Define Your Test Scenario

We provide straightforward, effort-based pricing.
Just answer a few quick questions, and we’ll send you a clear, customized quote—simple and hassle-free.
The Reality of Today’s Cybersecurity Challenges
  • 84% of organizations suffered a cyberattack in the last 12 months.
  • 98% use vulnerability scanners, but only 34% find them effective.
  • 53% of practitioners admit to delaying patches.
  • Only 26% conduct pentests more than once a year.
SCHEDULE A CONSULTATION

OPTION 1 - 🔐 External Network Penetration Testing

  • Public IP Address Ranges
    • Please provide all public IP address ranges assigned to your organization by your Internet Service Provider (ISP), preferably in CIDR notation (e.g., 192.0.2.0/24).
    • If available, include any documentation or IP allocation reports from your ISP.
    • Are there any IP ranges that should be excluded from testing?
  • Live Hosts
    • Approximately how many active/live devices are expected within the provided IP ranges?
    • Are there specific systems or services that are critical and should be handled with extra care?
  • Testing Schedule
    • Are there any specific dates or time windows when testing should be avoided to prevent disruption to business operations?
    • Do you prefer testing to occur during business hours, after hours, or over a weekend?
  • Reporting Requirements
    • Besides the standard executive summary and technical findings, are there any specific reporting formats, compliance mappings (e.g., NIST, ISO, HIPAA), or additional details you require?
  • Timeline
    • Is there a target completion date for the penetration test and delivery of the final report?
    • Are there any upcoming audits, board meetings, or regulatory deadlines we should be aware of?
  • Existing Security Controls
    • Do you currently have any perimeter security solutions in place (e.g., firewalls, intrusion detection/prevention systems, DDoS protection)?
    • If so, please specify the technologies or vendors used.

OPTION 2 - 🖥️ Internal Network Penetration Testing

  • Network Size & Composition
    • Approximately how many endpoints are on your internal network (e.g., workstations, servers, printers, IoT devices)?
    • Are there multiple network segments or VLANs? If so, how many, and can the appliance be placed to access all segments?
  • Organization Size
    • How many employees currently work at your organization?
  • Testing Logistics
    • Are there specific dates or timeframes when testing should be avoided to minimize disruption to operations?
    • Is remote testing via shipped appliance acceptable, or would you prefer on-site deployment?
    • Will your team be available to assist with appliance setup and network access?
  • Reporting Requirements
    • Beyond the standard executive summary and technical findings, are there any specific reporting needs (e.g., compliance mappings, board-level summaries, remediation guidance)?
  • Timeline
    • Is there a target completion date for the assessment and delivery of the final report?
    • Are there any upcoming audits, compliance deadlines, or internal milestones we should be aware of?
  • Security Policies & Controls
    • Are there any internal security policies, procedures, or change control processes we should follow during testing?
    • What security technologies are currently in place on the internal network (e.g., endpoint protection, network segmentation, IDS/IPS, NAC)?
SCHEDULE NOW
FREE BOOKS AND GUIDES

OPTION 3 - 🌐 Custom Web Application Testing

  • Application Overview
    • What is the name and public URL of the web application you'd like us to test?
    • Please provide a brief description of the application's purpose and its primary users (e.g., customers, internal staff, partners).
  • Functionality & User Interaction
    • Approximately how many interactive pages or components (e.g., forms, buttons, input fields) are present in the application?
    • Are there multiple user roles (e.g., standard users, administrators, vendors)? If so, please describe their access levels and functionality.
  • Integrations & Dependencies
    • Does the application connect to external services or APIs? If yes, can you provide documentation or an overview of these integrations?
    • Are there any third-party components or libraries used within the application that we should be aware of?
  • Testing Logistics
    • Are there specific dates or time windows when testing should be avoided to prevent disruption?
    • Is the application currently in production, staging, or development?
    • Are there any limitations or restrictions on testing (e.g., rate limits, data sensitivity, user impact)?
  • Access & Support
    • Can you provide test credentials for each user role?
    • Is access to source code, application logs, or architecture documentation available to support deeper analysis? (Optional but highly beneficial)
  • Reporting Requirements
    • Do you have any specific requirements for the final report (e.g., executive summary, technical findings, remediation guidance, compliance mapping)?
    • Would you like the assessment aligned with specific standards such as OWASP ASVSOWASP Top 10, or others?
  • Timeline
    • Is there a target date for completing the assessment and delivering the final report?
    • Are there any upcoming audits, product launches, or compliance deadlines we should consider?

