Skip to content
TRY NOW
SIGN IN

info@pentestbx.com

+90 850 420 36 50

PentestBX — Security Architecture & Deployment Overview

Technical summary of security, deployment methods, and data management

1. Introduction

This document explains the security architecture, deployment methods, and data management processes of the PentestBX application in a technical yet understandable way. Its purpose is to demonstrate to our customers the reliability of the application, the strength of its data isolation, and its compliance with industry standards.

2. Reliability & Validity

Scanning Engine Standards

  • Vulnerability rules aligned with CVE and OWASP databases are used.
  • The scanning engine operates on the appliance with the same methodology, and the results are fully repeatable.

Data Integrity

  • All scan logs are signed with SHA-256.
  • Data is encrypted with AES-2048, whether stored on the cloud or on the appliance.

Reporting

  • Data is normalized to generate comparable reports across different scans.
  • Reports guarantee the validity and reliability of the results.

● Our application produces vulnerability scanning results according to the highest standards of accuracy and repeatability. The entire scanning and reporting process is automatically logged and monitored, ensuring reliability.

● The entire scanning and reporting process is automatically logged and monitored on both the appliance and cloud sides. In this way, the reliability and accuracy of the obtained data are continuously ensured.

● In comparative tests with similar scanners, the developed system has demonstrated high accuracy and consistency, meaning that the results are both reliable and valid

3. Penetration Tests and Access

Testing Process

  • At least once a year, penetration tests are conducted by independent cybersecurity firms at both the network and application layers.
  • The tests simulate real attacker behaviors.

Access and Reporting

  • Reports are restricted to our authorized security team and, if requested, designated customer representatives.
  • Customers receive summary reports showing that vulnerabilities are resolved; sensitive details are kept internal.

4. Deployment Methods

We offer our customers two deployment options:

A. Cloud Deployment

  • Customer data is stored in separate and isolated databases.
  • Data transmission is encrypted using TLS 1.3.
  • Data at rest is protected with AES-2048 encryption.
  • RBAC (Role-Based Access Control) is enforced, and all accesses and actions are logged..

B. On-Premise Appliance

  • The appliance operates in a virtual environment within the customer’s network..
  • It connects to the cloud only via VPN and has no direct internet access..
  • Data is stored encrypted and isolated on the appliance.
  • Access control and audit logging are enforced.

Both methods apply encryption, access controls, and network isolation by default.

5. Server Locations and Commitments

Our cloud servers are hosted in ISO 27001 and SOC 2 certified data centers in Turkey and Europe.

We commit to:
  • Secure and redundant storage of data.
  • Authorized user access only.
  • Strict application and database isolation.
  • Highest level of privacy protection.
  • Network and host-level segmentation.
  • Logs and scan results stored with integrity guarantees.

6. Summary & Assurance

  • Industry-standard vulnerability scanning & data handling.
  • Security ensured through encryption, RBAC, audit logging, and network isolation.
  • Continuous security maintained via independent penetration tests and regular updates.
  • Flexible and secure customer data control through cloud or on-premise deployment options.