Pricing

The quality of Security Assessment is more important to us and more meaningful to you. Based in Singapore, we focus more on the quality of the works.

Security issues are classified into Critical, High, Moderate and Low risk findings. Besides detailed security report with finding descriptions, proofs and recommendation, we could advise you how to fix and mitigate the security issues.

Please contact us to get an exact quotation for your projects at a good pricing.

1. Penetration Testing (PT)

After Vulnerability Assessment, Penetration Testing will further help you to understand fully how your websites, mobile applications, operating systems and networks could be exploited using hackers’ techniques
ItemDescriptionItem Price
Web Penetration Testing (Web PT)Security researchers to manually reveal security vulnerabilities in web sites.

Detail security assessment report will be given.
- Testing type: Grey-box
- Penetration testing in both auto and manual modes
- Reports with detail findings, proofs and recommendation
- Follow OWASP Web Top 10 Standard
- Malicious Input Checks
- Session Violation checks
- Access Control Security Analysis
- Testing to be done in Staging or Production environment
- 2 tests and reports performed: before and after defect fixing
Contact us

Public pages and after-login pages will be counted as 2 websites.
Mobile Penetration Testing (Mobile PT): iOS app OR Android appSecurity researchers to manually reveal security vulnerabilities in iOS and Android applications.

Detail security assessment report will be given.
- Testing type: Grey-box
- Penetration testing in manual and auto modes
- Reports with detail findings, proofs and recommendation
- Follow OWASP Mobile Top 10 Standard
- Dynamic Runtime Analysis (Debugging, Memory analysis, IPC mechanisms and app components)
- Network Analysis (Certificate pinning, …)
- Static Analysis (Reverse Engineering)
- Fuzzing APIs called from own mobile apps.
- Testing to be done in Staging or Production environment
- 2 tests and reports performed: before and after defect fixing
Contact us

One Android app and one iOS app for the same app will be counted as 2 apps.

2. Vulnerability Assessment (VA)

Vulnerability Assessment is often a starting point in cyber security tests. Your websites, operating systems and networks will be scanned for known and common vulnerabilities.
ItemDescriptionPrice
Web Vulnerability Assessment (Web VA)Vulnerability scans use automated tools, with some manual support, to identify known weaknesses in a target enterprise.

Detailed reports will be provided.
- Testing type: Grey-box
- Reports with detail findings, proofs and recommendation
- Follow OWASP Web Top 10 Standard
- Injection
- Broken Authentication and Session Management
- Cross-Site Scripting
- Insecure Direct Object References
- Security Misconfiguration
- Sensitive Data Exposure
- Missing Function Level Access Control
- Cross Site Request Forgery (CSRF)
- Using Components with Known Vulnerabilities
- Unvalidated Redirects and Forwards
- Testing to be done in Staging or Production environment
- 2 tests and reports performed: before and after defect fixing
Contact us
OS Vulnerability Assessment (OS VA)Vulnerability scans use automated tools, with some manual support, to identify known weaknesses in a target enterprise.

Detailed reports will be provided.
- Testing type: Grey-box
- Reports with detail findings, proofs and recommendation
- Follow OWASP Top 10 Standard
- Check for open ports
- Check access for services
- Check for outdated components
- Check for components with known vulnerabilities
- Testing to be done in Staging or Production environment
- 2 tests and reports performed: before and after defect fixing
Contact us

3. Source Code Review

Source code review is the process of auditing the source code for an application to verify that the proper security controls are present, that they work as intended, and that they have been invoked in all the right places.

ItemDescriptionItem Price
Source Code ReviewSecurity experts in software and security team manually review source code for security holes.

Detailed reports will be provided.
- Testing type: White-box
- Source code review in both auto and manual modes
- Reports with detail findings, proofs and recommendation
- Testing to be verified with live system in staging or produciton environment
- 2 tests and reports performed: before and after defect fixing
Contact us

4. System Configuration Review

A system and configuration review audits and technically tests a network system, server or device to ensure it meets current security standards along with any applicable security policies.

ItemDescriptionItem Price
System Configuration ReviewSecurity experts in software and security team manually extract the system configuration and review the configuration based on CIS bendmark framework.

Detailed reports will be provided.
– Testing type: Grey-box
– Reports with detail findings, proofs and recommendation
– Follow CIS Benchmark Framework
– User Configuration
– Mandatory Access Control Configuration (features and roles)
– Ensure updates, patches and additional security software are installed
– Service Configuration
– Logging and Auditing
– Remote Access Hardening
– Software Configuration (i.e. databases)
– Access, Authentication, and Authorization
– Network Time Protocol Configuration
– Network Configuration
– Firewall Configuration
– Testing to be done in Staging or Production environment
– 2 tests and reports performed: before and after defect fixing
Contact us

5. Onsite VAPT Support

Basic VAPT support is provided at customer site in Singapore for initial connection and basic tasks.

ItemDescriptionItem Price
Onsite VAPT Basic SupportSecurity engineer will perform basic VAPT support tasks at customer site.
– To perform basic VAPT tasks at customer site
– To setup remote connection to remote VAPT experts
– To collect the raw reports and system configurations back for further assessment and reporting
– Support hours: Mon-Fri, 9am-6pm
Contact us
Onsite VAPT Expert SupportSecurity researcher will perform VAPT tasks at customer site.
– For isolated production systems
– To perform all VAPT tasks at customer site
– To collect the raw reports and system configurations back for further assessment and reporting
– Support hours: Mon-Fri, 9am-6pm
Contact us