- Android Mobile Apps & Backend Service
- Java Web Applications, APIs, Single-Page Web Applications.
- .NET 3.5+, IIS, IIS Express, ASP.NET MVC 3-5, ASP.NET Web Forms, ASP.NET Web Pages, IIS-Hosted ASMX-based Web Services, IIS-Hosted Web API, IIS-Hosted WCF Services.
No Vulnerabilities; No Fee
$0 Pen Test
Typically pen tests are charged per hour, $250+/hr is common, or a fixed cost, e.g., $20,000 for a two-week pen test. However, there are no guarantees the pen testers are going to find anything and you still have to pay. For this service, you only pay for the vulnerabilities we identify. We can create a ceiling for the engagement as well, according to your budget.
Each vulnerability is paid out according to its severity.
Vulnerabilities that must be analyzed carefully for security implications, e.g., Weak TLS versions or cryptographic ciphers.
Medium severity vulnerabilities indicate issues that could potentially result
in information or system compromise, e.g., Reflected XSS, SSRF.
High severity vulnerabilities indicate problems that could result in immediate
Compromise, e.g., SQL Injection, Stored XSS, Authentication-bypass.
Critical vulnerabilities lead to the compromise of the entire application, underlying host operating system, or infrastructure.
LENGTH OF PEN TEST
Runs Two to Four Weeks Depending on Scope
(Size, Complexity, and Number of Applications)
Testing takes place in a non-production environment or on non-production builds in the case of mobile apps.
We install a lightweight software agent in each application web application server that is in scope for the testing. The agent confirms the detection of a specific instance of a vulnerability and provides context for remediation. We will work with you to ensure the application is compatible with the agent to include it in the scope.