DERUUA

Security assessment and audit

Check within 10 minutes for free to what extent your company complies with ISO 27001, and also how much time you need to achieve full compliance and certification.
Contact us to conduct a professional security audit of your organization.
Automated scanning

FREE Scan

Automated black-box website security assessment. Prompt result. Different scan modes, depth and quality. Choose free-of-charge on-demand testing or cheap subscription to continuous monitoring. Learn more.
Licensed scan

Licensed Scan *

Manual vulnerability scanning of websites and networks with commercial scanners: Acunetix, BurpSuite Pro, Qualys, Nexpose. Limited reporting: the summary and raw scanner reports. The minimum order includes a simple website or service (up to 20 pages and 2 forms), or 16 IP addresses, takes 2 to 3 days and is $15 per IP address for the networks (Qualys + Nexpose) or $180 per website or service (Acunetix + BurpSuite Pro). Details.
Pentest

Pentest and Red Team *

Manual and automated security assessment of websites, networks, applications, etc. Optional DoS/DDoS, social engineering tests, Red Team, reverse engineering, 0-day research, security review of source code of applications. Risk assessment, remediation recommendations and reporting. Vulnerability mitigation assistance and retest after mitigation. Express Pentest is from $150 per IP address or $1500 per simple website or service (up to 20 pages and 2 forms). Details.

* Subscribe for 12 months and get 4 quarterly security assessments with 10% discount.

Learn more about pentest process and results.

 

Compare Service Details


Scope and para­me­ters Free Scan Licensed Scan * Express Pen­test * Full Pen­test *
Analy­sis of web­sites, web apps yes yes 20 pages yes 20 pages yes
Analy­sis of net­works - yes 16 hosts yes 16 hosts yes
Analy­sis of desk­top or mo­bile ap­pli­ca­tions - - - yes
Black box mode yes yes yes yes
Gray box mode - - yes lim­it­ed (1 user role) yes op­tion­al
White box mode (incl. code review) - - - yes op­tion­al
OWASP top 10 tests partial partial yes yes
SANS top 25 tests partial partial partial yes
OWASP ASVS and SAMM assurance - - - yes op­tion­al
Open-source tools yes H-X scanner on demand yes yes
Com­mer­cial tools (Qualys, Acu­netix, Nexpose, Burp Suite Pro, etc.) - yes yes yes
Cyber hooli­gan / script-kiddie at­tack­er mod­el - yes yes yes
Pur­pose­ful pro­fes­sion­al at­tack­er mod­el - - - yes
Au­to­mat­ed search yes yes yes yes
Man­u­al search - - yes 8 man-hours yes
DoS/DDoS-at­tack mod­el­ing only DoS (non-volu­met­ric) only DoS (non-volu­met­ric) only DoS (non-volu­met­ric) yes op­tion­al
Social en­gi­neer­ing tests - - - yes op­tion­al
Covert tests, Red Team and Blue Team exercises - - - yes op­tion­al
Reverse en­gi­neer­ing and 0-day vul­ner­a­bil­i­ty re­search - - - yes op­tion­al
Vul­ner­a­bil­i­ty ver­i­fi­ca­tion - - yes yes
Vul­ner­a­bil­i­ty ex­ploita­tion - - limit­ed (pub­lic ex­ploits) yes
Project plan­ning - - yes tem­plat­ed yes cus­tomized
Risk as­sess­ment yes stan­dard yes stan­dard yes tem­plat­ed yes cus­tomized
Reme­di­a­tion action plan yes stan­dard yes stan­dard yes tem­plat­ed yes cus­tomized
Report yes tem­plat­ed yes tem­plat­ed yes tem­plat­ed yes cus­tomized
Com­pli­ance (PCI DSS, SOX, HIPAA, etc.) yes yes yes yes
Vul­ner­a­bil­i­ty mit­i­ga­tion as­sis­tance on demand on demand on demand yes op­tion­al
Retest after mit­i­ga­tion on request on request on demand yes in­clud­ed
Ready to start imme­di­ate­ly, round-clock 1 to 2 days 2 to 4 days 1 week
Dura­tion Scan: 5 min - 2+ hours.
Monitor: con­tin­u­ous­ly
2 to 3 days 6 days 2 to 5 weeks
Price Scan: free.
Monitor: 54 $ per month
15 USD per IP address.
180 USD per web­site
150 USD per IP address.
1500 USD per web­site
Indi­vid­ual

* Subscribe for 12 months and get 4 quarterly security assessments with 10% discount.

 

How we work and what you get

Workflow of a typical security audit or pentest is the following:

Confidentiality →
We sign a Non-Disclosure Agreement and commit to confidentiality.
Clarification →
You answer our questions about the conditions and environment to help us define your requirements and expectations.
Engagement →
We analyze your source data and develop the Rules of Engagement (RoE) and the Project plan.
Approval →
We send you a detailed Commercial proposal, including Statement of Works, Specification (Rules of Engagement) and Project plan. Those documents define all the specific conditions and parameters of the audit or penetration test. After you accept our proposal and approve the documents, then we can sign the Service Agreement.
Field works →
Passive pentest phase begins with Open-Source Intelligence (OSINT). Active pentest phase includes interviews with your personnel, vulnerability identification, verification, exploitation and evidence collection. Then we assess risks of each found vulnerability and develop recommendations on vulnerability mitigation and continuous improvement.
Report
The Security Assessment Report describes the findings and what should be done to improve your security. We consult on vulnerability mitigation and perform a retest on demand. The project is completed.
 
 
Report Sample

Security Assessment Report includes all project deliverables.

Simple report structure is described below. Depending on the audit or pentest requirements, conditions, restrictions and parameters, the report can include more additional sections.

  1. Executive summary.
  2. Planning and methodology.
  3. Security assessment results:

Click the button below to request a quote for a security audit, pentest or assessment of your organization, network, website or application.


Go top to the selection of security assessment type.

Who we are, what we do, and what we offer.

What is penetration test.


Our certificates:

(ISC)2
CISSP
ISACA
CISA
CISM
Offensive Security
OSCP
PECB
LPTP
Microsoft
Qualys
BSI