We do quality pentests much faster and cost effective than the traditional approach. Our consultants achieve this by combining their advanced technical skills with the power of Pentest-Tools.com. You get an accurate security posture of your web application and actionable recommendations for improving it.
Traditional Pentesting vs our Managed Pentesting Service
“ Companies should realize that up to 85% of servers and infrastructures are vulnerable to attack. “
Razvan Ionescu - Sr. Penetration Tester
Frequent questions we get
Who performs these tests?
The penetration testers performing the assessments are the best in industry and they have the following certifications:
What testing methodologies are you using?
We combine our own expertise with well known methodologies such as the OWASP Testing Guide and the Penetration Testing Execution Standard. The tests are performed both manually and automatically and we validate all the findings returned by the security scanners. Depending on the complexity and the time available, we also try to demonstrate the vulnerabilities by providing small proof-of-concepts.
How long does it take?
The pentest is performed in a fixed-interval schedule of 24 hours. We are focusing on the key aspects of application security and we're able to offer a comprehensive picture of the relevant security issues that affect your web application. The report will be delivered in maximum 72 hours after the test is completed.
What does the report contain?
The deliverable of this penetration test is a pdf report containing all the necessary information for you to understand, reproduce and fix the vulnerabilities. Here you can see more details about the report.
Is this actually a Vulnerability Assessment?
No. Exploitation makes the difference between a vulnerability assessment and a penetration test. Furthermore, exploitation is necessary to prove the real risk of a vulnerability instead of just estimating it. In our pentests we do limited exploitation (time-bound) but enough to understand the risk of the vulnerability. For the high-risk issues, you will receive basic Proof-of-Concepts that show how to trigger the vulnerabilities and how a basic exploitation can be performed.
What approvals do I need?
You need to have explicit authorization from the owner of the target system in order to test it. If you are using a shared hosting or managed service (ex. Amazon, Azure, etc) you need to ask and obtain explicit permission for the test.
Can I have a pentest against a client system?
Yes, of course. You can test your clients' systems as long as you have authorization from them to do that. This scenario is mostly applicable to consultancy companies, web development agencies or managed service providers.
How can you do it so cost effective?
Since we are using the platform Pentest-Tools.com for scanning, aggregating results and reporting, the time for an engagement is significantly decreased. This allows us to do highly focused manual work to test the important aspects and not waste time with setup, configurations, data gathering and manual reporting.
How does the payment work?
After you submit your pentest request, you will receive a link where you can do the payment. All payments are performed via FastSpring, which gives you the option for Credit Card, PayPal, WireTransfer, etc.
Is re-testing included in this price?
You have one re-test included in this price. Re-testing means punctual re-verification of all the findings mentioned in our initial report (re-testing is not a full pentest). The result of a re-test will be an email with the status of each finding (Fixed / Not fixed) and a short explanation for each one.
What if I have more questions?
Please use this contact form to ask us additional questions and we will happily respond and clarify them.
What our customers say about Pentest-Tools.com
NextWave has relied on Pentest-Tools.com for several years now. I’ve tried some of the other pentest systems, but none have the exceptional breadth of quality tools AND reasonable pricing we can afford.
This makes Pentest-Tools.com a core part of our company’s network security offering.
I highly recommend Pentest-Tools.
Charles A. Christenson, President
NextWave Consulting, Inc.
Qcast is keen on using Pentest-Tools.com because it provides a complete and easy to use in-depth analysis of our public web applications. With it we were able to check for vulnerabilities and stay secure.
Paul Liebregts, Technical Director
We have been using Pentest-Tools.com for several years. It is one of those tools that any business owner or manager without technical knowledge can run to get a complete “health” picture of their site. We were able to fix many issues and stay ahead of any bad things that might happen to our website.
Kevin "Bao" Huynh, President
The Nail Superstore
Request a Web Application Penetration Test
Please use the form below to send us your request. We will respond shortly with a proposed plan, terms of service and payment details.
It is mandatory that you have explicit permission to have a penetration test performed against the target system.
If the system is on a shared web hosting (or is a managed service) you must notify and have permission from the provider of the service.
It is highly recommended to have a working backup of the target system. While the chance of anything bad happening is very low, you should know that penetration testing is inherently intrusive and there is a chance that the target system could be negatively impacted by the assessment.
Detailed Penetration Testing Report delivered within 72 hours.
Report will contain manually verified findings and recommendations for fixing the vulnerabilities.
Clarifying questions to be conducted via email.
Test duration is 24-hours per target.
Trusted by experts at :
How do credits work?
As an anonymous user, you get 40 free credits every 24 hours.
Whenever you use one of the tools, its cost in service credits is deducted from your current balance. If your balance runs out, you will get more free credits at the end of the 24-hour period.
If you need more credits per day, you can buy them from our pricing page.