Technical Testing
Too Technical?
Let us worry about it!
Securing your applications is vital in today’s digital world. While regular vulnerability scanning helps you identify potential weaknesses and stay ahead of common risks, penetration testing goes a step further by simulating real-world attacks to uncover deeper structural issues before hackers can exploit them.
Our web application scans combine advanced technology with expert manual review to assess your website or application for known security risks, including OWASP Top 10 vulnerabilities, and deliver a detailed report with actionable findings.
Our penetration testing services follow industry-standard methodologies (like PTES) and leverage the skills of ethical hackers to mimic real attacker behaviour. This approach not only identifies vulnerabilities but also shows how an attacker could exploit them, providing deeper insights into your security posture.
Whether you’re looking for ongoing protection through scans or a comprehensive assessment via a penetration test (or both), we can help. Not sure what's best, feel free to talk to us.
Web Application Scans
Regularly checking for vulnerabilities is essential to keep your (web) applications safe and reliable, giving you and your customers peace of mind. Each scan is carefully prepared and analysed by our cybersecurity professionals, who provide a clear report that helps you fix any gaps.
Not sure yet? Start with a single scan to understand your current risk level.
- Choose a single scan or keep your (web) application secure with regular checks.
- We can get started within 5 working days.
- Combine monthly or weekly scans with a penetration test and get 50% off the scans. Interested?
- With at least monthly scans and a clean result, you can display our Secure Logo on your website. Read more >
- Each licence for periodic scans is valid for 1 year and covers 1 URL.
- Licences are automatically renewed for another 12 months at the end of the term.
- Our notice period is 1 month before the end of the licence.
Our team combines expert insight with advanced scanning to identify and prioritise vulnerabilities in your web application. We carefully analyse every finding and deliver a clear, actionable report so you know exactly what to fix.
- Preparation: To get the most accurate results, we make sure all important pages of your (web) application are tested. We create login scripts for customer account pages and configure the scanner to skip unnecessary checks on similar pages.
- Crawl phase: Crawl scans are conducted for thorough preparation, with results meticulously analysed to ensure the scanner is correctly set up.
- Scan phase: The scanner tests close to 4000 issues, including common vulnerabilities from the OWASP Top 10, such as SQL injection and cross-site scripting (XSS).
- Risk prioritisation: Each vulnerability is assigned a risk level (high, medium, low), based on its potential impact on your application and how likely they are to be exploited.
- False positive identification: We review and verify automated findings to reduce false positives and ensure accurate results.
- Report generation: Our comprehensive report lists all identified vulnerabilities along with their risk levels, giving you clear guidance on what to address.
- Support: Our team is happy to guide you through reproducing vulnerabilities and help you understand how to fix them effectively.
Our single scan for only 199 euro includes the following:
- 1 scan on 1 URL.
- Encrypted PDF report
- Support for high risks only
- Rescan after solving high risks + 150 euro
Our Basic licence for 599 euro per year includes the following:
- Quarterly scans on 1 URL
- Encrypted PDF report
- Support for high risks only
- Rescan after solving high risks + 150 euro
Our Bronze Lite licence for 899 euro per year includes the following:
- Bi-monthly scan on 1 URL
- Choice between encrypted PDF or HTML report
- Support for high risks only
- Unlimited rescans after solving high risks
Our Bronze licence for 1399 euro per year includes the following:
- Monthly scan on 1 URL
- Choice between encrypted PDF or HTML report
- Support for high risks only
- Unlimited rescans after solving high risks
- Our secure logo on your site
Our Silver licence for 1999 euro per year includes the following:
- Weekly scan on 1 URL
- Choice between encrypted PDF or HTML report
- Support for all detected risks
- Unlimited rescans after solving high risks only
- Our secure logo on your site
Our Gold licence for 7699 euro per year includes the following:
- Monthly scan on 1 URL
- 5-Day penetration test
- Choice between encrypted PDF or HTML report
- Support for all detected risks
- Unlimited rescans after solving high risks only
- Our secure logo on your site
- Choose a single scan or keep your (web) application secure with regular checks.
- We can get started within 5 working days.
- Combine monthly or weekly scans with a penetration test and get 50% off the scans. Interested?
- With at least monthly scans and a clean result, you can display our Secure Logo on your website. Read more >
- Each licence for periodic scans is valid for 1 year and covers 1 URL.
- Licences are automatically renewed for another 12 months at the end of the term.
- Our notice period is 1 month before the end of the licence.
Our team combines expert insight with advanced scanning to identify and prioritise vulnerabilities in your web application. We carefully analyse every finding and deliver a clear, actionable report so you know exactly what to fix.
