Security Assessment Services

Our credo is professional cyber security service for any budget.

Automated scanning

FREE Scan

Automated black-box website security assessment. Prompt result. Different scan modes, depth and quality. Choose free-of-charge on-demand testing or subscription to continuous monitoring. Learn more.
Express Pentest

Express Pentest *

Deeper automated and manual black-box and gray-box security assessment of websites and networks. Vulnerability verification. Standardized project planning, risk assessment, remediation recommendations and reporting. Only 150$ per IP address or 1500$ per website. Details.
Pentest

Full Pentest *

Comprehensive manual and automated security assessment of websites, networks, applications, etc. Optional DoS/DDoS-attack modeling, social engineering tests and reverse engineering. Vulnerability verification and exploitation. Customized project planning, risk assessment, remediation recommendations and reporting. Vulnerability mitigation assistance and retest after mitigation. Details.

* Subscribe for 12 months and get 4 quarterly penetration tests with 10% discount.

What's next? Compare services in detail. Customize your request. Learn more about pentest process and results.

Compare Service Details


Scope and parameters FREE SCAN EXPRESS PENTEST * FULL PENTEST *
Analysis of websites/web apps yes yes max 20 pages per website yes
Analysis of networks - yes min 16 hosts yes
Analysis of desktop or mobile applications - - yes
Black box mode yes yes yes
Gray box mode - yes limited (1 user role) yes optional
White box mode - - yes optional
OWASP top 10 tests partial yes yes
SANS top 25 tests - partial yes
Open-source tools yes yes yes
Commercial tools (Qualys, Acunetix, Nessus, Burp, etc.) - partial yes
Cyber hooligan / script-kiddie attacker model - yes yes
Purposeful professional attacker model - - yes
Automated search yes yes yes
Manual search - yes 8 man-hours yes
DoS/DDoS-attack modeling - - yes optional
Social engineering tests - - yes optional
Reverse engineering - - yes optional
Vulnerability verification - yes yes
Vulnerability exploitation - limited (public exploits) yes
Project planning - yes templated yes customized
Risk assessment - yes templated yes customized
Remediation action plan - yes templated yes customized
Report yes templated yes templated yes customized
Compliance (PCI DSS, SOX, HIPAA, etc.) - - yes optional
Vulnerability mitigation assistance - on demand yes optional
Retest after mitigation on request on demand yes included
Ready to start immediately 2 to 4 days 1 week
Duration Scan: 5 min/2+ hours.
Monitor: continuously
6 days 2 to 5 weeks
Price Scan: free.
Monitor: 54 $/month
150 USD per IP address.
1500 USD per website
Individual

* Subscribe for 12 months and get 4 quarterly penetration tests with 10% discount.

Service customization


Please choose what is interesting for you, and send us your choice:

  External or internal wired or wireless network or infrastructure pentest.
  White-box website, web application, web server pentest.
  White-box desktop or mobile application pentest.
  DoS/DDoS-attack modeling.
  Personnel pentest (social engineering methods).
  Industrial IT security audit.
  Managed compliance with ISO 27001, PCI DSS, HIPAA, GDPR, etc.
  Other pentest or security consulting.
  Training, workshop (secure software development, social engineering, etc.).

How we work and what you get


Project Workflow of typical pentest can be the following:

Formalities →
We sign your Non-Disclosure Agreement and commit to confidentiality.
Clarification →
You answer our questions about the conditions and environment to help us define your requirements and expectations.
Pre-engagement →
We analyze your input and develop the Rules of Engagement (RoE) and the project plan.
Approval →
We send you detailed commercial proposal, including Rules of Engagement and project plan. These documents define all detailed conditions and parameters of the penetration test. You accept our proposal and approve the documents. Then you and we sign the Service Agreement.
Field works →
Passive pentest phase begins with Open-Source Intelligence (OSINT). Active pentest phase includes vulnerability identification, verification, exploitation and evidence collection. Then we assess risks of each found vulnerability and develop recommendations on vulnerability mitigation and continuous improvement.
Report
The Security Assessment Report describes the findings and what should be done to improve your security. We consult on vulnerability mitigation and perform a retest on demand. The project is completed.
Report Sample

Security Assessment Report includes all project deliverables.

Simple report structure is below. Depending on the pentest requirements, conditions, restrictions and parameters, the report can include more additional sections.

  1. Executive summary.
  2. Planning and methodology.
  3. Security assessment results:
  • Identified vulnerabilities and their exploitation ways.
  • Details and evidences (logs, dumps, screenshots, etc.).
  • Risk assessment.
  • Recommended security measures, grouped and prioritized.

Go top, choose pentest type and order.

What is penetration test.

Who we are, what we do, and what partnership we offer.

H-X news.