Fractional Testing

Fractional testing (or pentesting) is a novel way to get access to penetration testing resources for as much or as little time as is needed - free from the typical constraints associated with a full or comprehensive penetration test.

Historically, if one wanted penetration testing, they had to buy a pentest. With the introduction of fractional pentesting, that now changes. With fractional pentesting you can quickly and effectively get access to top-tier penetration testers without needing to purchase a bulky, over-sized (and often over-priced) penetration testing contract. You can setup a fractional pentest engagement within minutes, and have bids from qualified testers ready to start testing within days.

True to DarkHorse's mission to democratize crowdsourced and offensive security, we're making this as affordable and as easy to use as possible. Despite being the first-to-market with this approach, we're still going to keep this as affordable and accessible as we can.

In the same way that a slice of cake is "cake", but not a full cake, the same is true for fractional pentesting.

Fractional pentesting is 100% pentesting, but it is not a full pentest.

Say you have a fairly clean house, but your kitchen needs a deep clean. Rather than having to pay a house cleaner to spend time cleaning the whole house, what if you could have them just clean your kitchen? You're not getting a fully cleaned house, but you are getting what you want, where you need it the most. This is what fractional pentesting enables... the ability for you to choose where and how you want testing to happen. If you want a full / deep clean, we can absolutely service that via our standard penetration testing services, but the key feature here is that it's 100% up to you!

That depends. Only you know what is needed - if your auditor requires a full penetration test, then you need a full penetration test, and not fractional pentesting. However, if your auditor just wants to see proof that a specific thing was tested for a certain amount of time, then it will likely pass - but again, we cannot make any guarantees in this respect. It is your responsibility to know what the auditor wants/needs, and then based on those wants/needs, we can recommend the right product fit for you.

We have a Loom above that goes through the whole process. However, we can cover it in text here as well:

1. You setup a fractional pentest engagement in the platform in minutes. This includes collecting your scope, goals, artifact requirements, notes, amount of hours of effort you need, methodology, and any desired tester qualifications. NOTE: this can also be layered on top of an existing bug bounty or vulnerability disclosure program!
2. After you complete the setup process, we immediately go out and select ~5 qualified testers, based on your qualification criteria. These testers have until your defined deadline to submit their bids (along with their justification around why they should be selected).
3. After bids have been submitted, you review the bids, select the one you want, and then the tester performs the specified amount and scope of work within the testing window, and that's that! Depending on your artifact requirements, they'll also provide any necessary artifacts.
4. No more steps. If it sounds simple, that's because it is. As it should be.

A lot less than a full pentest, and a lot-lot-lot less than getting a pentest from a consultancy or similar. The exact amounts are determined by the testers themselves, and the associated requirements (skills, target type, testing type, artifact output, etc). We try to provide a diverse range of options, so that you're able to choose from a wide range of skill levels and costs.