It all started two years ago. We met without knowing we were facing a new challenge that would give rise to EasyAudit.
We were a small group of researchers, working for about 10 years in cybersecurity, but above all friends, with the desire to share our skills so we could always work better.
The underlying idea was to create software capable of streamlining the repetitive parts of our work, so we could dedicate more time to solving the intellectual challenges that let us experience our work as a passion.
Sharing tools and information is the supporting pillar of innovative environments, as happens in scientific research and in the real «Hacker» culture - made up of curious, enterprising people with a strong ethical sense. Francesco Ongaro
Having performed hundreds of Penetration Tests for major national and international companies, I had a real attack arsenal - and so did the others. These tools implemented advanced flows and techniques that no commercial software offered.
So we began rewriting our code so that it was uniform, integrated, complete, resistant to errors and above all as automated as possible.
We were managing to apply industrial concepts to our profession: making a process that had until then been artisanal repeatable and productive. Repetitive operations were now fast and mostly performed by software. Report writing was optimized.
December 2012 - the first test
In December 2012, for the first time, EasyAudit was used to fully perform the automatic part of an extensive Network Penetration Test for a connectivity operator. The quality of the result was excellent, and we were excited.
In some areas the report was better than what could have been produced manually using our proven template.
We could change our way of working: the tester would focus on vulnerabilities that no software could identify, supported by a solid framework and an exhaustive list of issues found by dozens of tools. Their work would flow into a vulnerability database with self-learning capabilities, reusable and with support for multiple languages. The result was already formatted in a report, ready for the evaluations derived from irreplaceable professional competence - an additional value.
We had partly realized a dream.
February 2013 - the company is founded
We could not stop, so in February 2013 we incorporated a company and studied the EasyAudit business model:
The business model in 7 points
- ✓Innovative because it innovates the process, which was the least efficient part.
- ✓Easy (non-technical), because the customer only needs to specify which IP addresses or websites should be checked.
- ✓Within everyone's reach, both in delivery model and in price.
- ✓Broad target: from startups to SMEs, public administration and large companies that want to optimize the results of their cybersecurity spending.
- ✓Reliable, unlike many fully automatic solutions that will never discover that entering «-1» as the quantity of an item in the cart also makes the total negative.
- ✓Essential: something every company doing business on the Internet should have. High quality, because the technology used is the best available today.
- ✓Qualifying, because it offers the possibility to follow a certification path for your security status and show your commitment to customers and users through the EasyAudit Checked seal.
How we got here is no mystery: the last year of work has been extremely intense and involved energies and emotions that only a group of passionate people can have. What truly fascinates us and makes us impatient is seeing where we will go.