Tjakrabirawa ID - Cyber Security Solution

Frequently Asked Questions

Take a look at our FAQs to learn more

Cybersecurity Services.

The Tjakrabirawa team is CEH, OSCP, and CHSI certified, with experience across various industries.

Fill in web, mobile, and infrastructure-related information in the scoping document.

The price is based on the information provided in the scoping document.

Send details of your company's needs via email, and the admin will respond with the document. You can send it back to the same email.

Penetration Testing (Pentest) focuses on identifying vulnerabilities by exploiting them, simulating a cyber attack. DevSecOps integrates security from the development stage, ensuring proactive security measures are embedded throughout the software creation process rather than just at the end.

Generally, the process includes:

Kick-off & understanding of needs
Current system assessment
Formulation of recommendations & strategies
Solution Presentation
Implementation assistance (optional)

Yes, both options are available. We are flexible according to the client's preferences and policies.

The duration depends on the scope of the system being tested.

All of our services are covered by insurance, and our offer already includes it.

Via email and WhatsApp.

VAPT stands for Vulnerability Assessment and Penetration Testing. These are two distinct yet complementary approaches to identifying, evaluating, and testing security gaps in IT systems, applications, or network infrastructure.

VAPT helps identify and close security gaps before they are exploited by malicious actors. This is essential for maintaining data integrity, customer trust, and compliance with security standards.

Vulnerability Scanning
Manual & Automated Penetration Testing
Web & Mobile Application Testing
Network Infrastructure Testing
Wireless & IoT Device Testing
Social Engineering (optional)
Detailed reports and mitigation recommendations

Vulnerability Assessment focuses on identifying potential security gaps.
Penetration Testing tries to actively exploit these gaps to assess the true level of risk. We combine both approaches to provide a comprehensive overview.

We follow international standards such as:

OWASP Top 10
PTES (Penetration Testing Execution Standard)
NIST SP 800-115
OSSTMM (Open Source Security Testing Methodology Manual)

The duration depends on the scope of the system being tested.

No, we schedule the tests to avoid disrupting production and can run the tests in the staging environment if necessary.

Yes. We always ensure the confidentiality of client data and activities, providing NDAs as part of our standard procedures.

Executive summary for management
List of vulnerability findings and risk levels
Technical evidence of exploitation (if any)
Technical recommendations for mitigation
Priority of improvements based on impact

Yes, we include one free retest in our VAPT service to ensure all the identified gaps have been correctly addressed.

The price is adjusted based on complexity, the number of applications/systems tested, and the type of test (black box, grey box, white box). We provide a complete quote after the initial discussion and scoping.

Yes. We offer monthly, quarterly, or yearly VAPT plans for organizations that wish to perform regular testing through DevSecOps as a service.

DevSecOps as a Service is an integrated service that embeds security into software development and operations processes. We assist organizations in building and running CI/CD pipelines that are secure, automated, and industry-standardized.

DevSecOps ensures that security is embedded throughout the development process, preventing security gaps, speeding up software releases, and improving system reliability—all while maintaining the productivity of the development team.

Secure CI/CD pipeline implementations (Jenkins, GitLab CI, GitHub Actions, etc.)
Static & Dynamic Code Analysis (SAST, DAST) Integration
Secrets management and secure configuration (HashiCorp Vault, AWS Secrets Manager)
Container security & image scanning (Trivy, Aqua, Anchore)
Infrastructure as Code (IaC) scanning (Terraform, Ansible, CloudFormation)
Real-time security monitoring and alerting
Compliance automation (ISO 27001, PCI-DSS, HIPAA, etc.)

Yes, we can integrate the service into your existing DevOps ecosystem.

The process generally consists of:

Initial assessment and needs mapping
DevSecOps pipeline design and architecture
Implementation and integration of tools
Internal team training
Continuous monitoring & technical support

We offer two models:

Full-managed: We manage your entire pipeline and security system.
Advisory/Consultative: We help build the framework, and the client manages the implementation.

