Every organization is different. Some need a focused test of a single application, others want a deeper look at their network or people. Below is a quick overview and a simple “scope helper” to point you toward the service that usually fits best.
Pick the option that sounds closest to what you’re worried about:
Comprehensive testing of web apps using techniques inspired by the OWASP Testing Guide. I look for:
You receive a report mapped to risk, with clear examples, impact, and remediation steps your developers can action.
Typical range: €350 – €900 for small sites, €900 – €1,800 for larger or more complex applications.
APIs are often the real backbone of modern apps — and a favorite target. I assess your APIs for:
Typical range: €450 – €1,200 depending on the number of endpoints and authentication complexity.
I simulate how an attacker would explore your network and services, within a clearly defined scope. This includes:
Typical range: €500 – €1,500 depending on the number of hosts and internal vs. external scope.
Technical controls can be strong, but people are always in the loop. I can run controlled, authorized social engineering and phishing simulations to:
Typical range: €250 – €750 for phishing simulations, €750 – €1,400 for multi-step social engineering scenarios.
For organizations that want to go further, I design scenario-based engagements that:
Typical range: €1,200 – €3,500 depending on objectives, targets, and level of stealth required.
Every engagement ends with:
Included with every engagement. Optional remediation re-testing typically ranges from €150 – €450 depending on scope.
Cybersecurity is no longer a “big company only” problem. Automated tools constantly scan the internet, looking for any system that’s exposed or misconfigured — regardless of your size or industry.
Almost every internet-facing service is regularly scanned and probed by automated bots looking for known weaknesses and outdated software.
Many real-world breaches start with a simple human mistake — a weak password, a reused credential, or a phishing email that slipped through.
Public vulnerabilities (CVEs) are quickly weaponized. Unpatched systems remain attractive targets long after a fix is released.
By proactively testing your defenses, you shift from reacting to incidents to preventing them — with a clear list of what to fix first.
The goal of my services is to translate this reality into a practical roadmap: where you’re strong, where you’re weak, and how to improve before an incident forces the issue.