Loading...
Loading...
Browse our services, roles, and resources at a glance.
To choose a cybersecurity company in India, verify certifications and any CERT-In empanelment, confirm the testing methodology (manual vs automated) and sample report quality, check references in your sector, confirm data-handling and confidentiality terms, agree scope and retest in writing, start with a focused assessment, and confirm incident-response and remediation support. Credible firms share methodology and a sample report up front.
Confirm the firm and its testers hold relevant certifications (e.g. OSCP, CEH, ISO 27001 lead-auditor) and, where required, CERT-In empanelment. Ask which standards they test against — PCI-DSS, ISO 27001, SOC 2, HIPAA. AB7 runs compliance-aligned testing from its Mohali Phase 8B hub.
Ask whether testing is automated, manual, or both, and request a redacted sample report. Manual penetration testing finds what scanners miss; a one-page automated scan dressed up as a 'pentest' is a red flag. Reports should include reproduction steps and remediation guidance.
Speak to a reference in your industry — fintech, healthcare, SaaS — since regulatory context matters. Ask what was found and how remediation support went.
Require an NDA, defined handling of findings and credentials, and secure delivery of the report. Vulnerability data is sensitive; confirm who can access it and how it is stored.
Define assets in scope (web, mobile, network, cloud), test depth (black/grey/white-box), and whether a retest after remediation is included. Web-app VAPT in India runs ₹40,000–₹2,00,000 ($470–$2,350) for a single scan; compliance-grade manual work costs more. Get it itemised.
Begin with one high-priority asset or a single VAPT rather than a broad managed contract, to test report quality and communication. AB7 scopes VAPT per asset so a first engagement is contained.
Ask whether remediation guidance, a retest and incident-response support are included or extra. Strong vendors stay engaged through fixes, not just the report. AB7 includes a remediation-guidance readout and offers an ongoing SOC layer.
Verify certifications and any CERT-In empanelment, confirm manual-vs-automated methodology and request a sample report, check sector references, lock down confidentiality, agree scope and retest in writing, start with a focused assessment, and confirm remediation support. AB7 shares methodology and scopes VAPT per asset from its Mohali hub.
Many do, and it matters for India-regulated workloads and certain compliance audits. Ask directly and confirm which testers are credentialed. Beyond CERT-In, check for OSCP/CEH-certified testers and ISO 27001 practices. AB7 runs compliance-aligned testing and states credentials on request.
Common credentials include OSCP, CEH, CISSP and ISO 27001 lead-auditor, plus organisational ISO 27001 and SOC 2 practices and, where relevant, CERT-In empanelment. Ask which apply to the people actually testing your systems, not just the company.
Confirm certifications and a real office, request a redacted sample report, call a sector reference, and start with one focused VAPT before a managed contract. AB7 scopes a first engagement per asset so report quality and communication can be judged at low cost.
Require an NDA, defined handling of findings and credentials, secure report delivery, and clear access controls. Vulnerability data is sensitive, so confirm storage and access up front. AB7 handles findings under NDA with access controls from its Mohali hub.
Want to put AB7 through this checklist? Ask anything at +1-321-341-7733 (US) or +91-98780-67778 (India), email director@ab7solutions.com, or book a 30-minute call.