top of page
For companies that want certainty about their application security.

Application Pentest: Discover vulnerabilities in your SaaS platform.

✔ Fixed rate of €5,500
✔ Completed within 3 weeks
✔ Full test (5 working days)
✔ Insight into risks and follow-up actions
✔ Dutch testers with OSCP
✔ Unlimited debriefing
✔ Free retest after adjustments

View the sample report

(or click here to download)

How is the report structured?

Management summary

Contains a management summary of the most important risks and concrete priorities per finding.

Test overview

Insight into what has and has not been tested, the progress and possible clean-up actions.

Methodology

Describes the penetration test approach and which scenarios were examined.

Findings overview

An overview of all vulnerabilities found, by severity and priority.

Extensive findings

Extensive technical descriptions of our findings, risks and potential impacts per vulnerability, including concrete mitigation advice and evidence per finding.

Book a free meeting!

What our customers say

I had the pleasure of working with Security.Rocks on a recent project. They delivered remarkable results in a short time frame, worked within our budget and did not compromise on quality.
 
They provided a comprehensive report with the vulnerabilities found, clear examples and a CVSS score. Their communication and flexibility throughout the process was top notch, keeping us well informed at all times.
 
Thanks to the efforts of Security.Rocks, we have made concrete improvements to our security and significantly reduced our risk.
 
- Sander van de Ven (CISO)

Demonstrable experience

15

Years of experience

100%

OSCP Certified

300+

Penetration testing performed

€ 0,-

To unexpected hours and invoices.

100+

VDP Disclosures

Our people

We are a Dutch specialist team, trusted by companies at home and abroad. Our testers are seasoned, certified (OSCP) and used to thinking in terms of risks that affect you. We believe in transparency and practical advice that you can use immediately: no jargon, no wild theories, just results.

wouter_edited.jpg
"I like to think about which vulnerabilities really matter to your company."

Wouter van der Houven MSc OSCP
Co-founder

Image by James Harrison

What is a pentest?

A penetration test (pentest) is a controlled attack on your application to discover vulnerabilities before malicious actors do.

 

Experienced specialists try to break through systems within pre-agreed frameworks, as a real attacker would do. This way you get a realistic picture of your current security.

The purpose of a pentest

The goal of a penetration test is to provide clear, directly applicable insights that allow you to demonstrably reduce risks. No theoretical lists, but demonstrated vulnerabilities with sharp prioritization and concrete improvement actions. This allows you to invest in a targeted manner in increasing your resilience with demonstrable results.

Thinking like a hacker

Our testers are experienced attackers themselves, but now in your interest. We think like a hacker: how could we get to your sensitive data? Which combination of vulnerabilities is really interesting? This provides practical and relevant insights that your development team can start working with immediately.

Image by Jefferson Santos

Why a pentest?

Many data leaks are caused by seemingly small vulnerabilities in business environments. In the cloud, customer data, business processes and your reputation are at stake. A pentest provides insight into vulnerabilities that are not found with automatic scanning. This prevents damage, meets the requirements of customers or regulators, and shows that you take security seriously.

Testing with scenarios

Every application and environment is different. This sometimes brings unique risks. That is why we at Security.Rocks start every pentest with a short business risk analysis. In doing so, we not only look at technical issues, but especially at what is really important for your organization.

Why this approach?

This way, our tests are aligned with your actual risks and you will mainly receive findings and advice that make a difference for your organization. No standard checklist, but relevant scenarios that would really keep you awake at night.

No booklet

Working out these scenarios is not a book. Usually a clear brainstorm from your daily practice is sufficient. We guide this process and use it to test in a focused, efficient and above all valuable way.

Together we determine what absolutely cannot go wrong.

What is really sensitive or confidential?

Think of customer or company data, financial data or anything that requires extra protection due to regulations (such as GDPR).

What data must absolutely not be unreliable?

Errors in certain numbers, records or processes can have a direct impact on business operations or compliance.

Which services should always remain available?

We identify the application components that, in the event of a failure, will immediately lead to disruption or reputational damage.

Should users only be able to see and edit their own data?

Can an admin do more than strictly necessary? Is data protection properly arranged in all roles?