Pricing is adjusted based on pipeline complexity, the number of repositories/projects, cloud environment, and the collaborative model (managed/advisory). Estimates are given after the discovery session.

Yes. We provide 24/7 support and ongoing monitoring services as per the agreed SLA.

CI/CD: GitLab CI, GitHub Actions, Jenkins
SAST: SonarQube, Checkmarx, CodeQL
DAST: OWASP ZAP, Burp Suite
Container Security: Trivy, Clair, Aqua Security
IaC Scanning: Checkov, tfsec, KICS
Secrets Management: Vault, AWS Secrets Manager
Monitoring: Prometheus, Grafana, ELK, Sentry

Solutions

Product

Cyber News

About Us

Cyber Attack Hotline

Frequently Asked Questions

Take a look at our FAQs to learn more

Cybersecurity Services.

The Tjakrabirawa team is CEH, OSCP, and CHSI certified, with experience across various industries.

Fill in web, mobile, and infrastructure-related information in the scoping document.

The price is based on the information provided in the scoping document.

Send details of your company's needs via email, and the admin will respond with the document. You can send it back to the same email.

Generally, the process includes:

Kick-off & understanding of needs
Current system assessment
Formulation of recommendations & strategies
Solution Presentation
Implementation assistance (optional)

Yes, both options are available. We are flexible according to the client's preferences and policies.

The duration depends on the scope of the system being tested.

All of our services are covered by insurance, and our offer already includes it.

Via email and WhatsApp.

VAPT helps identify and close security gaps before they are exploited by malicious actors. This is essential for maintaining data integrity, customer trust, and compliance with security standards.

Vulnerability Scanning
Manual & Automated Penetration Testing
Web & Mobile Application Testing
Network Infrastructure Testing
Wireless & IoT Device Testing
Social Engineering (optional)
Detailed reports and mitigation recommendations

Vulnerability Assessment focuses on identifying potential security gaps.
Penetration Testing tries to actively exploit these gaps to assess the true level of risk. We combine both approaches to provide a comprehensive overview.

We follow international standards such as:

OWASP Top 10
PTES (Penetration Testing Execution Standard)
NIST SP 800-115
OSSTMM (Open Source Security Testing Methodology Manual)

The duration depends on the scope of the system being tested.

No, we schedule the tests to avoid disrupting production and can run the tests in the staging environment if necessary.

Yes. We always ensure the confidentiality of client data and activities, providing NDAs as part of our standard procedures.

Executive summary for management
List of vulnerability findings and risk levels
Technical evidence of exploitation (if any)
Technical recommendations for mitigation
Priority of improvements based on impact

Yes, we include one free retest in our VAPT service to ensure all the identified gaps have been correctly addressed.

Yes. We offer monthly, quarterly, or yearly VAPT plans for organizations that wish to perform regular testing through DevSecOps as a service.

Secure CI/CD pipeline implementations (Jenkins, GitLab CI, GitHub Actions, etc.)
Static & Dynamic Code Analysis (SAST, DAST) Integration
Secrets management and secure configuration (HashiCorp Vault, AWS Secrets Manager)
Container security & image scanning (Trivy, Aqua, Anchore)
Infrastructure as Code (IaC) scanning (Terraform, Ansible, CloudFormation)
Real-time security monitoring and alerting
Compliance automation (ISO 27001, PCI-DSS, HIPAA, etc.)

Yes, we can integrate the service into your existing DevOps ecosystem.

The process generally consists of:

Initial assessment and needs mapping
DevSecOps pipeline design and architecture
Implementation and integration of tools
Internal team training
Continuous monitoring & technical support

We offer two models:

Full-managed: We manage your entire pipeline and security system.
Advisory/Consultative: We help build the framework, and the client manages the implementation.

