Pricing & guarantees
What does "zero findings, zero cost" mean?
If our AI-driven assessment runs its full course and uncovers no exploitable vulnerabilities in your environment, you owe nothing. This guarantee applies to all one-time test purchases — not to 3-year contracts, which are already priced at a significant discount.
Can I upgrade from a one-time test to a 3-year contract?
Yes. If you've already run a one-time test and want to lock in the contract rate, we'll apply a credit toward your first year. Reach out to and we'll handle the transition.
Are there any hidden fees?
No. The price you see is the price you pay. Retesting within 90 days is included at no extra cost, and compliance-ready reports are part of every engagement — not an add-on.
Timelines & process
How long does a test take?
Most engagements deliver an initial report within 48 hours. Full compliance-ready reports — including remediation guidance — are typically delivered within 5 business days. We're significantly faster than traditional manual pentests, which often take weeks to complete.
What's included in the 90-day retesting?
After you remediate findings, you can request a free retest of any flagged vulnerability within 90 days of your original report. This confirms your fix is effective and keeps your audit documentation clean.
Fill out the contact form on our homepage and describe your environment and goals. We'll respond within one business day to scope the right engagement for you. No sales calls required to get a quote.
Scope & coverage
Which compliance frameworks do your reports support?
Our reports are structured to meet SOC 2 Type II, ISO 27001, HIPAA, GDPR, and PCI-DSS requirements, among others. If you have a specific framework your auditor requires, let us know during scoping and we'll tailor accordingly.
Do you test internal or cloud infrastructure?
Our external network test covers your internet-facing perimeter. Active Directory and internal network testing are coming soon. For cloud environments (AWS, GCP, Azure), discuss scope during your initial consultation — many cloud misconfigurations are covered under our web app and network assessments.
What testing methodologies do you support?
We support blackbox (no prior knowledge), whitebox (full access to source and architecture), and greybox (partial knowledge) testing for web application engagements. External network tests are blackbox by nature. You can specify your preferred methodology when scoping.
What types of vulnerabilities do you test for?
Web application tests cover OWASP Top 10, business logic flaws, authentication and session vulnerabilities, API and GraphQL weaknesses, and IDOR. Network tests cover exposed services, CVE exploitation, MFA bypass, and shadow IT discovery. Both include proof-of-concept exploits for every validated finding.