• No Vulnerabilities; No Fee

    $0 Pen Test

    Typically pen tests are charged per hour, $250+/hr is common, or a fixed cost, e.g., $20,000 for a two-week pen test. However, there are no guarantees the pen testers are going to find anything and you still have to pay. For this service, you only pay for the vulnerabilities we identify. We can create a ceiling for the engagement as well, according to your budget.

Payout Amounts

Each vulnerability is paid out according to its severity.

LOW

$200

Vulnerabilities that must be analyzed carefully for security implications, e.g., Weak TLS versions or cryptographic ciphers.

MEDIUM

$500

Medium severity vulnerabilities indicate issues that could potentially result
in information or system compromise, e.g., Reflected XSS, SSRF.

HIGH

$2000

High severity vulnerabilities indicate problems that could result in immediate
Compromise, e.g., SQL Injection, Stored XSS, Authentication-bypass.

CRITICAL

$5000

Critical vulnerabilities lead to the compromise of the entire application, underlying host operating system, or infrastructure.

LENGTH OF PEN TEST

Runs Two to Four Weeks Depending on Scope
(Size, Complexity, and Number of Applications)

REQUIREMENTS

Testing takes place in a non-production environment or on non-production builds in the case of mobile apps.
We install a lightweight software agent in each application web application server that is in scope for the testing. The agent confirms the detection of a specific instance of a vulnerability and provides context for remediation. We will work with you to ensure the application is compatible with the agent to include it in the scope.

PROGRAMMING LANGUAGES & FRAMEWORKS IN SCOPE FOR THIS TESTING:

  • Android Mobile Apps & Backend Service
  • Java Web Applications, APIs, Single-Page Web Applications.
  • .NET 3.5+, IIS, IIS Express, ASP.NET MVC 3-5, ASP.NET Web Forms, ASP.NET Web Pages, IIS-Hosted ASMX-based Web Services, IIS-Hosted Web API, IIS-Hosted WCF Services.