Select a package, verify your domain, pay securely. receive a full security report in 3 to 7 days. No calls required.
// Start your pentest
Authorization agreement included · Domain verification required · Stripe payment
Process
The entire process happens online. From order to report, we handle everything asynchronously.
01
Choose your package, enter the domain you want tested, and sign the authorization agreement digitally.
02
Add a TXT record to your DNS to confirm you own the domain. Takes 2 minutes. No ownership, no test.
03
Our senior testers execute the full assessment. You get a progress update when we start and when we finish.
04
Get a full technical + executive report by email. Retest of critical findings is included at no extra cost.
What you get
Each package is designed for a specific stage. Here's exactly what you get. plain language.
You've built an MVP or early product and you want to know what vulnerabilities are out there before a customer or investor asks. This is your first security checkpoint. Fast, affordable, and actionable.
What you receive
You're past MVP. You have paying customers, an API, multiple user roles, and business logic that could be exploited. This assessment goes deep. The way a real attacker would. gives you the documentation you need for your next funding round.
What you receive
You're raising a large round, closing an enterprise deal, or going through a SOC2 audit. You need a comprehensive assessment of your entire attack surface: web, API, and cloud infrastructure, with documentation that satisfies auditors and investors.
What you receive
Coverage
Every engagement covers the attack surface that matters for your stage, from OWASP Top 10 to cloud infrastructure.
Typical finding distribution
Based on average across engagements · results vary by target
Packages
Fixed prices. No negotiation, no hidden fees. What you see is what you pay.
Starter
Early-stage startups · MVP / pre-seed
Includes
Most Popular
Startups in production · Seed → Series A
Everything in Starter, plus
Enterprise
SOC2 / due diligence · Series A+
Everything in Scale, plus
Security & legal
Every engagement is covered by a formal authorization process so testing is always legal, documented, and traceable.
Before any payment is processed, you digitally sign a Scope of Work + Authorization Agreement. This confirms you own or have legal permission to test the target system.
We require a DNS TXT record verification before starting any test. The same method Google uses. If you can add it, you own the domain. No exceptions.
All findings are encrypted in transit and at rest. Your report is sent only to you. We sign an NDA as part of every engagement. Your data never leaves our secure environment.
FAQ
Get started
No calls. No waiting. Your report delivered in days.
Start a pentest nowFrom $3,500 · 3–7 day delivery · Retest included