- Preparation: To get the most accurate results, we make sure all important pages of your (web) application are tested. We create login scripts for customer account pages and configure the scanner to skip unnecessary checks on similar pages.
- Crawl phase: Crawl scans are conducted for thorough preparation, with results meticulously analysed to ensure the scanner is correctly set up.
- Scan phase: The scanner tests close to 4000 issues, including common vulnerabilities from the OWASP Top 10, such as SQL injection and cross-site scripting (XSS).
- Risk prioritisation: Each vulnerability is assigned a risk level (high, medium, low), based on its potential impact on your application and how likely they are to be exploited.
- False positive identification: We review and verify automated findings to reduce false positives and ensure accurate results.
- Report generation: Our comprehensive report lists all identified vulnerabilities along with their risk levels, giving you clear guidance on what to address.
- Support: Our team is happy to guide you through reproducing vulnerabilities and help you understand how to fix them effectively.
Our single scan for only 199 euro includes the following:
- 1 scan on 1 URL.
- Encrypted PDF report
- Support for high risks only
- Rescan after solving high risks + 150 euro
Our Basic licence for 599 euro per year includes the following:
- Quarterly scans on 1 URL
- Encrypted PDF report
- Support for high risks only
- Rescan after solving high risks + 150 euro
Our Bronze Lite licence for 899 euro per year includes the following:
- Bi-monthly scan on 1 URL
- Choice between encrypted PDF or HTML report
- Support for high risks only
- Unlimited rescans after solving high risks
Our Bronze licence for 1399 euro per year includes the following:
- Monthly scan on 1 URL
- Choice between encrypted PDF or HTML report
- Support for high risks only
- Unlimited rescans after solving high risks
- Our secure logo on your site
Our Silver licence for 1999 euro per year includes the following:
- Weekly scan on 1 URL
- Choice between encrypted PDF or HTML report
- Support for all detected risks
- Unlimited rescans after solving high risks only
- Our secure logo on your site
Our Gold licence for 7699 euro per year includes the following:
- Monthly scan on 1 URL
- 5-Day penetration test
- Choice between encrypted PDF or HTML report
- Support for all detected risks
- Unlimited rescans after solving high risks only
- Our secure logo on your site
Penetration Testing
Would you like an ethical hacker to use their skills to test you application? Whether you opt for black-box testing (no internal system knowledge), white-box testing (full internal insights), or grey-box testing (partial system knowledge), each method serves a specific purpose. Together, we determine your goals upfront to align with your security objectives.
|
|
Blackbox
|
Greybox
|
Whitebox
|
|---|---|---|---|
|
Goal
|
Mimic true cyber attack
|
Assess vulnerability to insider’s threats
|
Simulate attack where hacker gains access to priviliged account |
|
Access
|
Zero access of internal information
|
Account and some internal info available
|
Complete open access to applications and systems |
|
Test
|
Trial and error method only
|
Data domain and internal boundaries can be tested, if known |
Data domain and internal boundaries can be tested more thoroughly |
|
Time
|
Least time consuming
|
Good balance of time and depth of testing
|
Most exhaustive and time consuming
|
Our penetration test service offers in-depth assessment and evaluation of network security, (web)application vulnerabilities, and other points of exploitation. Together, we establish the goals and the scope of the test upfront to ensure the outcome aligns precisely with your security objectives. Our pentest includes:
- Network scanning: The use of automated tools to scan the target network for open ports, services, and potential vulnerabilities in network devices.
- Vulnerability identification: Cataloguing known vulnerabilities in the application, including software and configuration weaknesses.
- Assessment of patch levels: Evaluation of the status of software patches and updates to determine if systems are up to date with the latest security fixes.
- Web application scanning: Assessment of web application for common weaknesses with maximum attention for the vulnerabilities in the OWASP Top 10, such as SQL injection, and cross-site scripting (XSS).
- Manual testing: Validation and further investigation of potential vulnerabilities using human logic, in line with the Penetration Testing Execution Standard (PTES).
- Risk prioritisation: Assignment of risk levels to identified vulnerabilities based on factors such as the potential impact, likelihood of exploitation, and the context of the organisation.
- Custom report: Detailed report including a list of identified vulnerabilities, their risk levels, and recommendations for remediation.
