Services
Three levels, one methodology.
Start by seeing your exposure without touching anything, catch the obvious with a hand-triaged scan, or move to a real manual pentest when the risk justifies it.
Level 1 · Free
External Exposure Report
48 business hours
FreeNo commitment, no card
A passive, non-intrusive review of your site's visible security configuration.
- SSL/TLS certificate and configuration
- HTTP security headers
- CSP policy and SRI integrity
- JavaScript libraries with known vulnerabilities
Request free report
Your first look, risk-free
Level 2 · Automated
Vulnerability Scan
1–2 business days
From €390 + VATFixed price once scope is defined
A professional scanner on your web or API, with every finding manually reviewed and triaged.
- Professional vulnerability scanner (OWASP Top 10)
- Manual triage: we discard noise and false positives
- Report prioritized by severity
- Short results meeting
Request scan
Ideal as a periodic checkup
Level 3 · Real pentest
Full Manual Pentest
1–2 weeks depending on scope
From €1,490 + VATFixed price once scope is defined
A real manual pentest: exploitation, business logic, escalation and chaining of vulnerabilities.
- Real exploitation and proof of concept for every finding
- Business-logic and access-control flaws
- Technical report + executive summary + remediation
- Results meeting + re-verification report
Request pentest
Recommended before production or audits
Comparison
The three levels, side by side.
Fixed price always, before we start
Free report48h · free
- What it analyzes
- Security configuration visible from outside
- Method
- Passive, non-intrusive
- False positives
- Possible (not verified)
- Deliverable
- Short report by email
- Meeting
- —
Vulnerability scan1–2 days · from €390 + vat
- What it analyzes
- Common vulnerabilities in web and API
- Method
- Automated scanner + manual review
- False positives
- Filtered by hand
- Deliverable
- Report prioritized by severity
- Meeting
- Short, results
Full pentest1–2 weeks · from €1,490 + vat
- What it analyzes
- Everything above + business logic and access control
- Method
- Manual pentest with real exploitation
- False positives
- Zero: every finding proven with PoC
- Deliverable
- Technical report + executive summary
- Meeting
- Results + follow-up verification
Not sure which level fits?
Tell us what you have and what worries you. We'll tell you, with no commitment, which level really suits you — or if you don't need one.