DERUUA

Cyber Security Services

We provide the following services, some of which are unique or rare in the market: Vulnerability Scanning, Penetration Testing (Pentests), Automated and Manual Security Analysis of Software Source Code, ISO 27001 and PCI DSS Implementation, Application Security, Software Engineering, Security Team Extension (outsourcing and outstaffing), GDPR compliance and other services. Select the service you are interested in.

Automated scanning

FREE Scan

Automated black-box website security assessment. Prompt result. Different scan modes, depth and quality. Choose free-of-charge on-demand testing or cheap subscription to continuous monitoring. Learn more.
Licensed scan

Licensed Scan *

Manual vulnerability scanning with commercial scanners: Acunetix, BurpSuite Pro, Qualys, Nexpose. Limited reporting: the summary and raw scanner reports. The minimum order includes a simple website or service (up to 20 pages and 2 forms), or 16 IP addresses, takes 2 to 3 days and is $15 per IP address for the networks (Qualys + Nexpose) or $180 per website or service (Acunetix + BurpSuite Pro). Details.
Pentest

Pentest *

Manual and automated security assessment of websites, networks, applications, etc. Optional DoS/DDoS, social engineering tests and reverse engineering. Vulnerability verification and exploitation. Project planning, risk assessment, remediation recommendations and reporting. Vulnerability mitigation assistance and retest after mitigation. Express Pentest is from $150 per IP address or $1500 per simple website or service (up to 20 pages and 2 forms). Details.

* Subscribe for 12 months and get 4 quarterly security assessments with 10% discount.

What's next? Compare services in detail. Customize your request. Learn more about pentest process and results.

 

Compare Service Details


Scope and para­me­ters Free Scan Licensed Scan * Express Pen­test * Full Pen­test *
Analy­sis of web­sites, web apps yes yes 20 pages yes 20 pages yes
Analy­sis of net­works - yes 16 hosts yes 16 hosts yes
Analy­sis of desk­top or mo­bile ap­pli­ca­tions - - - yes
Black box mode yes yes yes yes
Gray box mode - - yes lim­it­ed (1 user role) yes op­tion­al
White box mode (incl. code review) - - - yes op­tion­al
OWASP top 10 tests partial partial yes yes
SANS top 25 tests - partial partial yes
Open-source tools yes on demand yes yes
Com­mer­cial tools (Qualys, Acu­netix, Nexpose, Burp Suite Pro, etc.) yes H-X scanner yes yes yes
Cyber hooli­gan / script-kiddie at­tack­er mod­el - yes yes yes
Pur­pose­ful pro­fes­sion­al at­tack­er mod­el - - - yes
Au­to­mat­ed search yes yes yes yes
Man­u­al search - - yes 8 man-hours yes
DoS/DDoS-at­tack mod­el­ing only DoS (non-volu­met­ric) only DoS (non-volu­met­ric) only DoS (non-volu­met­ric) yes op­tion­al
Social en­gi­neer­ing tests - - - yes op­tion­al
Reverse en­gi­neer­ing - - - yes op­tion­al
Vul­ner­a­bil­i­ty ver­i­fi­ca­tion - - yes yes
Vul­ner­a­bil­i­ty ex­ploita­tion - - limit­ed (pub­lic ex­ploits) yes
Project plan­ning - - yes tem­plat­ed yes cus­tomized
Risk as­sess­ment - yes stan­dard yes tem­plat­ed yes cus­tomized
Reme­di­a­tion action plan - yes stan­dard yes tem­plat­ed yes cus­tomized
Report yes tem­plat­ed yes tem­plat­ed yes tem­plat­ed yes cus­tomized
Com­pli­ance (PCI DSS, SOX, HIPAA, etc.) yes yes yes yes
Vul­ner­a­bil­i­ty mit­i­ga­tion as­sis­tance - on demand on demand yes op­tion­al
Retest after mit­i­ga­tion on request on request on demand yes in­clud­ed
Ready to start imme­di­ate­ly, round-clock 1 to 2 days 2 to 4 days 1 week
Dura­tion Scan: 5 min - 2+ hours.
Monitor: con­tin­u­ous­ly
2 to 3 days 6 days 2 to 5 weeks
Price Scan: free.
Monitor: 54 $ per month
15 USD per IP address.
180 USD per web­site
150 USD per IP address.
1500 USD per web­site
Indi­vid­ual

* Subscribe for 12 months and get 4 quarterly security assessments with 10% discount.

 

Service customization


Please choose what is interesting for you, and send us your choice. Feel free to combine these popular requests to define your needs:

  External or internal wired or wireless network or infrastructure pentest.
  White-box security assessment or security review of source code of website, web application.
  White-box security assessment or security review of source code of Unix/Linux, Windows, iOS, Android application.
  DoS/DDoS-attack modeling.
  Personnel pentest (social engineering methods).
  Application Security Services.
  Managed compliance with ISO 27001, PCI DSS, HIPAA, GDPR, etc.
  Training, workshop on secure software development, social engineering, etc.
  Other information security consulting.

 

How we work and what you get


Project Workflow of typical pentest is the following:

Formalities →
We sign your Non-Disclosure Agreement and commit to confidentiality.
Clarification →
You answer our questions about the conditions and environment to help us define your requirements and expectations.
Pre-engagement →
We analyze your input and develop the Rules of Engagement (RoE) and the project plan.
Approval →
We send you detailed commercial proposal, including Rules of Engagement and project plan. These documents define all detailed conditions and parameters of the penetration test. You accept our proposal and approve the documents. Then you and we sign the Service Agreement.
Field works →
Passive pentest phase begins with Open-Source Intelligence (OSINT). Active pentest phase includes vulnerability identification, verification, exploitation and evidence collection. Then we assess risks of each found vulnerability and develop recommendations on vulnerability mitigation and continuous improvement.
Report
The Security Assessment Report describes the findings and what should be done to improve your security. We consult on vulnerability mitigation and perform a retest on demand. The project is completed.
 
 
Report Sample

Security Assessment Report includes all project deliverables.

Simple report structure is described below. Depending on the pentest requirements, conditions, restrictions and parameters, the report can include more additional sections.

  1. Executive summary.
  2. Planning and methodology.
  3. Security assessment results:

Go top, choose pentest type and order.




Who we are, what we do, and what partnership we offer.


What is penetration test.