OPTION 4 - Commerical Application Microsoft 365 Entra Azure

  • Tenant Overview
    • How many Microsoft 365 tenants (accounts/domains) are currently in use across your organization?
    • Are there any plans to consolidate, migrate, or expand your tenant footprint in the near future?
  • Licensing & User Base
    • What types of Microsoft 365 licenses are currently in use (e.g., E3, E5, Business Premium)?
    • Approximately how many active users are licensed within each tenant?
  • Azure & Cloud Infrastructure
    • Are you utilizing any Azure services beyond Microsoft 365 (e.g., Azure Active Directory, virtual machines, storage, networking)?
    • Are there any hybrid configurations (e.g., on-premises AD sync, Exchange Hybrid)?
  • Integrations & Applications
    • Are there third-party integrations, custom applications, or automation tools connected to your Microsoft 365 environment?
    • If applicable, can you provide documentation or an overview of these integrations?
  • Security & Compliance
    • Are there specific compliance frameworks or regulatory requirements your organization must adhere to (e.g., HIPAA, GDPR, CMMC, ISO 27001)?
    • Are there any internal security policies or controls we should be aware of during testing?
  • Access & Permissions
    • Will our team, as a Microsoft Certified Partner (MCP), be granted GDAP (Granular Delegated Admin Privileges) or equivalent administrative access to the tenant for assessment purposes?
    • Are there any restrictions or limitations on the scope of access?
  • Testing Schedule
    • Is there a preferred timeline or deadline for completing the assessment and delivering the final report?
    • Are there specific dates or timeframes when testing should be avoided to prevent disruption?
  • Reporting Requirements
    • Do you have specific expectations for the final report (e.g., executive summary, technical findings, prioritized remediation guidance)?
    • Would you like the assessment aligned with specific standards such as CIS BenchmarksNIST 800-53, or Microsoft Secure Score?
BOOK YOUR CONSULTATION

OPTION 5 - 📧 Social Engineering (Fake Phishing Tests)

  • Target Audience
    • Approximately how many employees will be included in the phishing simulation?
    • Would you like to target specific departments or user groups differently (e.g., IT, HR, Finance)?
  • Testing Methods
    • In addition to email-based phishing, would you like us to conduct phone-based social engineering (e.g., simulated vishing calls)?
    • Are there any specific scenarios or tactics you'd like us to include (e.g., credential harvesting, fake invoice scams)?
  • Target List
    • Will you provide a list of users to include in the test, or would you prefer we work with your team to identify appropriate targets?
  • High-Risk Roles
    • Are there particular roles or individuals you'd like us to focus on due to elevated access or risk (e.g., executives, finance, HR, IT administrators)?
  • Testing Schedule
    • Are there any dates or timeframes we should avoid conducting the simulation to minimize disruption or conflict with business operations?
  • Reporting Requirements
    • Do you have specific expectations for the final report (e.g., executive summary, detailed findings, training recommendations)?
    • Would you like the results mapped to specific frameworks or standards (e.g., NIST, CIS, or industry-specific compliance)?

