Our Services

SWARM | Critical
Know and fix critical vulnerabilities for your web or mobile applications before they are exploited.

Get Alerted

We continuously test your application and alert you when we detect a vulnerability with the following critical impact:
Data theft: Steal data of high value.

Privacy loss: Access confidential customer data without interaction of the victim(s).

Integrity breach: Manipulate data of multiple users or administrators, gain shell access to a server or execute server-side code at will.

Malware delivery: Deliver malware to visitors or distribute unauthorized files.

DDoS delivery: Deliver Distributed Denial of Service (DDoS) attacks.

Target third party: Target other third parties for malicious attacks.

Transaction compromise: Manipulate transactions.

Encryption key breach: Access data encryption keys.

FAQ

Frequently Asked Questions

Who should use this service?

For customers that are already performing penetration testing and vulnerability assessments on a regular basis, this service provides an added layer of proactive detection. We notify customers if a vulnerability that can result in catastrophic impact is discovered by the Swarm.

Can I monitor more than one web or mobile app?

Yes, you can. Customers can include any number of web or mobile applications under the subscribed service.

Can I customize the List of critical impact?

Yes, you can. If there are vulnerabilities that are of critical importance to your business, you can request that they be added. Similarly, you can remove those that are of no interest to you.

Can I reject a submitted vulnerability?

Yes, you can. But only if the vulnerability proves to be a false positive or does not meet the critical impact criteria. Unfortunately, we can’t accept reasons like you are already aware of the vulnerability. Our team will work with you in situations where there’s a report dispute.

How do you alert me of critical vulnerabilities?

We send an alert with the encrypted vulnerability report to the registered primary and secondary email address. For customers on the Per Alert service, we will send you the summary vulnerability report, and will release the full detailed report upon receipt of your payment.

How long do you retain the vulnerability data?

We delete the vulnerability data once the customer has acknowledged and accepted the vulnerability report.

How fast must I respond?

Customers must accept or reject the vulnerability report in 48 hours (business days) or the report will automatically be considered accepted.

When do I pay?

For customers on the Basic or Premier Package, payment should be made upfront before we activate the service. For customers on the Per Alert service, we will send an invoice together with the summary vulnerability report and you have 48 hours (business days) to make payment upon receipt of our invoice. If payment is not received, our team will work with you to resolve the issue. In situations where the payment issue cannot be resolved, your service will be cancelled and the vulnerability data will be deleted.