top of page
For companies that want certainty about their application security.

Application Pentest: Discover vulnerabilities in your SaaS platform.

✔ Fixed rate of €5,500
✔ Completed within 3 weeks
✔ Full test (5 working days)
✔ Insight into risks and follow-up actions
✔ Dutch testers with OSCP
✔ Unlimited debriefing
✔ Free retest after adjustments

View the sample report

Vul uw gegevens in — u ontvangt het rapport binnen 24 uur.

Book a free meeting!

How is the report structured?

Management summary

Contains a management summary of the most important risks and concrete priorities per finding.

Test overview

Insight into what has and has not been tested, the progress and possible clean-up actions.

Methodology

Describes the penetration test approach and which scenarios were examined.

Findings overview

An overview of all vulnerabilities found, by severity and priority.

Extensive findings

Extensive technical descriptions of our findings, risks and potential impacts per vulnerability, including concrete mitigation advice and evidence per finding.

Or request a quote

Our people

We are a Dutch specialist team, trusted by companies at home and abroad. Our testers are seasoned, certified (OSCP) and used to thinking in terms of risks that affect you. We believe in transparency and practical advice that you can use immediately: no jargon, no wild theories, just results.

wouter_edited.jpg
"I like to think about which vulnerabilities really matter to your company."

Wouter van der Houven MSc OSCP
Co-founder

Demonstrable experience

15

Years of experience

100%

OSCP Certified

300+

Penetration testing performed

€ 0,-

To unexpected hours and invoices.

100+

VDP Disclosures

What our customers say

I had the pleasure of working with Security.Rocks on a recent project. They delivered remarkable results in a short time frame, worked within our budget and did not compromise on quality.
 
They provided a comprehensive report with the vulnerabilities found, clear examples and a CVSS score. Their communication and flexibility throughout the process was top notch, keeping us well informed at all times.
 
Thanks to the efforts of Security.Rocks, we have made concrete improvements to our security and significantly reduced our risk.
 
- Sander van de Ven (CISO)
Image by James Harrison

What is a pentest?

A penetration test (pentest) is a controlled attack on your application to discover vulnerabilities before malicious actors do.

 

Experienced specialists try to break through systems within pre-agreed frameworks, as a real attacker would do. This way you get a realistic picture of your current security.

The purpose of a pentest

The goal of a penetration test is to provide clear, directly applicable insights that allow you to demonstrably reduce risks. No theoretical lists, but demonstrated vulnerabilities with sharp prioritization and concrete improvement actions. This allows you to invest in a targeted manner in increasing your resilience with demonstrable results.

Thinking like a hacker

Our testers are experienced attackers themselves, but now in your interest. We think like a hacker: how could we get to your sensitive data? Which combination of vulnerabilities is really interesting? This provides practical and relevant insights that your development team can start working with immediately.

Image by Jefferson Santos

Why a pentest?

Many data leaks are caused by seemingly small vulnerabilities in business environments. In the cloud, customer data, business processes and your reputation are at stake. A pentest provides insight into vulnerabilities that are not found with automatic scanning. This prevents damage, meets the requirements of customers or regulators, and shows that you take security seriously.

Testing with scenarios

Every application and environment is different. This sometimes brings unique risks. That is why we at Security.Rocks start every pentest with a short business risk analysis. In doing so, we not only look at technical issues, but especially at what is really important for your organization.

Why this approach?

This way, our tests are aligned with your actual risks and you will mainly receive findings and advice that make a difference for your organization. No standard checklist, but relevant scenarios that would really keep you awake at night.

No booklet

Working out these scenarios is not a book. Usually a clear brainstorm from your daily practice is sufficient. We guide this process and use it to test in a focused, efficient and above all valuable way.

Together we determine what absolutely cannot go wrong.

Wat is écht gevoelig of vertrouwelijk?

Denk aan klant- of bedrijfsgegevens, financiële data of alles wat door regelgeving (zoals GDPR) extra bescherming vraagt.

Welke data mag absoluut niet onbetrouwbaar zijn?

Fouten in bepaalde getallen, records of processen kunnen directe impact hebben op bedrijfsvoering of compliance.

Welke diensten moeten altijd beschikbaar blijven?

We identificeren de applicatie-onderdelen die bij uitval direct tot verstoring of reputatieschade leiden.

Mogen gebruikers alleen hun eigen data zien en wijzigen?

Kan een admin meer dan strikt noodzakelijk? Is data-afscherming in alle rollen goed geregeld?

We vertalen deze risico's naar concrete testscenario's.