OPTION 6 - 📱 Mobile App Testing

  • Application Overview
    • What is the name and platform (iOS, Android, or both) of the mobile application you'd like us to test?
    • What is the primary purpose of the app, and who are its intended users?
  • User Roles & Access
    • How many distinct user roles exist within the app (e.g., standard users, administrators, partners)?
    • Are there any role-specific features or permissions we should be aware of?
  • Functionality & Interaction
    • Approximately how many screens or features involve user interaction (e.g., forms, buttons, file uploads)?
    • Are there any sensitive workflows (e.g., financial transactions, personal data entry) that should be prioritized during testing?
  • Integrations & Connectivity
    • Does the app connect to any external systems, APIs, or cloud services? If so, can you provide documentation or an overview of these integrations?
    • Are there any third-party SDKs or libraries used within the app?
  • Security Controls
    • Does the app implement security features such as certificate pinning, root/jailbreak detection, or obfuscation?
    • Are there any mechanisms in place that restrict external tools or dynamic analysis?
  • Testing Access
    • Can you provide a test build of the app (e.g., APK for Android, IPA for iOS) that can be installed outside of the official app stores?
    • Will test credentials be provided for each user role?
  • Testing Schedule
    • Are there specific dates or timeframes when testing should be avoided to prevent disruption?
    • Is the app currently in production, staging, or development?
  • Reporting Requirements
    • Do you have specific expectations for the final report (e.g., executive summary, technical findings, remediation guidance)?
    • Would you like the assessment aligned with specific standards such as OWASP Mobile Top 10 or OWASP MASVS?
  • Timeline
    • Is there a target completion date for the assessment and delivery of the final report?
    • Are there any upcoming releases, audits, or compliance deadlines we should be aware of?
CONSULTATION

OPTION 7 - 📶 Wireless Network Testing

1. Location Details
  • Please list all physical locations to be tested, including:
    • Full address(es)
    • Type of facility (e.g., office, warehouse, retail, healthcare)
    • Approximate square footage and number of floors per location
2. User & Network Information
  • How many employees or users are typically present at each location?
  • How many Wi-Fi networks (SSIDs) are currently in use?
  • Are guest networks or hidden SSIDs part of the scope?
3. Testing Schedule
  • Are there specific dates or times when testing should be avoided to prevent disruption?
  • Is after-hours or weekend testing preferred?
4. Security & Access
  • Are there any internal security policies, procedures, or access restrictions we should be aware of during testing?
  • Will our engineer be escorted or require special access to certain areas?
5. Reporting & Deliverables
  • Do you have specific requirements for the final report (e.g., executive summary, technical findings, remediation guidance)?
  • Is there a deadline for completing the assessment and delivering the report?
REQUEST FOR QUOTE
FREE BOOKS AND TOOLS

OPTION 8 - 💻🛠️ Device Testing

1. Device Overview

  • What is the name and purpose of the device?
  • Who uses it, and in what environment (e.g., hospital, field, branch office)?

2. Connectivity & Interfaces

  • Does the device connect to the internet, internal networks, or external systems (e.g., APIs, cloud services)?
  • What types of physical ports does it have (e.g., USB, Ethernet)? Are any ports disabled or protected?
  • Does it use wireless technologies like Wi-Fi, Bluetooth, or cellular? If so, how are these secured?

3. User Access & Roles

  • Are there different types of users (e.g., standard, admin, technician)? If so, please describe their access levels.
  • What controls are in place to prevent unauthorized access or tampering?

4. Software & Firmware

  • Can we access the software or firmware for testing? Are there known issues or updates planned?
  • Is the device protected against reverse engineering or external inspection tools (e.g., certificate pinning, encryption)?

5. Data Protection

  • What kind of data does the device collect or process?
  • How is data protected from unauthorized access, tampering, or theft (e.g., encryption, secure boot, access controls)?
  • Is there a recovery process if the device is compromised or fails?

6. Compliance & Standards

  • Does the device need to meet specific industry standards or regulations (e.g., HIPAA, FDA, NIST, MIL-STD, PCI)? If so, can you provide documentation?

7. Testing Logistics

  • Are there specific dates or times when testing should be avoided?
  • Will you provide test units, or do we need to conduct testing on-site?
  • Are there any internal security policies or procedures we should follow during testing?

8. Reporting Requirements

  • Do you have specific needs for the final report (e.g., executive summary, technical findings, compliance mapping)?
  • Is there a deadline for completing the assessment and delivering the report?
REQUEST FOR QUOTE
FREE BOOKS AND GUIDES