Full manual pentest.

A real manual pentest: exploitation, business logic, privilege escalation and vulnerability chaining. What no scanner will find.

Duration
1–2 weeks
Price
From €1,490 + VAT

How we work on every pentest.

Step 01

Reconnaissance

Attack-surface mapping: endpoints, parameters, roles, integrations, authentication and authorization flows.

Step 02

Manual analysis

Testing guided by OWASP ASVS, OWASP Top 10, OWASP API Top 10 and PTES. Without relying on scanners.

Step 03

Exploitation and PoC

Every finding proven with a proof of concept. Zero false positives. We document the real impact.

Step 04

Chaining

We look for how an attacker would combine several flaws to reach the worst-case scenario.

Step 05

Business logic

Bypassing critical flows, abusing legitimate features, race conditions, price or role manipulation.

Step 06

Re-verification

Once you fix the findings, we test again to confirm the remediation is effective.

What you get at the end.

Auditable documentation, ready to show clients, vendors or an external auditor.

Detailed technical report with every finding, evidence and PoC

Executive summary aimed at management and non-technical stakeholders

Concrete remediation steps per finding, not generic ones

Results meeting (60 min) + re-verification report

Summary of what's included
  • ·Real exploitation and proof of concept for every finding
  • ·Business-logic and access-control flaws
  • ·Technical report + executive summary + remediation
  • ·Results meeting + re-verification report

What people usually ask about this service.

How is this different from an automated scan?+
A scanner detects known patterns. A manual pentest reasons like an attacker: it chains flaws, abuses business logic and tests scenarios no scanner considers. If your app handles money, sensitive data or critical decisions, this is what you need.
How long does it take?+
Between 1 and 2 weeks for a medium-sized application. For large or highly critical scopes it can take longer. We give you a fixed date after the scoping call.
Do you work with source code or black box?+
By default grey box: we ask for credentials for the different roles so we can test access control thoroughly, but we don't need source code. If you give it to us (white box) we go further in the same time. Your call.
Will it affect production?+
We agree the window and intrusion level with you. If you prefer staging, perfect. If we must test in production, we do it with surgical care and alert you in real time to any critical finding.

Ready for a real pentest?

Tell us what you want to protect. We reply within 24h with a scope proposal, date and fixed price.