
Manual Penetration Testing
We Do Everything the Real Hacker Does, But with Good Intention
Scanners are quicker than humans but not smarter. Don’t play with false-positive security!
- Discover security vulnerabilities in your environment
- Get recommendations on how to fix vulnerabilities that can affect your business
- Increase company trust
- Confirm that all defects were fixed for FREE
Talk to an Expert
We are chosen by industry leaders












Our certifications




Manual penetration testing timeline
Pre-Sale
Pre-Delivery
Execution
Post-Delivery
Duration: ~ 1-2 days
Input: client expectations
Evaluation: scope of work, cost, start date, duration
Outcome: signed contract
Duration: ~ 1 hour
Input: scope of work
Evaluation: list of IPs, web app domains, roles, credentials, accesses, etc.
Outcome: validated and confirmed gathering form
Duration: ~ 3 weeks
Input: validated scope of work and gathering form
Evaluation: executed attacks as stated by scope and rules of engagement
Outcome: penetration test report delivery meeting
Duration: ~ up to 1 month
Input: client request for remediation testing
Evaluation: retest of fixed vulnerabilities
Outcome: remediation report, letter of attestation, UnderDefense verification program
Pre-Sale
Duration: ~ 1-2 days
Input: Client expectations
Evaluation: scope of work, cost, start date, duration
Outcome: signed contract
Pre-Delivery
Duration: ~ 1 hour
Input: scope of work
Evaluation: list of IPs, web app domains, roles, credentials, accesses, etc.
Outcome: validated and confirmed gathering form
Execution
Duration: ~ 3 weeks
Input: validated scope of work and gathering form
Evaluation: executed attacks as stated by scope and rules of engagement
Outcome: penetration test report delivery meeting
Post-Delivery
Duration: ~ up to 1 month
Input: client request for remediation testing
Evaluation: retest of fixed vulnerabilities
Outcome: remediation report, letter of attestation, UnderDefense verification program
See what our clients talk about us
UnderDefense delivered a third-party view of the project’s security side, providing the client with better results and quality than what they received in the past. They also helped the client improve some of their team’s processes, making them more transparent and efficient.
The report was impactful and clearly written. UnderDefense communicated effectively; neither the language nor time difference was a barrier to the successful partnership. The deliverables were affordable and of high quality.
UnderDefense was able to execute the cybersecurity improvements in a very short timeframe, ensuring the platform could pass ongoing penetration testing within a number of weeks. They are collaborative, helpful, and extremely dedicated, working round the clock to meet the project requirements.
FAQ
How much does penetration testing and security assessment cost?
The cost of penetration testing may vary depending on several factors. The key components that determine the scope of work and the price are the number of testing IPs, web applications, and the number of roles and pages per application. Сontact sales to get a quote.
How much time does it take to conduct penetration testing and security assessment?
It takes 2-3 working weeks on average.
When can we get started?
We have a flexible approach, but it all depends on the specific situation. We encourage you to contact sales and we’ll evaluate how quickly we can get started.
How do you transfer and store the testing data?
We transfer results via an encrypted channel and do not store results after testing.
What tools do you use?
We use Kali Linux, OpenVAS, Acunetix, Qualys, WireShark, Nmap, hping3, socat, scapy, Firefox, ike-scan, whois, BeEF framework, Metasploit, PortSwinger Burpsuite PRO, Google, Cain &Abel, Maltego, Paterva, Colasoft Packet Builder, Fiddler, Mantra Security Framework, SAINT, Vega, WebScarab, Xenotix, John the Ripper, Colasoft Capsa Network Analyzer, OWASP Zed Attack Proxy (ZAP), Nikto Web Scanner, THC-Hydra, w3af, SQLmap, Karma, Kismet, NetStumbler, VisualCodeGrepper (VCG), onlinehashcrack.com, sslsplit, Pineapple, Reaver, reaver-wps-fork-t6x, Flawfinder, RATS, FindBugs, CodePro Analytix, PMD, Graudit, wpscan
What penetration testing methodologies do you use?
We follow TOP methodologies like Penetration Testing Execution Standard (PTES), OWASP Top 10 Application Security Risks, OWASP Web Security Testing Guide, Open Source Security Testing Methodology Manual (OSSTMM)