Is this an automated scan or a manual test?

Manual. Automated scanning is part of reconnaissance, but exploitation, chained attacks, and business-logic abuse are performed by hand using the PTES and OWASP methodologies.

Will testing break our production systems?

No. Rules of engagement are agreed in writing before testing begins, and any potentially destructive technique requires explicit pre-authorization on a per-target basis. Production-impacting tests are conducted in maintenance windows.

Do you include a retest after we fix findings?

Yes. One free retest within ninety days of the final report, on findings rated High or Critical.

Will the report satisfy SOC 2 or HIPAA requirements?

Yes. Reports are formatted to meet SOC 2 CC4.1 and HIPAA technical safeguard evidence requirements, and have been accepted by the major CPA audit firms.

04 Penetration Testing

Hired adversaries, by appointment.

A penetration test is the difference between a vulnerability scan and a real answer. We attempt the same attacks an adversary would - by hand, against a written rules-of-engagement - and tell you exactly what worked.

Overview

Vulnerability scanners report what could be wrong. A penetration test proves what is actually exploitable. We work to a documented methodology - PTES for network, OWASP for web applications, MITRE ATT&CK for cloud - and chain findings the way an attacker would: a low-severity information leak that, combined with a misconfigured cloud role, becomes domain admin.

Scope

External network. Internet-facing assets, including credential exposure and exposed services.
Internal network. Lateral movement, credential capture, Active Directory escalation.
Web application. OWASP Top 10, business-logic abuse, authentication and session flaws.
Cloud. AWS, Azure, GCP - IAM misconfigurations, exposed storage, escalation paths.
Social engineering. Targeted phishing, vishing, optional physical assessment.

Deliverables

Methodology document. Written before testing begins so you know exactly what we will and will not do.
Findings report. Each finding has reproduction steps, evidence, severity, and a remediation recommendation an engineer can act on.
Executive summary. One page for the board, in language they understand.
Free retest. One pass at no charge within 90 days, against High and Critical findings.

Timeline & tiers

Tier	Scope	Timeline	Price
Essentials	External + one web application	2 weeks	$10,800
Standard	External + internal + web app + light social engineering	3 weeks	$22,500
Advanced	Full external + internal + web + cloud + targeted social engineering	4 weeks	$40,500

Pricing model

Fixed price at signature. Net 30 standard. Re-tests above the included scope are billed at $315 per hour with your written approval.

Common questions

Will this satisfy our SOC 2 or PCI-DSS auditor?

Yes. Reports meet SOC 2 CC4.1, HIPAA Security Rule, and PCI-DSS Requirement 11.3 evidence formats and have been accepted by all of the major audit firms we have worked with.

Will the test break production?

No. Rules of engagement are signed before testing begins. Anything potentially disruptive requires per-target written authorization and is scheduled in a maintenance window.

How quickly can you start?

Two to three weeks from contract signature once scoping is complete.

Next step

Book intro call Estimate cost