DERUUA

Cyber Security Services

Managed Security and GRC: Audits and Implementation of ISO 27001, VDA, TISAX, PCI DSS, GDPR, etc.; Remote CISO and Security Team Extension.

IT and IT Security Services: Vulnerability Scanning, Pentests; Continuous Protection of Websites; Application Security; Security DevOps Express SOC; Training on Secure Software Development; Security Analysis of Software Source Code; Software Engineering; Development and Audit of Smart Contracts; Forensic Investigations.

Customize the service or start with Security Assessment:

Automated scanning

FREE Scan

Automated black-box website security assessment. Prompt result. Different scan modes, depth and quality. Choose free-of-charge on-demand testing or cheap subscription to continuous monitoring. Learn more.
Licensed scan

Licensed Scan *

Manual vulnerability scanning of websites and networks with commercial scanners: Acunetix, BurpSuite Pro, Qualys, Nexpose. Limited reporting: the summary and raw scanner reports. The minimum order includes a simple website or service (up to 20 pages and 2 forms), or 16 IP addresses, takes 2 to 3 days and is $15 per IP address for the networks (Qualys + Nexpose) or $180 per website or service (Acunetix + BurpSuite Pro). Details.
Pentest

Pentest *

Manual and automated security assessment of websites, networks, applications, etc. Optional DoS/DDoS, social engineering tests, reverse engineering, 0-day research, security review of source code of applications. Risk assessment, remediation recommendations and reporting. Vulnerability mitigation assistance and retest after mitigation. Express Pentest is from $150 per IP address or $1500 per simple website or service (up to 20 pages and 2 forms). Details.

* Subscribe for 12 months and get 4 quarterly security assessments with 10% discount.

What's next? Compare services in detail. Customize your request. Learn more about pentest process and results.

 

Compare Service Details


Scope and para­me­ters Free Scan Licensed Scan * Express Pen­test * Full Pen­test *
Analy­sis of web­sites, web apps yes yes 20 pages yes 20 pages yes
Analy­sis of net­works - yes 16 hosts yes 16 hosts yes
Analy­sis of desk­top or mo­bile ap­pli­ca­tions - - - yes
Black box mode yes yes yes yes
Gray box mode - - yes lim­it­ed (1 user role) yes op­tion­al
White box mode (incl. code review) - - - yes op­tion­al
OWASP top 10 tests partial partial yes yes
SANS top 25 tests partial partial partial yes
OWASP ASVS and SAMM assurance - - - yes op­tion­al
Open-source tools yes H-X scanner on demand yes yes
Com­mer­cial tools (Qualys, Acu­netix, Nexpose, Burp Suite Pro, etc.) - yes yes yes
Cyber hooli­gan / script-kiddie at­tack­er mod­el - yes yes yes
Pur­pose­ful pro­fes­sion­al at­tack­er mod­el - - - yes
Au­to­mat­ed search yes yes yes yes
Man­u­al search - - yes 8 man-hours yes
DoS/DDoS-at­tack mod­el­ing only DoS (non-volu­met­ric) only DoS (non-volu­met­ric) only DoS (non-volu­met­ric) yes op­tion­al
Social en­gi­neer­ing tests - - - yes op­tion­al
Covert tests, Red Team and Blue Team exercises - - - yes op­tion­al
Reverse en­gi­neer­ing and 0-day vul­ner­a­bil­i­ty re­search - - - yes op­tion­al
Vul­ner­a­bil­i­ty ver­i­fi­ca­tion - - yes yes
Vul­ner­a­bil­i­ty ex­ploita­tion - - limit­ed (pub­lic ex­ploits) yes
Project plan­ning - - yes tem­plat­ed yes cus­tomized
Risk as­sess­ment yes stan­dard yes stan­dard yes tem­plat­ed yes cus­tomized
Reme­di­a­tion action plan yes stan­dard yes stan­dard yes tem­plat­ed yes cus­tomized
Report yes tem­plat­ed yes tem­plat­ed yes tem­plat­ed yes cus­tomized
Com­pli­ance (PCI DSS, SOX, HIPAA, etc.) yes yes yes yes
Vul­ner­a­bil­i­ty mit­i­ga­tion as­sis­tance on demand on demand on demand yes op­tion­al
Retest after mit­i­ga­tion on request on request on demand yes in­clud­ed
Ready to start imme­di­ate­ly, round-clock 1 to 2 days 2 to 4 days 1 week
Dura­tion Scan: 5 min - 2+ hours.
Monitor: con­tin­u­ous­ly
2 to 3 days 6 days 2 to 5 weeks
Price Scan: free.
Monitor: 54 $ per month
15 USD per IP address.
180 USD per web­site
150 USD per IP address.
1500 USD per web­site
Indi­vid­ual

* Subscribe for 12 months and get 4 quarterly security assessments with 10% discount.

 

Service customization


Please combine these popular requests to define your needs:

 

How we work and what you get


Project Workflow of typical pentest is the following:

Formalities →
We sign your Non-Disclosure Agreement and commit to confidentiality.
Clarification →
You answer our questions about the conditions and environment to help us define your requirements and expectations.
Pre-engagement →
We analyze your input and develop the Rules of Engagement (RoE) and the project plan.
Approval →
We send you detailed commercial proposal, including Rules of Engagement and project plan. These documents define all detailed conditions and parameters of the penetration test. You accept our proposal and approve the documents. Then you and we sign the Service Agreement.
Field works →
Passive pentest phase begins with Open-Source Intelligence (OSINT). Active pentest phase includes vulnerability identification, verification, exploitation and evidence collection. Then we assess risks of each found vulnerability and develop recommendations on vulnerability mitigation and continuous improvement.
Report
The Security Assessment Report describes the findings and what should be done to improve your security. We consult on vulnerability mitigation and perform a retest on demand. The project is completed.
 
 
Report Sample

Security Assessment Report includes all project deliverables.

Simple report structure is described below. Depending on the pentest requirements, conditions, restrictions and parameters, the report can include more additional sections.

  1. Executive summary.
  2. Planning and methodology.
  3. Security assessment results:

Go top, choose pentest type and order.




Who we are, what we do, and what partnership we offer.


What is penetration test.


Our certificates:

(ISC)2
CISSP
ISACA
CISA
CISM
Offensive Security
OSCP
PECB
LPTP
Microsoft
Qualys
BSI