Ensure your software security regularly

Make your software secure with a white-box pentest, security code review, AppSec recommendations, overall quality audit, compliance check and more.

Choose Plan
WHAT DID WE TEST

Source Code Without Vulnerabilities: White-Box Pentest

Most of the bugs and vulnerabilities are context based. It could be a form of logic bug, business logic flaw, authorization or authentication issue and so on. White-box pentest is a combination of security code review and penetration testing designed to find (not only) these context based issues. We look at your source code, identify potential weaknesses and exploit them. We know your source code is highly sensitive so before we start a cooperation we sign an NDA and other important documents.

Compliance With Industry Standards and Regulations

Let us check your software is compliant with industry standards like ISO 27001, NIST, NIS2, etc., certifications like SOC2 and regulations like GDPR, PCI DSS, HIPAA and more. We can help you ensure compliance with white-box pentest, overall software quality audit and detailed security recommendations. We can also help you with the implementation process or technical consultations.

Vulnerability Scanning and Reporting

Part of the quality and security testing is scanning for vulnerabilities. It is not just a major compliance component. Vulnerability scanning help us to find bugs that are not related to the context (SQL injection, XSS...). It can also find bugs in your third-party libraries which is very important (at least 90 % of your software are third-party libraries). Scanning is not so effective by itself because it produces a lot of false positives. That is why we are here - we report only bugs that are real, not false positives.

Do We Support Your Tech Stack? We Hope So!

We are experts in several programming languages. Our pentesters are active developers with more than 10 years of experience. Our expertise are backends, APIs, microservices but also frontends. We support these programming languages and technologies: Node.js, JavaScript, TypeScript, Java, .Net, Rust, PHP and React. We have no problem with REST, GraphQL, gRPC and more. Thanks to our knowledge, experience and software engineering skills we can ensure not only security of your software but its quality too.

Plans & Pricing

Listed prices are without VAT. See our subscription model.

Starter

€5.990 /year
Best option for small and mid-sized companies without major compliance needs.
1 vulnerability scan per month
1 authorization & authentication white-box pentest per year
1 re-test per year
dedicated pentesters based on your needs and scope
general recommendations to fix findings
regular communication via e-mail
NIS2 compliant report
Regular email communication
Technologies: Node.js (Javascript, Typescript), PHP (Symfony), React (Javascript, Typescript)
Choose Plan

Professional

€8.990 /year
Best option for small and mid-sized companies with compliance needs.

All from Starter included.
1 app compliance check (GDPR, PCI, HIPAA, ISO, SOC...) per year
2 re-tests per year
authentication & authorization white-box pentest every 6 months
white-box pentest of 3 critical functions / pages / endpoints every 6 months
detailed recommendations to fix findings
Regular email communication
Technologies: Node.js (Javascript, Typescript), PHP (Symfony), React (Javascript, Typescript)
Choose Plan

Enterprise

€12.990 /year
Best option for mid-sized and large companies with compliance needs and sensitive software.

All from Professional included.
2 app compliance checks (GDPR, PCI, HIPAA, ISO, SOC...) per year
4 re-tests per year
authentication & authorization white-box pentest every quarter
white-box pentest of 4 critical functions / pages / endpoints every quarter
code quality and S-SDLC recommendations
Regular Slack or email communication
Technologies: Node.js (Javascript, Typescript), PHP (Symfony), React (Javascript, Typescript), Java, .NET, Rust
Choose Plan
Need something special? Please contact us.

How Does It Work?

Choose Plan

FAQ

How do you guarantee security of our data when you have access to our source code?

Before we get an access to your source code, we will sign an NDA contract and any other contracts you might want to sign. We don’t share your code with anyone (nor with automated tools) before your explicit permission. We comply with cybersecurity best practices during the work. We also have a strong security policy which we will share with you.

Why should I use this PTaaS service?

It is hard to find cybersecurity professionals these days or they don’t have the capacity to serve you ASAP. With PTaaS you reserve our cybersecurity professionals for year or more! They help you to stay compliant and secure all the time.

What if I need just one pentest, not a long term cooperation?

It is totally fine. Just order the package that suits your needs the most and then cancel the subscription. If you have any special requirements, contact us via form and we will design the right service for you.

Is it possible to personalize the service a bit?

Of course. We can do minor changes to personalize the service for you. Imagine Professional plan for example. We can perform a pentest of 6 features at once instead of 3 each 6 months. Let's discuss it.

Is it possible to split payments?

No it's not possible. It's possible only in custom plan.

How can I cancel the service / order?

Just cancel the subscription and stop paying. You don't have to give us any reason.

When do you start testing?

It's on you. We will be in touch so you can tell us when to start.

Can you help us with other cybersecurity requirements?

We can help you with AppSec, secure coding training, compliance and more. Let's discuss the cooperation.

Who is the service operator?

The service operator is Štefan Prokop, a founder of Czech AppSec project called Bezpečný kód, software developer, pentester, OWASP and ICS(2) member from Czechia. Check out his references and testimonials.

Choose Plan
Copyright 2023 Štefan Prokop. All Rights Reserved.