DarkHorse - Breaches Are Expensive; DarkHorse Isn't. Fractional Testing.

Fractional Testing

Pentesting (or any security testing), On Your Terms.

Fractional Testing / Pentesting provides access to cybersecurity talent how, when, and where you need it.
What if pentesting was flexible and simple?

The first-of-its-kind: Fractional Pentesting.

Flexibility
Test for as little as two hours

Consultative approaches require days of effort; with fractional testing, you can get just the amount of testing you need.

On-demand
Get access to talent within hours, not weeks

Move at the speed of you. Input your parameters, and we'll invite qualified persons to apply. Pay with a credit card, and be on your way!

Control
Select the tester you want; not just whoever is assigned

Another first-of-its kind innovation, we let you choose your tester from a range of applicants. Giving you more control over spend, qualifications, and more!

Tailored
Define the methodology and desired outcomes

Because we let you define what you need, you're able to state exactly what you want the tester to do.

Frequently asked questions about fractional testing

FAQs

Fractional testing (or pentesting) is a novel way to get access to penetration testing resources for as much or as little time as is needed - free from the typical constraints associated with a full or comprehensive penetration test.

Historically, if one wanted penetration testing, they had to buy a pentest. With the introduction of fractional pentesting, that now changes. With fractional pentesting you can quickly and effectively get access to top-tier penetration testers without needing to purchase a bulky, over-sized (and often over-priced) penetration testing contract. You can setup a fractional pentest engagement within minutes, and have bids from qualified testers ready to start testing within days.

True to DarkHorse's mission to democratize crowdsourced and offensive security, we're making this as affordable and as easy to use as possible. Despite being the first-to-market with this approach, we're still going to keep this as affordable and accessible as we can.

In the same way that a slice of cake is "cake", but not a full cake, the same is true for fractional pentesting.

Fractional pentesting is 100% pentesting, but it is not a full pentest.

Say you have a fairly clean house, but your kitchen needs a deep clean. Rather than having to pay a house cleaner to spend time cleaning the whole house, what if you could have them just clean your kitchen? You're not getting a fully cleaned house, but you are getting what you want, where you need it the most. This is what fractional pentesting enables... the ability for you to choose where and how you want testing to happen. If you want a full / deep clean, we can absolutely service that via our standard penetration testing services, but the key feature here is that it's 100% up to you!

That depends. Only you know what is needed - if your auditor requires a full penetration test, then you need a full penetration test, and not fractional pentesting. However, if your auditor just wants to see proof that a specific thing was tested for a certain amount of time, then it will likely pass - but again, we cannot make any guarantees in this respect. It is your responsibility to know what the auditor wants/needs, and then based on those wants/needs, we can recommend the right product fit for you.

We have a Loom above that goes through the whole process. However, we can cover it in text here as well:

  1. You setup a fractional pentest engagement in the platform in minutes. This includes collecting your scope, goals, artifact requirements, notes, amount of hours of effort you need, methodology, and any desired tester qualifications. NOTE: this can also be layered on top of an existing bug bounty or vulnerability disclosure program!
  2. After you complete the setup process, we immediately go out and select ~5 qualified testers, based on your qualification criteria. These testers have until your defined deadline to submit their bids (along with their justification around why they should be selected).
  3. After bids have been submitted, you review the bids, select the one you want, and then the tester performs the specified amount and scope of work within the testing window, and that's that! Depending on your artifact requirements, they'll also provide any necessary artifacts.
  4. No more steps. If it sounds simple, that's because it is. As it should be.

A lot less than a full pentest, and a lot-lot-lot less than getting a pentest from a consultancy or similar. The exact amounts are determined by the testers themselves, and the associated requirements (skills, target type, testing type, artifact output, etc). We try to provide a diverse range of options, so that you're able to choose from a wide range of skill levels and costs.

Watch the Loom below to learn just how easy it is to get started with fractional pentesting.