Conduct on-demand penetration testing that actively exploits vulnerabilities, providing you with in-depth visibility into your network.

EvolvePT is mainly designed for performing external and internal infrastructure security testing. 

A typical EvolvePT scan takes anywhere from 2 days to a week, depending on the size of your network and the complexity of your infrastructure. 

Yes, EvolvePT can be used by any type of business. Although designed mainly as an enterprise-grade solution, EvolvePT can be used in any business that wants to test its security posture. We have clients in a variety of industries including: financial services, education, healthcare, government, manufacturing, and more.

The answer to this is largely dependent on your organization and its security needs.  For example, a retail merchant who handles millions of credit card transactions is most likely going to need more frequent pentesting than, say, a small, locally-owned dog groomer.  However, most regulatory agencies require a pentest at least once a year. With EvolvePT, you can perform a pentest as often as you need to meet these requirements. 

Absolutely! Our clients have a wide range of customization options at their fingertips. You can customize the penetration testing method, scope, timing, and type of report to fit your needs.

Yes, EvolvePT can scan web applications. To do this, simply incorporate the Application Security task into the application build steps. The test results will then be imported and displayed within the Pipeline.

Yes, EvolvePT can perform both authenticated and unauthenticated scans. However, EvolvePT cannot perform authenticated web application scans. 

Yes, the EvolvePT report includes detailed remediation guidance for each vulnerability. The remediation guidance includes steps to remediate the vulnerability and references to the appropriate standards. 

EvolvePT uses a unique approach to eliminate false-positives during our automated pen testing process. After scannig for vulnerabilities, it uses all the detected exploits to attempt to break into our client's system, giving us a clear picture of which vulnerabilities pose a real risk to their infrastructure. This means that we only report on the actual threats that need to be addressed, rather than flooding our clients with false positives.

Furthermore, we take our reporting process one step further by including evidence of the breach in our reports. This includes a screenshot of the exploit that was used to gain unauthorized access to our client's system, providing a clear and tangible example of what needs to be addressed. 

There is no limit to the number of scans you can perform with EvolvePT. You can run as many scans as you need to meet your security requirements, and you can run them as frequently as you need to. 

No, Evolve cannot be used to test mobile applications. However, EvolveAST (our application security solution) can test mobile application APIs.

Yes, EvolvePT can perform both authenticated and unauthenticated scans. However, EvolvePT cannot perform authenticated web application scans.

The license tiers are based on the number of live external and/or internal hosts to be tested each month. The target hosts can also be changed each month.

Yes, EvolvePT can be used to test compliance against PCI-DSS, HIPAA, NIST 800-53, ISO 27001, and GDPR.

EvolvePT's reports are designed for clarity and ease of understanding by both executives and technical personnel. These reports include a summary of findings, a comprehensive technical report, an executive summary for board members, remediation recommendations with guidelines, real-time feedback, and a prioritized list of vulnerabilities based on exploitability. This structure allows for quick identification of critical vulnerabilities while minimizing false positives.

The license tiers are based on the number of live external and/or internal hosts to be tested each month. The target hosts can also be changed each month.

Our application security solution, EvolveAST scans APIs.

Various support and resources are available with EvolvePT, including YouTube training videos that cover how to launch a penetration test, review reports, and analyze dashboards. Additionally, we offer managed services for clients who require extra assistance. By choosing EvolvePT as a managed service, you can contact our SOC team or email us for support. Our SOC team will ensure EvolvePT is properly set up and provide a report walkthrough, addressing any questions you may have. If you have a support agreement with us, we are more than happy to assist with troubleshooting and any other help you may need.