Wat gebeurt er als iemand processen saboteert, data manipuleert of communicatie tussen systemen onderschept?

Extra aandacht voor wat uw applicatie uniek maakt

We kijken ook naar niet-standaard processen, koppelingen met externe diensten of branche-eigen functionaliteit.

The process

01

Voorbereiding

Samen bepalen we welke systemen, applicaties of netwerken getest worden en stellen we duidelijke doelen vast die aansluiten bij de behoeften en risico's van jouw organisatie.

02

Verkenning en aanval

We verzamelen informatie om inzicht te krijgen in hoe je systemen werken. Met deze informatie voeren we gerichte aanvallen uit, vergelijkbaar met hoe een kwaadwillende hacker te werk zou gaan. Zo identificeren we zwakke plekken en risico’s.

03

Rapportage

Je ontvangt een helder en gedetailleerd rapport met onze bevindingen. Hierin staan niet alleen de kwetsbaarheden beschreven, maar ook praktische aanbevelingen om ze op te lossen. Wil je vooraf een voorbeeld van ons rapport? Dat kan!

04

Nabespreking en ondersteuning

Resultaten kunnen technisch zijn. We helpen je team de resultaten te begrijpen en hoe ze opgelost kunnen worden. Ook voeren we een gratis controletest uit om te verifiëren dat bevindingen opgelost zijn.

Did you know that the financial impact of a hack often goes beyond just restoring systems? Think of possible fines from the Dutch Data Protection Authority and especially the reputational damage to customers and partners. With a pentest you prevent yourself from running these enormous risks. Security is an investment that pays for itself many times over.

Types of Pentests

Depending on your goals and wishes, we offer different types of penetration testing:

Black box

We test without prior knowledge, as if an external attacker is knocking on the door.

Gray box

We get some user accounts or limited documentation, such as an insider with limited access.

White box

We work with full insight into your source code or internal systems for in-depth analysis of vulnerabilities and logic.

Packages and prices

The costs of a pentest are transparent and scalable, giving you control over the investment and the result.

Quick Scan

€ 500​

  • Automated testing with manual control

  • Targets common vulnerabilities

  • Suitable for quickly obtaining an initial picture

  • Lead time: 1-2 days

Pentest basic

€ 3.500​

  • Automated tooling + manual testing

  • Risk-based approach: We determine together which risks are most urgent for your organization and focus the test on that

  • Suitable as an initial survey for smaller applications or environments

  • Lead time: 3-4 days

Pentest complete

€ 5.500

  • Automated tooling + manual testing

  • Comprehensive risk-based approach: We address all risks relevant to your business, including more complex scenarios

  • Suitable for frameworks such as ISO-27001, SOC2 and organizations that want a broader security overview

  • Lead time: 5-6 days

  • Is een pentest veilig?
    Ja. Onze testers werken gecontroleerd, altijd binnen de vooraf afgesproken omgeving. Bij voorkeur testen we op een acceptatie-of stagingomgeving. Productiesystemen blijven onaangetast.
  • Hoe snel kan de pentest starten?
    We kunnen meestal binnen drie weken beginnen. De test zelf duurt vijf dagen; het rapport volgt kort daarna.
  • Wat kost het als er toch meer issues gevonden worden dan verwacht?
    Ons tarief is vast. Dat is inclusief onbeperkt nabespreken, een hertest na oplossen én alle rapportages. Geen verrassingen.
  • Moet ik technisch zijn om de rapportage te lezen?
    De rapportage bevat een beknopte managementsamenvatting en technische details voor ontwikkelaars. Zowel directie als techniek weten precies wat de volgende stap is.
  • Moet de applicatie offline tijdens de pentest?
    Nee, de pentest heeft geen impact op de beschikbaarheid van uw platform. U bepaalt zelf waar, wanneer en hoe wij mogen testen.
  • Wat gebeurt er na de test?
    U krijgt duidelijke adviezen, een nabespreking en indien gewenst een gratis hertest na doorgevoerde verbeteringen.
  • Zijn jullie testers gecertificeerd?
    Ja. Onze pentesters zijn OSCP-gecertificeerd en hebben ervaring met veel soorten SaaS omgevingen, API’s en cloudoplossingen.
  • Heeft u nog andere vragen of specifieke wensen?
    Neem gerust contact op, we denken graag mee.

Are you ready?

No one wants to lie awake wondering: 'Am I safe enough?'. Let us take that worry away and together take your security to the next level. We look forward to brainstorming with you!

Our
Partners

redsector_logo_black_and_white_edited.png
Logo-Cybermeister-purple-white (1)_edited.p
bottom of page