Some corporate clients are asking for pentest results from "a reputable pentest organization". Anyone on this thread have advice as to how I can satisfy them without breaking my startup bank?
You can try bugcrowd, they won't qualify for "a reputable pentest organization" yet, but they will get stuff done and you can then argue that you had few hundreds hacker attacking your app.
Maybe you can talk to one of this "reputable pentest organization" and get them to drop the price if they can blog or use your startup as a show case for other potential clients. Pentest companies have a hard time advertising their services (it's "lemon market"), so everyone could win in that deal.
Do you want a serious pentest (i.e. really looking for vulnerabilities) or do you want a pentest that will get you certification so you can sell clients ?