Our one-day blackbox pentest costs 1400 euro and has a total duration of 3 days from start to report. It includes the following checks:
- Leaking of technical information
- Connection safety
- Use of standard accounts
- Password policy
Our 3-day greybox pentest costs 4500 euro and has a total duration of 7 days from start to report. It includes the following checks:
- Leaking of technical information
- Application management
- Connection safety
- Use of standard accounts
- Password policy
- Authentication requirements
- CSRF
- Cookies
- Input validation
- Output validation
Our 5-day greybox pentest costs 7000 euro and has a total duration of 14 days from start to report. It includes the following checks:
- Leaking of technical information
- Application management
- Connection safety
- Use of standard accounts
- Password policy
- Authentication requirements
- Sequencing
- Horizontal escalation
- Vertical escalation
- Session management
- CSRF
- Cookies
- Input validation
- Output validation
Our 7-day greybox pentest costs 8650 euro and has a total duration of 16 days from start to report. It includes the following checks:
- Leaking oftechnical information
- Application management
- Connection safety
- Use of standard accounts
- Password policy
- Authentication requirements
- Sequencing
- Horizontal escalation
- Vertical escalation
- Session management
- CSRF
- Cookies
- Input validation
- Output validation
- API security
Our 5-day whitebox pentest costs 7000 euro and has a total duration of 14 days from start to report. It includes the following checks:
- Leaking of technical information
- Application management
- Connection safety
- Use of standard accounts
- Password policy
- Authentication requirements
- Sequencing
- Horizontal escalation
- Vertical escalation
- Session management
- CSRF
- Cookies
- Input validation
- Output validation
|
|
Blackbox
|
Greybox
|
Whitebox
|
|---|---|---|---|
|
Goal
|
Mimic true cyber attack
|
Assess vulnerability to insider’s threats
|
Simulate attack where hacker gains access to priviliged account |
|
Access
|
Zero access of internal information
|
Account and some internal info available
|
Complete open access to applications and systems |
|
Test
|
Trial and error method only
|
Data domain and internal boundaries can be tested, if known |
Data domain and internal boundaries can be tested more thoroughly |
|
Time
|
Least time consuming
|
Good balance of time and depth of testing
|
Most exhaustive and time consuming
|
Our penetration test service offers in-depth assessment and evaluation of network security, (web)application vulnerabilities, and other points of exploitation. Together, we establish the goals and the scope of the test upfront to ensure the outcome aligns precisely with your security objectives. Our pentest includes:
- Network scanning: The use of automated tools to scan the target network for open ports, services, and potential vulnerabilities in network devices.
- Vulnerability identification: Cataloguing known vulnerabilities in the application, including software and configuration weaknesses.
- Assessment of patch levels: Evaluation of the status of software patches and updates to determine if systems are up to date with the latest security fixes.
- Web application scanning: Assessment of web application for common weaknesses with maximum attention for the vulnerabilities in the OWASP Top 10, such as SQL injection, and cross-site scripting (XSS).
- Manual testing: Validation and further investigation of potential vulnerabilities using human logic, in line with the Penetration Testing Execution Standard (PTES).
- Risk prioritisation: Assignment of risk levels to identified vulnerabilities based on factors such as the potential impact, likelihood of exploitation, and the context of the organisation.
- Custom report: Detailed report including a list of identified vulnerabilities, their risk levels, and recommendations for remediation.
Our one-day blackbox pentest costs 1400 euro and has a total duration of 3 days from start to report. It includes the following checks:
- Leaking of technical information
- Connection safety
- Use of standard accounts
- Password policy
Our 3-day greybox pentest costs 4500 euro and has a total duration of 7 days from start to report. It includes the following checks:
- Leaking of technical information
- Application management
- Connection safety
- Use of standard accounts
- Password policy
- Authentication requirements
- CSRF
- Cookies
- Input validation
- Output validation
Our 5-day greybox pentest costs 7000 euro and has a total duration of 14 days from start to report. It includes the following checks:
- Leaking of technical information
- Application management
- Connection safety
- Use of standard accounts
- Password policy
- Authentication requirements
- Sequencing
- Horizontal escalation
- Vertical escalation
- Session management
- CSRF
- Cookies
- Input validation
- Output validation
Our 7-day greybox pentest costs 8650 euro and has a total duration of 16 days from start to report. It includes the following checks:
- Leaking oftechnical information
- Application management
- Connection safety
- Use of standard accounts
- Password policy
- Authentication requirements
- Sequencing
- Horizontal escalation
- Vertical escalation
- Session management
- CSRF
- Cookies
- Input validation
- Output validation
- API security
Our 5-day whitebox pentest costs 7000 euro and has a total duration of 14 days from start to report. It includes the following checks:
- Leaking of technical information
- Application management
- Connection safety
- Use of standard accounts
- Password policy
- Authentication requirements
- Sequencing
- Horizontal escalation
- Vertical escalation
- Session management
- CSRF
- Cookies
- Input validation
- Output validation
CONTACT US
Share your details or book a time to chat online, and we’ll be happy to discuss how this service could work for your organisation.
We handle your personal data with care and use it only for the purpose for which it was provided. Please read our privacy statement for more information.
* Required
