Integrity with how we work, and how we price

Project-based approach

Internal facing report with steps to mitigate

External facing report to prove security maturity

Remediation support around identified vulnerabilities

Read out report meeting with our team

1X rounds of retesting included

2x or 4x penetration tests throughout the year

Advanced threat modelling

Team rotation for fresh perspectives

Continuous access to our team via Slack integration

Unlimited retesting on fix verification & new releases

Security consulting hours

Automated vulnerability management and observability via Portal

Continuously updated external facing reports to prove security maturity

Network information gathering

Network scanning and host identification

Assess network security segregation (segmentation testing) and attack detection controls

Uncover misconfigurations or vulnerabilities in systems for potential point of entry

Pentesting assisted code review

3rd party libraries identification

CVE discovery and validation

Commercial static code analysis

Manual verification of all vulnerabilities found

Targetted manual code review based on risk

Resource segregation review including network segmentation

Configuration settings review

Tracking and logging observability verification

Logging and observability verification

Access hardening

Network segregation

Redundancy, including autoscaling and backups

Instructor led

Hands on exercises

5 courses available, including Capture the flag (CTF)

Mapped to OWASP Top 10

Recent cyber breaches covered due to common vulnerabilities

Meet compliance standards (SOC 2, HIPAA, ISO 27001, PCI)

Language agnostic as well as .NET, Java content

Flexible delivery model

Attendance management and certificates

Perform asset inventory

Identify threat actors

Review topology and architecture diagram

Connection and data flow analysis

Apply STRIDE to discover abuse cases

Assess risk and determine priorities