2NS provides regular, continuous security testing for Cyberday software. Security testing of rapidly evolving SaaS software supports the commercialization of the product and builds the development team’s security expertise. Cyberday is a software focused on information security management and compliance management. It offers a tool for security governance that turns compliance frameworks into concrete tasks on the path to compliance and supports ongoing maintenance.
From individual security tests to continuous testing
According to Cyberday’s COO and co-founder Aleksi Pulkkanen, continuously tested security provides a strong foundation for software sales. Buyers are increasingly security-conscious, and SaaS vendors must be able to demonstrate their security level through various certifications. Security is therefore no longer just a customer requirement — it is a prerequisite for any SaaS vendor.
The partnership between 2NS and Cyberday for continuous testing began with individual testing projects. As Cyberday gained greater traction and the pace of development increased, discussions began about whether a continuous testing model would be a better fit. Active communication about security is important to Cyberday. The software’s target audience among purchasing decision-makers often includes people responsible for security, risk management, or IT. As a result, the ability to openly state — for example in a Trust Center — that the software is security-tested by an external professional supports sales and gives customers confidence in using it.
The software is currently tested every three months, and a broader annual penetration test is also conducted on the entire application, providing an in-depth review of the application’s overall security posture. According to Aleksi, the scope of the application has expanded continuously. Cyberday has been built out to support a wider range of frameworks, and additional features to improve usability have been developed. For example, in autumn 2025, as part of the collaboration between 2NS and Cyberday, the security of an AI assistant added to the software was tested.
Communication works with 2NS
When it comes to working with 2NS, Aleksi is satisfied with how communication flows between Cyberday’s development team and 2NS’s tester. “We always receive valuable feedback and insights from the tests that help advance our application development. Communication has consistently been high quality and active on both sides” he summarizes. Aleksi considers testing carried out by a security professional to be an educational experience for the entire development team. “Genuine attack testing is important to us, as it reveals how a potential attacker would approach our software and how security works in practice. This kind of insight cannot be gained by relying solely on tool-based solutions,” Aleksi concludes. Testing gives the team, in his view, a genuine understanding of what security risks actually exist or could exist in the application. At the same time, evidence of extensive and regular testing helps meet the stringent security requirements set by even the largest customers.
Would you like to hear more about our services?