Penetration testing
Penetration testing,
as a monthly service.
Real testers - not a scanner with a dashboard. Every month we manually attack your apps the way an adversary would, retest every fix for free, and hand your engineers a report they can act on. The same people who build our open-source tooling do the work.
What every engagement includes
Methodology stays the same across tiers - the tiers only change scope, depth, and cadence.
manual testing
Hands-on testing by a human tester across the OWASP Top 10, authentication, access control, and business-logic flaws automated scanners miss.
free retests
Fix a finding and we re-verify it at no extra cost. You only close a ticket once we confirm the issue is actually gone.
developer-ready reports
Every finding ships with reproduction steps, impact, and a concrete fix - written for the engineers who have to remediate it, not just for an auditor.
a direct line
Talk to the tester who found the bug. No ticket queue, no account-manager telephone game.
Monthly plans
Starter
$1,500/mo
One app, tested every month.
- 1 web app or domain
- Manual OWASP Top 10 + business-logic testing
- Free retest of every fix
- Monthly developer-ready report
- Email support
Most popular
Professional
$4,000/mo
Broader scope, deeper access, faster loop.
- Up to 3 apps or domains
- External + authenticated testing
- API + cloud-configuration review
- Monthly report + remediation call
- Shared Slack channel for live findings
Enterprise
$9,000/mo
Continuous testing across everything you run.
- Unlimited scope
- Internal + external testing
- Scheduled red-team exercises
- Dedicated tester + remediation SLAs
- Custom-branded reports, continuous retesting
All plans are billed monthly and cancel anytime. Need a one-off assessment, a custom scope, or testing under NDA? Email us and we'll scope it.