>_ AYSOLI CYBERSECURITY
Back to services

Web & Infrastructure

Penetration Testing

Controlled, manual attacks against your applications and networks — with real exploitation, a prioritised report and a free retest. Scope is defined per engagement during scoping; billing is either time-based or success-based per finding.

What's included

  • Web applications & APIs (OWASP)
  • Internal infrastructure & Active Directory
  • External infrastructure & perimeter

Packages

Grey-box · OWASP

Web App & API

  • Manual testing combined with tooling
  • OWASP Top 10, business logic & authentication/session handling
  • API security (OWASP API Top 10: BOLA/IDOR, authorization, data exposure)
  • Prioritised report (CVSS) + free retest

Grey-box by default for more depth — black- or white-box on request.

Enquire

success-based

Findings-based

  • Same depth & methodology as fixed price — only billing differs
  • Base fee + payout per confirmed finding (CVSS-tiered, no duplicates)
  • Fewer findings = cheaper than a fixed-price test
  • Prioritised report (CVSS) + free retest

If unexpectedly critical findings pile up, we pause promptly — only in rare cases slightly more than fixed price.

Enquire

internal & external

Infrastructure

  • External perimeter & exposed services
  • Internal network & Active Directory attacks
  • Lateral movement, privilege escalation & segmentation
  • Prioritised report (CVSS) + free retest

Internal, external or combined scope — remote via VPN or on-site.

Enquire

Pricing depends on scope — you'll get a concrete proposal after a short scoping call.

Ready to know your attack surface?

Tell us briefly about your project — we'll come back with a concrete proposal.

Request a first call