representative even though I have access to the pentest platform?

Yes, you are always welcome to communicate and collaborate with us in the way that works best for you.

Do you offer any integrations with popular vulnerability assessment or management software?

Certainly, we offer both self-service API integrations as well as some native-integrations for customers on our Argos plan.

Do you crowdsource your testers?

No, BMP Security does not "crowdsource" our security engineers. We believe your security should be taken seriously and our team  is dedicated to providing you with the best quality.

Do you really perform cloud pentesting?

Certainly, our cloud penetration testing approach uncovers genuine, high-risk attack vectors within your cloud infrastructure. Although some other providers may assert that they offer cloud penetration testing, their assessment often resembles a quick scan of your configuration.

What Red Team capabilities do you have?

Our team possesses extensive and varied experience in cybersecurity. Although we do not permit self-service red team projects on our platform, we are fully capable of assisting you in evaluating the effectiveness of your defenses and training. Contact your CSM to arrange a time to discuss your objectives and formulate the perfect strategy.

What steps do you take to ensure service quality?

We recognize that our competitor's quality can vary significantly from one test to another. Therefore, we have implemented a comprehensive process to oversee, review, and approve all work products created by BMP. From our marketing materials to your final report, we meticulously examine everything we do.

What tools do you use during security assessments?

The answer to this question varies wildly depending on the goals of the test, what is being tested, and the rules of engagement.

We pride ourselves on our creativity and maintain a collection of state-of-the-art technologies we use during our assessments. We also use industry recognized and respected toolkits including PortSwigger's Burp Suite, Ghidra, and many others. 

How deeply do you assess each target?

The Solution Architect assigned to you will work with you on every project to understand the goals and objectives for a test.

For projects that do require deeply technical analysis, you've found the right partner. We'll ensure that the project is perfectly scoped to balance both technical and financial requirements.

Not every assessment requires in-depth analysis though. We will never recommend spending resources on something that isn't worthwhile.

Who decides how many credits I use?

Our Solutions Architects are here to guide and advise you to what we think is the best strategy to take when allocating your available credits for your annual priorities.

Ultimately, you are in the driver's seat and we will work with you to achieve your goals together.

How many credits do I need?

This depends on your organizational security goals. We've worked with clients of all sizes from Fortune 10 to indie startups out of a garage. We're well equipped to understand where you are now and what you'll be facing in the future.

I'm not sure that my project fits into standard services. Do you have customized solutions?

Absolutely, we do. Every one of our customers gains from the expertise and guidance offered by our committed team of solutions architects. Our architects collaborate with you to plan your security objectives and create any tailored assessment methodologies or frameworks you may need.

Are vulnerability scans enough?

Well, if you're aiming for a complete sense of security, vulnerability scans alone might not be the best choice. They're definitely useful and work great alongside a strong vulnerability management program, but they don't give you the whole picture. Depending solely on these scans can miss out on some important insights into your security posture.

How often should I get a pentest?

 

Depending on the specific security frameworks you're using for your compliance efforts, you might only need to do a pentest once every few years, or you might have to conduct several different types of assessments each year. Just like many things in the security and compliance world, it varies. We’re here to help with over 30 testing frameworks and methodologies, making sure our testing strategy and results fit your needs perfectly.

Do small businesses need security assessments?

Absolutely. Small and mid-sized businesses are frequently targeted by attackers that assume smaller businesses have less resources and are less secure (easy prey). If you have valuable data, you are a target. We offer flexible scoping and testing strategies that scale with business of all sizes.