Services

Eight engagements. One way of working.

Each engagement is led by a senior tester, runs on a fixed scope and date, and includes a retest of reported findings after you fix them.

Book a security review Compare engagements
Where to start

Pick the engagement that matches the conversation you're in.

Sales blocker

A customer is asking for a current pentest report.

Start with web application or API testing — whichever covers what they integrate with.

Audit prep

Your SOC 2, ISO 27001, PCI DSS, or HIPAA audit is in flight.

Compliance pentest with control-mapped reporting.

Fresh release

You just shipped a new product or major feature.

Authenticated web app and API testing of the new surface.

Detection check

You want to know if your SOC actually catches things.

Red team operation, scoped to a clear objective and timeline.

All engagements

Every engagement, side by side.

Web application testing

Hands-on testing across OWASP Top 10 plus the business-logic flaws scanners cannot reach.

Right fit if

You ship a customer-facing web app and need a pentest report.

Read more

API testing

REST, GraphQL, and webhook surfaces — auth, IDORs, rate limits, tenant isolation.

Right fit if

Your customers integrate with your APIs; mobile or partner apps depend on them.

Read more

Network and cloud

External and internal network testing plus AWS, Azure, and GCP configuration review.

Right fit if

You have cloud infrastructure, an office network, or both.

Read more

Authenticated testing

Real users, real roles, real privilege boundaries — the tests that resemble actual breaches.

Right fit if

Your app has multiple user roles and you need to know what one role can do to another.

Read more

Red team operations

Multi-stage adversary simulation that tests whether you would notice an intrusion in progress.

Right fit if

You have a SOC, EDR, or detection program and want to know if it actually catches things.

Read more

AI security testing

Prompt injection, data leakage, model abuse, and tool-use risks for teams shipping LLM features.

Right fit if

You ship an LLM-backed feature and need to know what a determined user can do to it.

Read more

Compliance pentest

Reports mapped to SOC 2, ISO 27001, PCI DSS, and HIPAA controls so auditors get what they need.

Right fit if

Your audit is in flight and pentest is a required control.

Read more

Vulnerability scanning

Continuous scanning paired with human triage so your team only sees real, prioritized findings.

Right fit if

You need ongoing coverage between annual pentests and want signal, not noise.

Read more
How every engagement runs

Same shape, regardless of which service you pick.

  1. STEP 01

    Scoping call

    Thirty minutes. Fixed scope, price, and date by the end.

  2. STEP 02

    Hands-on testing

    Senior tester end-to-end. Live channel; immediate evidence on criticals.

  3. STEP 03

    Report

    One-page board summary. Executive section. Developer-actionable findings.

  4. STEP 04

    Retest

    We retest the affected items after fixes (included in scope). Report updated to reflect post-fix state.

Common bundles

Three bundles that cover most teams.

Pick a bundle if it matches the conversation you're in. We tune the scope on the call — nothing is locked in by the bundle name.

SaaS launch bundle

Web app + API + authenticated

A SaaS team shipping new product or chasing a customer security review.

  • Web application testing
  • API testing
  • Authenticated testing
Compliance bundle

Compliance pentest + network/cloud

An audit (SOC 2, ISO, PCI, HIPAA) is in flight and pentest is on the control list.

  • Compliance pentest
  • Network and cloud testing
  • Control mapping
Continuous program

Annual pentest + vulnerability scanning

You want point-in-time depth and continuous coverage between annual pentests.

  • Annual pentest
  • Vulnerability scanning + triage
  • Quarterly delta review
Methodology

We work to frameworks auditors already recognize.

No proprietary methodology that exists only to look impressive. Every engagement maps to public frameworks your auditor and your engineering team can verify.

  • OWASP Testing Guide
  • OWASP ASVS
  • OWASP API Top 10
  • OWASP LLM Top 10
  • MITRE ATT&CK
  • NIST SP 800-115
  • PTES
  • CIS Benchmarks
  • SOC 2 / ISO / PCI / HIPAA
Typical timeline

From scoping call to retest, in plain weeks.

  1. Week 0

    Scoping call

    Thirty minutes. Fixed scope, price, and date by the end.

  2. Week 1

    Kickoff and prep

    Access provisioning, test accounts, rules of engagement signed.

  3. Weeks 2–3

    Hands-on testing

    Senior tester end-to-end. Live channel; immediate evidence on criticals.

  4. Week 4

    Reporting

    Board summary, executive section, developer-actionable findings, control mapping.

  5. Weeks 5–6

    You fix things

    Engineers work on remediations. We are reachable for clarifying questions.

  6. Week 7

    Retest + final report

    Reported items retested (included in scope). Report updated to reflect post-fix state.

Larger or multi-environment engagements run longer. We commit to the timeline on the scoping call.

A typical outcome

Customer outcome

“The findings landed in our tracker the day they were confirmed. The retest was already scheduled when we asked about it. Our auditor closed the control on the first read of the report.”

Head of Security · Mid-market SaaS, San Francisco
FAQ

Common questions about choosing an engagement

How do I know which engagement is right for me?

Start with the conversation. If a customer is asking for a pentest report, web app or API testing usually covers what they integrate with. If your audit is the driver, a compliance pentest gives you the control-mapped report your auditor expects. If you are not sure, the scoping call is free and ends with a recommendation.

Can I bundle services?

Yes. The most common bundle is web app plus API plus authenticated testing — that maps to how customers actually use most SaaS products. We will quote individual or bundled scope.

What is included in every engagement?

A senior tester from start to finish. Live channel for questions and immediate evidence on critical findings. A report with one-page board summary, executive section, and developer-actionable findings. A retest of the items in the report after you fix them, included in scope.

How long does a typical engagement run?

Web app or API engagements: two to three weeks of testing plus one week of reporting. Network and cloud: three to five weeks. Red team: four to six weeks. Compliance pentest depends on scope; we confirm a date on the scoping call.

How much does it cost?

We quote on the scoping call after we understand your scope and constraints. Smaller, single-application engagements typically run in the low five figures; larger multi-environment or red team engagements run higher. Pricing is fixed before kickoff.

Do you do retainer or continuous testing?

Yes, paired with vulnerability scanning. We do continuous scanning with human triage between point-in-time pentests, so you have ongoing coverage without burying your team in scanner output.

Not sure which engagement fits?

Tell us what you're shipping and what's driving the test. We'll recommend a scope on the scoping call — and tell you if a smaller engagement covers it.

Book a security review See what we test