We translate these risks into clear test scenarios.

What happens if someone sabotages processes, manipulates data, or intercepts communications between systems?

Extra attention to what makes your application unique

We also look at non-standard processes, links with external services or industry-specific functionality.

The process

01

Preparation

Together we determine which systems, applications or networks will be tested and we establish clear goals that match the needs and risks of your organization.

02

Reconnaissance and attack

We collect information to understand how your systems are working. With this information, we perform targeted attacks, similar to how a malicious hacker would operate. This way, we identify weaknesses and risks.

03

Reporting

You will receive a clear and detailed report with our findings. This not only describes the vulnerabilities, but also practical recommendations to solve them. Would you like a sample of our report in advance? That is possible!

04

Debriefing and support

Results can be technical. We help your team understand the results and how to fix them. We also perform a free audit test to verify that findings have been resolved.

Did you know that the financial impact of a hack often goes beyond just restoring systems? Think of possible fines from the Dutch Data Protection Authority and especially the reputational damage to customers and partners. With a pentest you prevent yourself from running these enormous risks. Security is an investment that pays for itself many times over.

Types of Pentests

Depending on your goals and wishes, we offer different types of penetration testing:

Black box

We test without prior knowledge, as if an external attacker is knocking on the door.

Gray box

We get some user accounts or limited documentation, such as an insider with limited access.

White box

We work with full insight into your source code or internal systems for in-depth analysis of vulnerabilities and logic.

Packages and prices

The costs of a pentest are transparent and scalable, giving you control over the investment and the result.

Quick Scan

€ 500​

  • Automated testing with manual control

  • Targets common vulnerabilities

  • Suitable for quickly obtaining an initial picture

  • Lead time: 1-2 days

Pentest basic

€ 3.500​

  • Automated tooling + manual testing

  • Risk-based approach: We determine together which risks are most urgent for your organization and focus the test on that

  • Suitable as an initial survey for smaller applications or environments

  • Lead time: 3-4 days

Pentest complete

€ 5.500

  • Automated tooling + manual testing

  • Comprehensive risk-based approach: We address all risks relevant to your business, including more complex scenarios

  • Suitable for frameworks such as ISO-27001, SOC2 and organizations that want a broader security overview

  • Lead time: 5-6 days

  • Is een pentest veilig?
    Ja. Onze testers werken gecontroleerd, altijd binnen de vooraf afgesproken omgeving. Bij voorkeur testen we op een acceptatie-of stagingomgeving. Productiesystemen blijven onaangetast.
  • Hoe snel kan de pentest starten?
    We kunnen meestal binnen drie weken beginnen. De test zelf duurt vijf dagen; het rapport volgt kort daarna.
  • Wat kost het als er toch meer issues gevonden worden dan verwacht?
    Ons tarief is vast. Dat is inclusief onbeperkt nabespreken, een hertest na oplossen én alle rapportages. Geen verrassingen.
  • Moet ik technisch zijn om de rapportage te lezen?
    De rapportage bevat een beknopte managementsamenvatting en technische details voor ontwikkelaars. Zowel directie als techniek weten precies wat de volgende stap is.
  • Moet de applicatie offline tijdens de pentest?
    Nee, de pentest heeft geen impact op de beschikbaarheid van uw platform. U bepaalt zelf waar, wanneer en hoe wij mogen testen.
  • Wat gebeurt er na de test?
    U krijgt duidelijke adviezen, een nabespreking en indien gewenst een gratis hertest na doorgevoerde verbeteringen.
  • Zijn jullie testers gecertificeerd?
    Ja. Onze pentesters zijn OSCP-gecertificeerd en hebben ervaring met veel soorten SaaS omgevingen, API’s en cloudoplossingen.
  • Heeft u nog andere vragen of specifieke wensen?
    Neem gerust contact op, we denken graag mee.

Are you ready?

No one wants to lie awake wondering: 'Am I safe enough?'. Let us take that worry away and together take your security to the next level. We look forward to brainstorming with you!

Our
Partners

redsector_logo_black_and_white_edited.png
Logo-Cybermeister-purple-white (1)_edited.p
bottom of page