Security assessment and audit
Spend 10 minutes, for free, to check the extent to which your company complies with ISO 27001, and also how much time you need to achieve full compliance and certification.
FREE Scan
Automated black-box website security assessment. Prompt result. Different scan modes, depth, and quality. Choose free-of-charge on-demand testing or cheap subscription to 24/7 monitoring. Learn more.
Licensed Scan *
Manual vulnerability scanning of websites and networks with commercial scanners: Acunetix, BurpSuite Pro, Qualys, Nexpose. Limited reporting: the summary and raw scanner reports. The minimum order includes a simple website or service (up to 20 pages and 2 forms), or 16 IP addresses, takes 2 to 3 days and is $15 per IP address for the networks (Qualys + Nexpose) or $180 per website or service (Acunetix + BurpSuite Pro). Details.
Pentest and Red Team *
Manual and automated security assessment of websites, networks, applications, etc. Optional DoS/DDoS, social engineering tests, Red Team, reverse engineering, zero-day research, security review of source code of applications. Risk assessment, remediation recommendations, and reporting. Vulnerability mitigation assistance and retest after mitigation. Express Pentest is from $150 per IP address or $1500 per simple website or service (up to 20 pages and 2 forms). Details.* Subscribe for 12 months and get 4 quarterly security assessments with a 10% discount.
Learn more about the pentest process and results.
Compare Service Details
| Scope and parameters | Free Scan | Licensed Scan * | Express Pentest * | Full Pentest * |
|---|---|---|---|---|
| Analysis of websites, web apps | 
|
20 pages
|
20 pages
|
|
| Analysis of networks | - | 16 hosts
|
16 hosts
|
|
| Analysis of desktop or mobile applications | - | - | - |
|
| Black box mode |
|
|
|
|
| Gray box mode | - | - | limited (1 user role)
|
optional
|
| White box mode (incl. code review) | - | - | - | optional
|
| OWASP top 10 tests | partial | partial |
|
|
| SANS top 25 tests | partial | partial | partial |
|
| OWASP ASVS and SAMM assurance | - | - | - | optional
|
| Open-source tools | H-X scanner
|
on demand |
|
|
| Commercial tools (Qualys, Acunetix, Nexpose, Burp Suite Pro, etc.) | - |
|
|
|
| Cyber hooligan / script-kiddie attacker model | - |
|
|
|
| Purposeful professional attacker model | - | - | - |
|
| Automated search |
|
|
|
|
| Manual search | - | - | 8 man-hours
|
|
| DoS/ |
only DoS (non-volumetric) | only DoS (non-volumetric) | only DoS (non-volumetric) | optional
|
| Social engineering tests | - | - | - | optional
|
| Covert tests, Red Team and Blue Team exercises | - | - | - | optional
|
| Reverse engineering and 0-day vulnerability research | - | - | - | optional
|
| Vulnerability verification | - | - |
|
|
| Vulnerability exploitation | - | - | limited (public exploits) |
|
| Project planning | - | - | templated
|
customized
|
| Risk assessment | standard
|
standard
|
templated
|
customized
|
| Remediation action plan | standard
|
standard
|
templated
|
customized
|
| Report | templated
|
templated
|
templated
|
customized
|
| Compliance (PCI DSS, SOX, HIPAA, etc.) |
|
|
|
|
| Vulnerability mitigation assistance | on demand | on demand | on demand | optional
|
| Retest after mitigation | on request | on request | on demand | included
|
| Ready to start | immediately, round-clock | 1 to 2 days | 2 to 4 days | 1 week |
| Duration | Scan: 5 min - 2+ hours. Monitor: continuously |
2 to 3 days | 6 days | 2 to 5 weeks |
| Price | Scan: free. Monitor: 54 $ per month |
15 USD per IP address. 180 USD per website |
150 USD per IP address. 1500 USD per website |
Individual |
* Subscribe for 12 months and get 4 quarterly security assessments with a 10% discount.
How we work and what you get
The workflow of a typical security audit or pen test is the following:
Confidentiality →
We sign a Non-Disclosure Agreement and commit to confidentiality.
Clarification →
You answer our questions about the conditions and environment to help us define your requirements and expectations.
Engagement →
We analyze your source data and develop the Rules of Engagement (RoE) and the Project plan.
Approval →
We send you a detailed Commercial Offer, including Statement of Works, Specification (Rules of Engagement) and Project plan. Those documents define all the specific conditions and parameters of the audit or penetration test. After you accept our offer and approve the documents, then we can sign the Service Agreement.
Fieldworks →
The passive pentest phase begins with Open-Source Intelligence (OSINT). The active pentest phase includes interviews with your personnel, vulnerability identification, verification, exploitation, and evidence collection. Then we assess the risks of each vulnerability that we found and develop recommendations for vulnerability mitigation and continuous improvement.
Report
The Security Assessment Report describes the findings and what should be done to improve your security. We consult you on vulnerability mitigation and perform a retest on demand. The project is completed.
Security Assessment Report includes all project deliverables.
A simple report structure is described below. Depending on the audit or pen testing requirements, conditions, restrictions, and parameters, the report can include additional sections.
- Executive summary.
- Planning and methodology.
- Security assessment results:
- Identified non-compliances with security standards and best practices.
- Identified vulnerabilities and the means of exploitation.
- Details and evidence (logs, dumps, screenshots, etc.).
- Risk assessment.
- Recommended security measures, grouped and prioritized.
Click the button below to request a quote for a security audit, pentest or assessment of your organization, network, website or application.
Go top to the selection of security assessment type.
Who we are, what we do, and what we offer.
