Integrity with how we work, and how we price
The quality of some of the biggest names in security, without the price tag and complications.
Penetration Testing Services
Annual network pentest that meets compliance standards.
Internal facing report with steps to mitigate
External facing report to prove security maturity
Remediation support around identified vulnerabilities
Read out report meeting with our team
1X rounds of retesting included
Annual web, mobile, and API pentesting gains assurance that your sensitive data is secured.
Everything in Pentest Essentials +
Light threat modeling
Custom security plan based on your business logic
Leverages our proprietary testing stack
3X rounds of retesting included
Penetration Testing as a Service (PTaaS)
Monthly subscription plans based on your attack surface and business needs
Biannual or quarterly web, mobile, and API penetration testing, unlimited retesting, security consulting, Portal to manage pentest results helps growing teams prove and experience security maturity.
Everything in Pentest 360 +
2x or 4x penetration tests throughout the year
Advanced threat modelling
Team rotation for fresh perspectives
Continuous access to our team via Slack integration
Unlimited retesting on fix verification & new releases
Security consulting hours
Automated vulnerability management and observability via Portal
Continuously updated external facing reports to prove security maturity
Augmented Security Services
Secure Cloud Review
Get granular inspection of source code to identify elusive unsecure coding patterns.
Pentesting assisted code review
3rd party libraries identification
CVE discovery and validation
Commercial static code analysis
Manual verification of all vulnerabilities found
Targetted manual code review based on risk
Secure Code Review
Ensuring cloud configurations are following industry best practices.
Resource segregation review including network segmentation
Configuration settings review
Tracking and logging observability verification
Logging and observability verification
Redundancy, including autoscaling and backups
Private group training led by an instructor & based on OWASP Top 10 secure coding best practices
Hands on exercises
5 courses available, including Capture the flag (CTF)
Mapped to OWASP Top 10
Recent cyber breaches covered due to common vulnerabilities
Meet compliance standards (SOC 2, HIPAA, ISO 27001, PCI)
Language agnostic as well as .NET, Java content
Flexible delivery model
Attendance management and certificates
What our clients have to say
Simple answers to tough questions
What information do I need to gather in order to get the most accurate scope?
Pricing for pentesting services is based on the scope of the attack surface. This is determined by assessing the number of endpoints, public facing IPs, roles and authentication methods. Check out our 5 Steps to Scoping a Penetration Test Document here.
Does active feature development change our penetration testing strategy?
Many clients choose biannual or quarterly Penetration Testing as a Service, to integrate security into their development pipeline. The initial baseline penetration test provides depth of coverage and the subsequent penetration tests address the new features and product developments only. This strategy speeds up security operations and aligns with your product roadmap.
Tell us more about your depth of coverage. How does your comprehensiveness compare to other penetration testing vendors?
We conduct light threat modelling with every penetration test. Our team creates tailored attacks based on your data flow, business logic, integrations, competitive landscape, industry and clients.
In addition to the testing methodology customized to your attack surface, we also map to multiple standards (OWASP Top 10, SANS Top 25, WSTG, ASVS, NIST) for the most in-depth coverage.
How does this help us with compliance?
Our penetration tests can help you meet compliance frameworks such as SOC 2, ISO 27001, PCI-DSS, HIPAA, as well as cybersecurity insurance requirements. All of our application penetration tests include infrastructure testing. This assists in meeting both the infrastructure and application controls required for compliance and provides security assurance.
Within Portal, your data is physically separated, as each of our clients has their own database, given Portal has single tenant architecture. Granular access permissions based on role and project assist clients in meeting compliance and technical risk, aligning to least privilege best practices. Portal has complex password requirements and leverages OAuth for client authentication.
What do your penetration test reports look like?
Our actionable reports include an executive summary, vulnerability descriptions, impact on the business, steps to reproduce and suggested remediation methods. All vulnerabilities are peer reviewed and risk is calibrated according to CVSS and DREAD.
How much remediation support is included?
After the report is delivered, there is an optional read out report meeting with our team to go over the results and assist with remediation. Email and our slack integration is available for quick questions regarding your report. Decision making support on when to eliminate, mitigate, delegate and accept risk is offered to all clients and 3 rounds of retesting is included to support with your SLAs. Penetration Testing as a Service clients benefit from unlimited on demand retesting and 2 hours of security consulting per month.
Say goodbye to 300+ page penetration test reports
Providing the quality of the biggest names in security without the price tag and complications.
Manual penetration testing
Full time Canadian hackers