Due to the nature of the application, DarkHorse is not optimized for mobile devices. Please view it on a desktop or tablet for the best experience.
Fractional Testing
(What you want, how you want it, when you want it.)What if pentesting was flexible and easy?
How, you say?
Say you want a qualified penetration testers to spend just five hours testing a new feature before it goes live this weekend?
The existing options aren't particularly great for this use case - the big consultancies are booked out for weeks-to-months, and don't offer the ability to get small amount of work done quickly. You'll probably need to purchase a gigantic drawdown, or worse, have to purchase an over-priced full-on pentest.
But you just need someone to spend five hours. This week.
Enter fractional pentesting.
What if you could say exactly how many hours of effort you need from a qualified professional with whatever skillset(s) you define?
What if you could do all of that in five minutes or less?
What if you could define the specific methodology you wanted them to complete, and see their progress in realtime?
What if this was cost efficient, you could pay with a credit card, and have access to top-tier testing talent within days?
This is what we've built at DarkHorse. The first of its kind, Fractional Pentesting is a huge step in the right direction of meeting security organizations where they are, as opposed to enforcing stodgy and outdated notions of the past. Your life is about to get a whole lot easier.
Watch the Loom below to learn just how easy it is to get started with fractional pentesting.
The existing options aren't particularly great for this use case - the big consultancies are booked out for weeks-to-months, and don't offer the ability to get small amount of work done quickly. You'll probably need to purchase a gigantic drawdown, or worse, have to purchase an over-priced full-on pentest.
But you just need someone to spend five hours. This week.
Enter fractional pentesting.
What if you could say exactly how many hours of effort you need from a qualified professional with whatever skillset(s) you define?
What if you could do all of that in five minutes or less?
What if you could define the specific methodology you wanted them to complete, and see their progress in realtime?
What if this was cost efficient, you could pay with a credit card, and have access to top-tier testing talent within days?
This is what we've built at DarkHorse. The first of its kind, Fractional Pentesting is a huge step in the right direction of meeting security organizations where they are, as opposed to enforcing stodgy and outdated notions of the past. Your life is about to get a whole lot easier.
Watch the Loom below to learn just how easy it is to get started with fractional pentesting.
FAQs
(if you have other questions, feel free to reach out at anytime to info[at]darkhorse.sh)
What is "fractional testing"?
Fractional testing (or pentesting) is a novel way to get access to penetration testing resources for as much or as little time as is needed - free from the typical constraints associated with a full or comprehensive penetration test.
Historically, if one wanted penetration testing, they had to buy a pentest. With the introduction of fractional pentesting, that now changes. With fractional pentesting you can quickly and effectively get access to top-tier penetration testers without needing to purchase a bulky, over-sized (and often over-priced) penetration testing contract. You can setup a fractional pentest engagement within minutes, and have bids from qualified testers ready to start testing within days.
True to DarkHorse's mission to democratize crowdsourced and offensive security, we're making this as affordable and as easy to use as possible. Despite being the first-to-market with this approach, we're still going to keep this as affordable and accessible as we can.
Historically, if one wanted penetration testing, they had to buy a pentest. With the introduction of fractional pentesting, that now changes. With fractional pentesting you can quickly and effectively get access to top-tier penetration testers without needing to purchase a bulky, over-sized (and often over-priced) penetration testing contract. You can setup a fractional pentest engagement within minutes, and have bids from qualified testers ready to start testing within days.
True to DarkHorse's mission to democratize crowdsourced and offensive security, we're making this as affordable and as easy to use as possible. Despite being the first-to-market with this approach, we're still going to keep this as affordable and accessible as we can.
Is this a pentest?
In the same way that a slice of cake is "cake", but not a full cake, the same is true for fractional pentesting.
Fractional pentesting is 100% pentesting, but it is not a full pentest.
Say you have a fairly clean house, but your kitchen needs a deep clean. Rather than having to pay a house cleaner to spend time cleaning the whole house, what if you could have them just clean your kitchen? You're not getting a fully cleaned house, but you are getting what you want, where you need it the most. This is what fractional pentesting enables... the ability for you to choose where and how you want testing to happen. If you want a full / deep clean, we can absolutely service that via our standard penetration testing services, but the key feature here is that it's 100% up to you!
Fractional pentesting is 100% pentesting, but it is not a full pentest.
Say you have a fairly clean house, but your kitchen needs a deep clean. Rather than having to pay a house cleaner to spend time cleaning the whole house, what if you could have them just clean your kitchen? You're not getting a fully cleaned house, but you are getting what you want, where you need it the most. This is what fractional pentesting enables... the ability for you to choose where and how you want testing to happen. If you want a full / deep clean, we can absolutely service that via our standard penetration testing services, but the key feature here is that it's 100% up to you!
Will this work for my auditor?
That depends. Only you know what is needed - if your auditor requires a full penetration test, then you need a full penetration test, and not fractional pentesting. However, if your auditor just wants to see proof that a specific thing was tested for a certain amount of time, then it will likely pass - but again, we cannot make any guarantees in this respect. It is your responsibility to know what the auditor wants/needs, and then based on those wants/needs, we can recommend the right product fit for you.
How does this work?
We have a Loom above that goes through the whole process. However, we can cover it in text here as well:
- You setup a fractional pentest engagement in the platform in minutes. This includes collecting your scope, goals, artifact requirements, notes, amount of hours of effort you need, methodology, and any desired tester qualifications. NOTE: this can also be layered on top of an existing bug bounty or vulnerability disclosure program!
- After you complete the setup process, we immediately go out and select ~5 qualified testers, based on your qualification criteria. These testers have until your defined deadline to submit their bids (along with their justification around why they should be selected).
- After bids have been submitted, you review the bids, select the one you want, and then the tester performs the specified amount and scope of work within the testing window, and that's that! Depending on your artifact requirements, they'll also provide any necessary artifacts.
- No more steps. If it sounds simple, that's because it is. As it should be.
What will this cost?
A lot less than a full pentest, and a lot-lot-lot less than getting a pentest from a consultancy or similar. The exact amounts are determined by the testers themselves, and the associated requirements (skills, target type, testing type, artifact output, etc). We try to provide a diverse range of options, so that you're able to choose from a wide range of skill levels and costs.
© 2024 DarkHorse Security, LLC. DarkHorse: Let's Ride. All rights reserved. CURRENTLY IN OPEN BETA | Need Help?