Common questions about pentesting, how we work, what it costs, and what to expect.
Think of it as a controlled break-in. We get your permission, then try to hack into your systems the same way a real attacker would. The difference is we document everything we find and show you exactly how to fix it. The whole point is to find the holes before someone with bad intentions does.
It depends on what we're testing. A focused external test usually takes 2-3 days, and you'll have a report within a week. A full-scope assessment runs 4-5 days of active testing, with the report following in 10-14 days. Bigger environments take longer. We'll give you a clear timeline before anything starts.
A vulnerability scan is software running on autopilot. It flags known issues but doesn't verify them or show what an attacker could actually do with them.
A pentest is hands-on. We manually dig into your systems, chain vulnerabilities together, escalate privileges, move laterally, and show you the real-world impact. It's the difference between a checklist and someone actually trying to break in.
Not much. We'll need to know what's in scope (which systems, apps, or networks you want tested), an emergency contact in case something goes sideways, and sign-off from whoever needs to approve it. If we're testing internally, we'll need network access. For web apps, we might need login credentials. That's about it.
Every engagement is different, so we don't do fixed packages or tiers. Price depends on how big your network is, how many apps are in scope, whether cloud is involved, and any compliance requirements. We'll hop on a short call, figure out what you actually need, and send you a proposal with clear pricing. No hidden fees.
Email us at [email protected] to get the conversation started.
You get two things in one report. There's an executive summary your leadership can actually read, plus a deep technical section with every finding, proof-of-concept screenshots, risk ratings, and clear fix instructions. We also include business impact context so you can prioritize what matters most.
If you need the report formatted for insurance or compliance audits, we do that too.
Send us an email at [email protected] or fill out the form on our site. We'll set up a quick call to talk through what you're looking for. Within 48 hours you'll have a proposal with scope, methodology, timeline, and cost. Once you approve, we sign an NDA and get to work.
Yes. Once your team fixes the issues we found, we'll retest to make sure the fixes actually hold up. It costs a fraction of the original test. It also catches cases where a fix accidentally introduced something new.
More and more, yes. A lot of cyber insurance carriers now require a pentest or at least a vulnerability assessment before they'll write a policy or give you a decent rate. Our reports are formatted so insurers can actually use them.
Check with your broker on the specifics, and we can scope the test to match what they're asking for.
Yes. We test the things HIPAA cares about: access controls, encryption, audit logging, data integrity. And we deliver the results in a format that fits into your compliance documentation. If you have BAA requirements, we can work within those too.
We do. When compliance is part of the scope, we align our testing to SOC 2 controls like access management, monitoring, change management, and vulnerability management. The report is structured so your auditor can plug it right into your SOC 2 Type II documentation.
If you handle payment card data, we can run PCI-DSS-compliant pentests. That covers segmentation testing, payment data security checks, and all 12 control areas. We format the report so you can hand it to your QSA or use it for internal remediation tracking.
You work directly with the person doing the testing. We don't hand you off to a subcontractor or a junior analyst. The same OSCP and CRTO certified tester who runs your assessment is the one you'll talk to about findings. That means faster answers and someone who actually knows your environment.
OSCP (Offensive Security Certified Professional) and CRTO (Certified Red Team Operator). Both are hands-on, practical exams. You don't pass them by memorizing flashcards. They require actually breaking into systems under exam conditions, which is exactly what we do for clients.
We're based in Maryland and do a lot of work with businesses in the DMV area (Maryland, D.C., Northern Virginia). But most of our testing is done remotely, so location doesn't really matter. We work with clients across the country.
Yes. AWS, Azure, GCP. We look at misconfigurations, IAM policies, container security, serverless functions, and anything else running in your cloud. Just tell us what platform you're on and we'll put together a proposal.
Always. We sign a mutual NDA before every engagement. Everything we find stays between us. Reports are delivered securely and they belong to you. We don't share client info or findings with anyone, period.
You get the report, and then we hop on a call to walk through it together. We'll help you prioritize what to fix first and answer any questions your team has. After you've done the remediation work, we can retest to confirm everything is solid. If you want ongoing testing on a regular schedule, we can set that up too.
Yes. Red teaming goes beyond a standard pentest. We simulate a real adversary across multiple attack vectors: social engineering, phishing, persistence, lateral movement. The goal is to test how well your team detects and responds to an actual attack. Get in touch if you want to talk scope and pricing.
We only access what's necessary for the test. We don't copy or pull production data. All findings and reports are encrypted. Communications go through secure channels. And we follow strict ethical guidelines throughout. Your data stays yours.