• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

iViZ On Demand Penetration Testing

July 27, 2011

Views: 11,321

Introduction

iViZ is the industry’s first company to position themselves as an on-demand penetration testing service for web applications. This is very different from the normal low cost vulnerability assessment services like Qualys, Hackersafe, Hackerguardian etc.  Unlike conventional solutions, iViZ delivers consultant-grade quality with an on-demand experience. iViZ provides a hybrid solution that integrates automation with manual testing by security experts. This results in a cost-effective SaaS model to achieve a very low rate of false positives, manual expert validation, and business logic testing.  The key advantages are high quality, on-demand manageability, high scalability and unmatched service to price value.

iViZ Security is funded by IDG Ventures which also funded companies like Netscape, Baidu, MySpace and F5 amongst several others. iViZ currently has 200+ customers across several verticals including Finance, Telecom, Online Media and E-commerce.

Why did we evaluate iViZ On Demand Penetration Testing?

Although there are tons of penetration testing providers and solutions in the market today, iViZ visualized the gap in making penetration testing more proactive and repetitive in a cost effective manner. It has thus adopted the SaaS route which can be a potential disruptor to make penetration testing more affordable without the hassles of tools and costly consultants. Organizations worldwide are evolving at a rapid pace and thus they require a solution which helps them attain speed to market and profitability.

Also today’s market place is primarily focused on cost differentiation. This has led to automation and sub optimal quality with plenty of “me too” service providers. While automated scanning provides benefits like lowered cost and faster time to scan, application penetration testing requires manual intervention to remove false positives and more importantly conduct business logic testing. iViZ seems to have understood early on that pure automation will never be able to indentify complex business logic vulnerabilities in the context of today’s evolving application specially in online and telecom market.

Review Parameters

We evaluated iViZ primarily on 4 key parameters:

  1. User Experience
  2. Quality of Findings
  3. Methodology
  4. Packaging and Pricing

A. User Experience

We had been provided access to https://edge.ivizsecurity.com/ . The portal enables two views: partner and customer. The partner view essentially helps you manage your customer’s pen test. The customer can also login with his credentials and submit a new scan or download a complete report.

Iviz Security Dashboard

The dashboard nicely summarizes the essential info on completed scans and upcoming scans. “Scan in Verification” are the ones which have already passed automated testing and being manually verified for false positives and business logic testing. This hybrid testing is carried out by combining automation of testing with work flow automation and leveraging process engineering on top of it.

The customer dashboard is also clear and concise representing only the vital information without too much clutter of graphs and diagrams.

The interface to submit or schedule new scans has got plenty of options to specify advanced parameters that enhance the quality and performance of testing. Apart from date, time and target you can specify application details like user credentials, path to exclude, depth limit and link limit.

B. Quality of Findings

The key factor which differentiates this SaaS offering for other VA services is the quality of findings. The report section nicely summarizes vulnerability info and critical threats that needs to be fixed urgently. The reports can be viewed online or downloaded in a pdf format. The key thing which has impressed us is every high and critical vulnerability is accompanied by a “Proof of Exploit” – a screenshot depicting the impact of the vulnerability. This goes a long way in making the report meaningful and immense help for the application developers to quickly fix the vulnerability. This also gives the true essence of penetration testing.

Having a proof of exploit with high and critical vulnerability also ensures that these have been manually verified and thus the report is almost “Zero False Positive”. A huge time saver!

C. Scan Methodology

iViZ Penetration Testing Cloud service jumpstarts the scan process without employing consultants or buying expensive tools. Assessments are conducted in the cloud as needed and when requested by the customer. iViZ follows a hybrid approach for its scan methodology:

  1. T0 Testing: Automated Testing using multiple in-house and commercial scanners
  2. T1 Testing: False positives are removed with extensive manual investigation.
  3. T2 Testing:  Business logic verification is carried out with further manual testing using complex attack paths.

The hybrid testing is carried out by combining automation of testing with work flow automation and leveraging process engineering on top of it. In terms of coverage, the service covers OWASP Top 10 and WASC 26 threat classes in premium app testing.

D. Packaging and Pricing

iViZ offers two penetration testing service packages depending on customer business environment – Standard and Premium. Standard Tests are suitable for non critical applications and thus has lesser coverage. Premium is suited for critical applications and thus it provides a deep diagnosis with zero false positive and proof of exploit.  The pricing packages are all subscription based with frequency ranging from half yearly, quarterly, yearly and unlimited.

Conclusion

Overall the service looks pretty impressive. It provides a seamless way to do penetration testing on demand without incurring high cost of tools and consultants. Basically, like the sales force of penetration testing. For partners it provides an easy way to deliver penetration testing much more profitably or even set up a security testing business with zero Capex. However, the primary challenge that iViZ faces is sticking to the quality as the volume scales to thousands of scans.

It’s an interesting service and we shall be keeping an eye on it.

Share
Tweet18
Share6
Buffer
WhatsApp
Email
24 Shares

Filed Under: Countermeasures Tagged With: penetration-testing, vulnerability-assessment



Reader Interactions

Comments

  1. Anonymous says

    August 4, 2011 at 2:35 pm

    Nice tool, yet so much depending on vuln libraries. What happens with undiscloded 0-days ?

  2. Darknet says

    August 5, 2011 at 10:47 am

    Hard to scan/check for those. That’s where real pen-testing comes in (developing exploits etc).

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Views: 277

As threat surfaces grow and attack sophistication increases, many security teams face the same … ...More about Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

Views: 449

With more businesses running Linux in production—whether in bare metal, VMs, or containers—the need … ...More about Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

SUDO_KILLER - Auditing Sudo Configurations for Privilege Escalation Paths

SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Views: 483

sudo is a powerful utility in Unix-like systems that allows permitted users to execute commands with … ...More about SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Bantam - Advanced PHP Backdoor Management Tool For Post Exploitation

Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Views: 395

Bantam is a lightweight post-exploitation utility written in C# that includes advanced payload … ...More about Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

AI-Powered Cybercrime in 2025 - The Dark Web’s New Arms Race

AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Views: 608

In 2025, the dark web isn't just a marketplace for illicit goods—it's a development lab. … ...More about AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Upload_Bypass - Bypass Upload Restrictions During Penetration Testing

Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Views: 562

Upload_Bypass is a command-line tool that automates discovering and exploiting weak file upload … ...More about Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (228)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (431)
  • Forensics (65)
  • GenAI (3)
  • Hacker Culture (8)
  • Hacking News (229)
  • Hacking Tools (684)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (118)
  • Security Software (234)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,294,818)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,089)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,624)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,684)
  • Password List Download Best Word List – Most Common Passwords (933,491)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,148)
  • Hack Tools/Exploits (673,293)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,159)

Search

Recent Posts

  • Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance May 16, 2025
  • Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked) May 14, 2025
  • SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths May 12, 2025
  • Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation May 9, 2025
  • AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race May 7, 2025
  • Upload_Bypass – Bypass Upload Restrictions During Penetration Testing May 5, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy