Merge branch 'pentesting-docs' of https://github.com/Oneleet/oneleet-docs into pentesting-docs

Author: AlexCulda

pages/_meta.ts

@@ -1,9 +1,9 @@
 export default {
   "index": "Introduction",
-  "penetration-testing": "Penetration Testing",
   "integrations": "Integrations",
   "oneleet-agent": "Oneleet Agent",
   "guides": "Guides",
+  "penetration-testing": "Penetration Testing",
   "support": {
     "title": "Support",
     "type": "page",

pages/penetration-testing/documents.mdx

@@ -4,6 +4,6 @@ At Oneleet, we offer several types of documents during the penetration testing p
 
 | Name | Description | Target
 |-----|-----|-----
-| **Full Report** | Generated at the conclusion of the engagement. This report presents all the findings, accompanied by a **Description**, **Business impact**, **Reproduction steps**, and **Remediation steps** section. It includes an executive summary that highlights positive findings and recommendations. The results section provides a high-level overview, a table listing vulnerabilities, and an overview of the scope of the engagement. After remediation, the report will be updated to reflect the current state of each identified finding.  | Internal Usage or <br></br> External Stakeholders
+| **Full Report** | Generated at the conclusion of the engagement. This report presents all the findings, accompanied by a **Description**, **Business impact**, **Reproduction steps**, and **Remediation steps** section. It includes an executive summary that highlights positive findings and recommendations. The results section provides a high-level overview, a table listing vulnerabilities, and an overview of the scope of the engagement. After remediation, the report will be updated to reflect the current state of each identified finding.  | Internal Usage or External Stakeholders
 | **Letter of Attestation** | Verifies the successful completion of a penetration test, offering a succinct summary of the scope, methodologies employed, and the tester's proficiency. Offers a comprehensive evaluation of the application's security, identifying the number of vulnerabilities discovered.  | External Stakeholders
 | **Letter of Engagement** | Notifies that you are undergoing a penetration test. Offers a comprehensive overview of the test's objectives, scope, methodologies, and the dates of the assessment. Assures you that any vulnerabilities discovered will be promptly reported for remediation.  | External Stakeholders |

pages/penetration-testing/faq.mdx

@@ -2,11 +2,11 @@
 
 ### Does a Penetration Test at Oneleet include DDoS?
 
-No. At Oneleet, we recognize that such attacks increase the probability of operational disruptions or the risk of collateral damage. We firmly believe that there is no genuine advantage to conducting such tests when doing a penetration test.
+No. At Oneleet, we recognize that such attacks increase the probability of operational disruptions or the risk of collateral damage. We firmly believe that there is no genuine advantage to conducting such tests during a penetration test.
 
 ### Which Penetration Test Should I Choose: Black, Gray, or White Box?
 
-Opt for a **White-box Pentration Test** if you are prepared to provide the source code and configuration files to the penetration tester, or if the application is open-source, as it effectively simulates threats that have or had access to the source code. Select a **Gray-box Penetration Test** for a best-of-both-worlds approach, as it allows the penetration tester to uncover most vulnerabilities accessible to both an out- and insider. Choose a **Black-box Penetration Test** if you are main concern is about external threat actors.
+Opt for a **White-box Pentration Test** if you're prepared to provide the source code and configuration files to the penetration tester, or if the application is open-source, as it effectively simulates threats that have or had access to the source code. Select a **Gray-box Penetration Test** for a best-of-both-worlds approach, as it allows the penetration tester to uncover most vulnerabilities accessible to both external and internal attackers. Choose a **Black-box Penetration Test** if your main concern is about external threat actors.
 
 ### Do I need to set up a staging environment, and where do you test?
 
@@ -16,7 +16,7 @@ We usually conduct tests in the staging environment and advise against testing i
 
 We advise against implementing significant system changes during the penetration test. While pushing small changes is acceptable, we recommend maintaining a stable environment throughout the engagement to ensure the accuracy and reliability of the testing process.
 
-### What to expect on the penetration testing scoping call? Should I prepare something?
+### What should I expect on the penetration testing scoping call? Should I prepare something?
 
 See [this](/penetration-testing/process-overview) section.
 

pages/penetration-testing/final-report.mdx

@@ -2,7 +2,7 @@ import { Callout } from "nextra/components";
 
 # Penetration Test Report
 
-First of all, the report includes the findings from the penetration test. Among other data, key points of our penetration test report include:
+The findings from our penetration test form the core of the report. Key elements include:
 
 - **Risk Assessment:** The overall risk of the vulnerability, categorized from Low to Critical based on its impact and probability.
 - **Vulnerability Description:** A comprehensive overview of each identified vulnerability, written in a clear and accessible manner for a broad audience.

pages/penetration-testing/findings-decisions.mdx

@@ -8,8 +8,8 @@ Here’s a brief overview of actions you can take once the penetration test repo
 
 When deciding to address a vulnerability, the first step is to allocate sufficient time to analyze and interpret the report. Your employees responsible for the penetration test should consider the following questions:
 
-- Does this vulnerability meet the risk threshold we have agreed upon internally?
-- What is the actual (business) impact of a possible vulnerability exploitation, considering factors that may not be known to the penetration tester?
+- Does this vulnerability meet the risk threshold we've agreed upon internally?
+- What's the actual (business) impact of a possible vulnerability exploitation, considering factors that may not be known to the penetration tester?
 - Who will be responsible for remediating each finding?
 
 ## Remediate
@@ -27,7 +27,7 @@ Nevertheless, in most cases, a technical fix must be implemented. We advise reme
 
 ## Retest
 
-At Oneleet, we are committed to safeguarding your company. We provide free retesting for a year after the penetration test is delivered, giving you ample time to address vulnerabilities and improve your company’s security posture. However, it’s important to adhere to your internal policy regarding vulnerability remediation, particularly in light of compliance requirements such as SOC 2, PCI, or ISO 27001.
+As part of our commitment to protecting your organization, we offer free retesting for up to a year after delivering the penetration test, allowing ample time to address vulnerabilities and strengthen your security posture. Remember to align remediation efforts with your internal policies, especially to meet compliance standards like SOC 2, PCI DSS, or ISO 27001.
 
 ## Accepting the risk
 

pages/penetration-testing/pci-dss.mdx

@@ -1,10 +1,10 @@
 # PCI DSS Penetration Test
 
-If you engaged Oneleet for a PCI-DSS penetration test, there will be a few minor differences compared to our regular penetration testing process. The primary objectives of the PCI-DSS penetration test are to:
+If you hired Oneleet for a PCI DSS penetration test, there will be a few minor differences compared to our regular penetration testing process. The primary objectives of the PCI DSS penetration test are to:
 
 - Validate that the cardholder data environment (CDE) is isolated, secure, and compliant with PCI DSS standards.
-- Ensure that the CHD is protected from unauthorized access.
-- Identify and remediate vulnerabilities that could compromise the CHD.
+- Ensure that cardholder data (CHD) is protected from unauthorized access.
+- Identify and remediate vulnerabilities that could compromise cardholder data.
 
 As a result, the following processes will be slightly different:
 

pages/penetration-testing/process-overview.mdx

@@ -23,15 +23,15 @@
 
 4. **Report**
 
-- The discovered vulnerabilities will be uploaded on Oneleet’s platform.
-- Once the engagement finishes, an internal team will revise the Penetration Test Report which shall be available within 2 to 3 business days.
+- All discovered vulnerabilities will be uploaded on Oneleet’s platform.
+- After the engagement concludes, our internal team will revise the Penetration Test Report, which will be made available within 2 to 3 business days.
 - The final Penetration Test Report will include an executive summary, risk ratings, detailed findings, and recommendations.
 
 5. **Remediate**
 
 - If necessary, you can remediate the vulnerabilities, and our penetration tester will retest the system within a couple of days.
 - At this stage, you also have the option to accept the risk or reject the vulnerability.
-- Once all the findings have been addressed, an updated report will reflect the new state of each finding.
+- Once all findings have been addressed, an updated report will reflect the new state of each finding.
 
 6. **Evaluate**
 

pages/penetration-testing/ptaas.mdx

@@ -2,19 +2,19 @@
 
 ## About Us
 
-Oneleet is a United States-based cybersecurity company, established and ran by experienced penetration testers. The company offers flexible penetration testing options and a comprehensive platform for managing and addressing security vulnerabilities. Its interface facilitates the tracking and remediation of security findings, ensuring that organizations maintain robust and current defenses. Oneleet provides both expert testing services and a management system to facilitate the maintenance and enhancement of security posture. The company has received backing from venture capital firms such as Y Combinator positioning itself as a key competitor that prioritizes support, effectiveness, and communication. Oneleet serves a diverse clientele, ranging from enterprises to early-stage startups.
+Oneleet is a U.S.-based cybersecurity company founded and run by experienced penetration testers. We offer flexible penetration testing options and a comprehensive platform to manage and address security vulnerabilities, helping your organization build and maintain a strong security posture. Backed by venture capital firms like Y Combinator, Oneleet combines expert testing services with an intuitive management system, serving clients ranging from enterprises to early-stage startups. With a focus on support, effectiveness, and communication, Oneleet has established itself as a leading provider in the cybersecurity and compliance space.
 
 ## Our Penetration Testing Goal
 
 > Identifying vulnerabilities to reduce risk. Simulating real world attacks on your applications, systems and networks.
 > 
 
-The primary objective of a penetration testing at Oneleet is to identify vulnerabilities before malicious actors exploit them, thereby fortifying your security program. We are excited to collaborate with you in your commitment to uncovering vulnerabilities and implementing robust protection measures.
+The primary goal of penetration testing at Oneleet is to uncover vulnerabilities before they can be exploited by malicious actors. We look forward to partnering with you to identify risks and implement effective protection measures.
 
 ## Services
 
-Oneleet offers expertly conducted Penetration Testing services by our team of highly qualified professionals from NATO countries. They hold advanced certifications like OSCE. Our team’s expertise encompasses network penetration (wired and wireless), web and mobile application security, social engineering, and code reviews. This extensive skill set enables them to identify vulnerabilities across various systems and technologies.
+Oneleet provides expertly conducted penetration testing services, delivered by a team of highly qualified professionals from NATO countries. Our experts hold advanced certifications such as OSCP, OSCE, and OSWE, attesting to their high level of technical competance. Their expertise spans network penetration (wired and wireless), web and mobile application security, social engineering, and code reviews. This diverse skill set allows them to identify vulnerabilities across a wide range of systems and technologies.
 
-We provide flexible retesting options as part of our standard penetration testing package and offer a comprehensive platform for managing vulnerabilities.
+We offer flexible retesting options as part of our standard penetration testing package, along with a comprehensive platform for managing vulnerabilities.
 
-At Oneleet, we frequently conduct penetration tests to meet compliance requirements for frameworks like SOC 2, ISO 27001, PCI, HIPAA and more.
+At Oneleet, we frequently conduct penetration tests to help organizations meet compliance requirements for frameworks like SOC 2, ISO 27001, PCI DSS, HIPAA, and more.