Information Security Assessment Services

We provide penetration tests, ISO 27001 and PCI DSS implementation, application security, software engineering, audits and other information security consulting services. Select the service you are interested in.

Automated scanning


Automated black-box website security assessment. Prompt result. Different scan modes, depth and quality. Choose free-of-charge on-demand testing or cheap subscription to continuous monitoring. Learn more.
Express Pentest

Express Pentest *

Deeper automated and manual black-box and gray-box security assessment of websites and networks. Vulnerability verification. Standardized project planning, risk assessment, remediation recommendations and reporting. Only 150$ per IP address or 1500$ per website. Details.

Full Pentest *

Comprehensive manual and automated security assessment of websites, networks, applications, etc. Optional DoS/DDoS-attack modeling, social engineering tests and reverse engineering. Vulnerability verification and exploitation. Customized project planning, risk assessment, remediation recommendations and reporting. Vulnerability mitigation assistance and retest after mitigation. Details.

* Subscribe for 12 months and get 4 quarterly penetration tests with 10% discount.

What's next? Compare services in detail. Customize your request. Learn more about pentest process and results.

Compare Service Details

Analysis of web­sites, web apps yes yes max 20 pages per website yes
Analysis of networks - yes min 16 hosts yes
Analysis of desktop or mobile appli­cations - - yes
Black box mode yes yes yes
Gray box mode - yes limited (1 user role) yes optional
White box mode (incl. code review) - - yes optional
OWASP top 10 tests partial yes yes
SANS top 25 tests - partial yes
Open-source tools yes yes yes
Commercial tools (Qualys, Acunetix, Nessus, Burp, etc.) - partial yes
Cyber hooligan / script-kiddie attacker model - yes yes
Purpose­ful profes­sional attacker model - - yes
Automated search yes yes yes
Manual search - yes 8 man-hours yes
DoS/DDoS-attack modeling - - yes optional
Social engineering tests - - yes optional
Reverse engineering - - yes optional
Vulnerabi­lity verifica­tion - yes yes
Vulnerabi­lity exploita­tion - limited (public exploits) yes
Project planning - yes templated yes customized
Risk assess­ment - yes templated yes customized
Remediation action plan - yes templated yes customized
Report yes templated yes templated yes customized
Compliance (PCI DSS, SOX, HIPAA, etc.) - - yes optional
Vulnerabi­lity mitigation assist­ance - on demand yes optional
Retest after mitigation on request on demand yes included
Ready to start immediately 2 to 4 days 1 week
Duration Scan: 5 min/2+ hours.
Monitor: conti­nuous­ly
6 days 2 to 5 weeks
Price Scan: free.
Monitor: 54 $/month
150 USD per IP address.
1500 USD per website

* Subscribe for 12 months and get 4 quarterly penetration tests with 10% discount.

Service customization

Please choose what is interesting for you, and send us your choice:

  External or internal wired or wireless network or infrastructure pentest.
  White-box security assessment or security review of source code of website, web application.
  White-box security assessment or security review of source code of Unix/Linux, Windows, iOS, Android application.
  DoS/DDoS-attack modeling.
  Personnel pentest (social engineering methods).
  Application Security Services.
  Managed compliance with ISO 27001, PCI DSS, HIPAA, GDPR, etc.
  Training, workshop (secure software development, social engineering, etc.).
  Other information security consulting.

How we work and what you get

Project Workflow of typical pentest is the following:

Formalities →
We sign your Non-Disclosure Agreement and commit to confidentiality.
Clarification →
You answer our questions about the conditions and environment to help us define your requirements and expectations.
Pre-engagement →
We analyze your input and develop the Rules of Engagement (RoE) and the project plan.
Approval →
We send you detailed commercial proposal, including Rules of Engagement and project plan. These documents define all detailed conditions and parameters of the penetration test. You accept our proposal and approve the documents. Then you and we sign the Service Agreement.
Field works →
Passive pentest phase begins with Open-Source Intelligence (OSINT). Active pentest phase includes vulnerability identification, verification, exploitation and evidence collection. Then we assess risks of each found vulnerability and develop recommendations on vulnerability mitigation and continuous improvement.
The Security Assessment Report describes the findings and what should be done to improve your security. We consult on vulnerability mitigation and perform a retest on demand. The project is completed.
Report Sample

Security Assessment Report includes all project deliverables.

Simple report structure is described below. Depending on the pentest requirements, conditions, restrictions and parameters, the report can include more additional sections.

  1. Executive summary.
  2. Planning and methodology.
  3. Security assessment results:

Go top, choose pentest type and order.

What is penetration test.

Who we are, what we do, and what partnership we offer.

H-X news.