It all started two years ago. We met without without knowing that we were facing a new challenge that would have originated EasyAudit.
Yes we were a small group of researchers, working for about 10 years in the field of computer security, but mostly friends, with the desire to share their skills in order to work better and better.
The basic idea was to create a software that can streamline repetitive parts of our work to dedicate ourselves more to solve those intellectual challenges that allow us to live our work as a passion.
Share tools and information is the cornerstone of innovative environments, as happens in scientific research and the “Hacker” culture, the real one, made up of curious and enterprising people, with a strong sense of ethics, as opposed to how often wrongly trivialized by Media.
Having performed hundreds of Penetration Test (and Risk/Security Audits in general) for major national and international companies, I had at my disposal a veritable arsenal of attack tools, and so others. These tools were implementing flows and advanced techniques that no software on the market offered.
Than we began to rewrite our code to be uniform, integrated, comprehensive, resistant to errors and automated as possible.
We were able to apply industry’s concepts to our profession: making a replicable production process up to now craftsmanship. Repetitive tasks were now fast, and most handled by the software. The writing of the report, optimized.
In the month of December 2012, for the first time, EasyAudit had been used to completely carry out the automatic part of an extensive Network Penetration Testing for a connectivity operator. The quality of the result was great, we were thrilled.
The report was in certain areas better than what could be achieved by hand, using our proven template.
We could change the way we work: The tester would be dedicated to the vulnerabilities that no software could identify, supported by a solid framework and a comprehensive list of vulnerabilities detected by dozens of different instruments. His work would be merged into a vulnerability database with self-learning abilities, totally reusable and with support for multiple languages. Results already formatted in a report in which to add those irreplaceable assessments of professional competence, an added value.
We had produced, in part, a dream.
We could not stop and then in February 2013 we formed a company and studied the business model EasyAudit:
- An innovative service because it innovates the process, which was the least efficient.
- Easy (non-technical), because the customer only has to specify which IP addresses or Web sites to verify.
- Accessible to everyone both for the modes of delivery and for the price .
- With a target audience of users ranging from Startups to SMEs, PA, to large companies who want to maximize the results of their spending in computer security.
- Reliable, unlike many fully automatic solutions that will never find that putting a “-1 ” in the quantity of an item in the cart also changes the total to a negative number.
- Baseline, something that all companies that do business on the Internet should have. High quality, given that the technology used is the best available today.
- Qualifying, because it offers the opportunity to follow a path of certification of the security status, and show the commitment to customers and users through the EasyAudit Checked trustmark.
How did we get here is not a mystery, the last year of work was extremely intense and involved energies and emotions that only a group of enthusiasts can have. What really fascinates us and makes us eager is to see where we’ll get next.
– Francesco Ongaro
CEO, SRL ISGroup