Penetration Testing Services

We Do Everything the Real Hacker Does, But with Good Intention

Scanners are quicker than humans but not smarter. Don’t play with false-positive security!

Discover security vulnerabilities in your environment
Get recommendations on how to fix vulnerabilities that can affect your business
Increase company trust
Confirm that all defects were fixed for FREE

Talk to an Expert

We are chosen by industry leaders

Our certifications

Penetration testing timeline

Pre-Sale

Pre-Delivery

Execution

Post-Delivery

Duration: ~ 1-2 days
Input: client expectations
Evaluation: scope of work, cost, start date, duration
Outcome: signed contract

Duration: ~ 1 hour
Input: scope of work
Evaluation: list of IPs, web app domains, roles, credentials, accesses, etc.
Outcome: validated and confirmed gathering form

Duration: ~ 3 weeks
Input: validated scope of work and gathering form
Evaluation: executed attacks as stated by scope and rules of engagement
Outcome: penetration test report delivery meeting

Duration: ~ up to 1 month
Input: client request for remediation testing
Evaluation: retest of fixed vulnerabilities
Outcome: remediation report, letter of attestation, UnderDefense verification program

Pre-Sale

Duration: ~ 1-2 days Input: Client expectations Evaluation: scope of work, cost, start date, duration Outcome: signed contract

Pre-Delivery

Duration: ~ 1 hour Input: scope of work Evaluation: list of IPs, web app domains, roles, credentials, accesses, etc. Outcome: validated and confirmed gathering form

Execution

Duration: ~ 3 weeks Input: validated scope of work and gathering form Evaluation: executed attacks as stated by scope and rules of engagement Outcome: penetration test report delivery meeting

Post-Delivery

Duration: ~ up to 1 month Input: client request for remediation testing Evaluation: retest of fixed vulnerabilities Outcome: remediation report, letter of attestation, UnderDefense verification program

See what our clients talk about us

UnderDefense delivered a third-party view of the project’s security side, providing the client with better results and quality than what they received in the past. They also helped the client improve some of their team’s processes, making them more transparent and efficient.

Tom Godfrey

VP of Technical Services, Teamwork Commerce

The report was impactful and clearly written. UnderDefense communicated effectively; neither the language nor time difference was a barrier to the successful partnership. The deliverables were affordable and of high quality.

Shad Stafford

Vice President, Engineering, Palo Alto Software

UnderDefense was able to execute the cybersecurity improvements in a very short timeframe, ensuring the platform could pass ongoing penetration testing within a number of weeks. They are collaborative, helpful, and extremely dedicated, working round the clock to meet the project requirements.

Margaret Audet

President, Market Access Direct, LLC

FAQ

How much does penetration testing and security assessment cost?

The cost of penetration testing may vary depending on several factors. The key components that determine the scope of work and the price are the number of testing IPs, web applications, and the number of roles and pages per application. Сontact sales to get a quote.

How much time does it take to conduct penetration testing and security assessment?

It takes 2-3 working weeks on average.

When can we get started?

We have a flexible approach, but it all depends on the specific situation. We encourage you to contact sales and we’ll evaluate how quickly we can get started.

How do you transfer and store the testing data?

We transfer results via an encrypted channel and do not store results after testing.

What tools do you use?

We use Kali Linux, OpenVAS, Acunetix, Qualys, WireShark, Nmap, hping3, socat, scapy, Firefox, ike-scan, whois, BeEF framework, Metasploit, PortSwinger Burpsuite PRO, Google, Cain &Abel, Maltego, Paterva, Colasoft Packet Builder, Fiddler, Mantra Security Framework, SAINT, Vega, WebScarab, Xenotix, John the Ripper, Colasoft Capsa Network Analyzer, OWASP Zed Attack Proxy (ZAP), Nikto Web Scanner, THC-Hydra, w3af, SQLmap, Karma, Kismet, NetStumbler, VisualCodeGrepper (VCG), onlinehashcrack.com, sslsplit, Pineapple, Reaver, reaver-wps-fork-t6x, Flawfinder, RATS, FindBugs, CodePro Analytix, PMD, Graudit, wpscan

What penetration testing methodologies do you use?

We follow TOP methodologies like Penetration Testing Execution Standard (PTES), OWASP Top 10 Application Security Risks, OWASP Web Security Testing Guide, Open Source Security Testing Methodology Manual (OSSTMM)