Yes. We provide 24/7 support and ongoing monitoring services as per the agreed SLA.

CI/CD: GitLab CI, GitHub Actions, Jenkins
SAST: SonarQube, Checkmarx, CodeQL
DAST: OWASP ZAP, Burp Suite
Container Security: Trivy, Clair, Aqua Security
IaC Scanning: Checkov, tfsec, KICS
Secrets Management: Vault, AWS Secrets Manager
Monitoring: Prometheus, Grafana, ELK, Sentry

For customer service, please email us support@tjakrabirawa.id

Solutions

Audit & Compliance VAPT DevSecOps

Support

Blog News FAQ Privacy Policy Terms of Service

Solutions

Product

Cyber News

About Us

Frequently Asked Questions

What is the company's main focus?

Is the team of PT Tjakrabirawa Teknologi Indonesia certified or experienced?

Is the team of PT Tjakrabirawa Teknologi Indonesia certified or experienced?

What are the requirements before implementing VAPT?

What are the requirements before implementing VAPT?

How to determine the price of the VAPT service?

How to determine the price of the VAPT service?

How do I request and submit the scoping document?

How do I request and submit the scoping document?

What is the difference between pentest and devsecops?

What is the difference between pentest and devsecops?

How is the consultation process conducted?

How is the consultation process conducted?

Can the consultation be done onsite or remotely?

Can the consultation be done onsite or remotely?

How long does the consultation take?

How long does the consultation take?

Is there any guarantee or insurance if the service is not suitable?

Is there any guarantee or insurance if the service is not suitable?

How do I contact Customer Service or Admin at Tjakrabirawa?

How do I contact Customer Service or Admin at Tjakrabirawa?

What is VAPT?

What is VAPT?

Why does my company need VAPT?

Why does my company need VAPT?

What is included in PT Tjakrabirawa Teknologi Indonesia's VAPT service?

What is included in PT Tjakrabirawa Teknologi Indonesia's VAPT service?

What is the difference between Vulnerability Assessment and Penetration Testing?

What is the difference between Vulnerability Assessment and Penetration Testing?

What methodology does PT Tjakrabirawa Teknologi Indonesia use in VAPT?

What methodology does PT Tjakrabirawa Teknologi Indonesia use in VAPT?

How long does VAPT take?

How long does VAPT take?

Will the VAPT process interfere with the operation of my system?

Will the VAPT process interfere with the operation of my system?

Do you provide an NDA (Non-Disclosure Agreement)?

Do you provide an NDA (Non-Disclosure Agreement)?

What is included in the VAPT report?

What is included in the VAPT report?

Do you provide retesting after repairs?

Do you provide retesting after repairs?

What is your VAPT pricing system?

What is your VAPT pricing system?

Are there any subscription plans or periodic assessments available?

Are there any subscription plans or periodic assessments available?

What is DevSecOps as a Service?

What is DevSecOps as a Service?

Why does my organization need DevSecOps?

Why does my organization need DevSecOps?

What is included in your DevSecOps as a Service?

What is included in your DevSecOps as a Service?

Can I use the tools that my company already uses?

Can I use the tools that my company already uses?

How does DevSecOps as a Service work?

How does DevSecOps as a Service work?

Is the service full-managed or just a consultation?

Is the service full-managed or just a consultation?

What is the pricing system for this service?

What is the pricing system for this service?

Is there any post-implementation support?

Is there any post-implementation support?

What tools do you use in DevSecOps?

What tools do you use in DevSecOps?

Solutions

Product

Cyber News

About Us

Frequently Asked Questions

What is the company's main focus?

Is the team of PT Tjakrabirawa Teknologi Indonesia certified or experienced?

Is the team of PT Tjakrabirawa Teknologi Indonesia certified or experienced?

What are the requirements before implementing VAPT?

What are the requirements before implementing VAPT?

How to determine the price of the VAPT service?

How to determine the price of the VAPT service?