}
Penetration Testing

We are professional penetration testers!

Our team of consultants has collectively conducted thousands of penetration tests. We are some of the best experts in the industry and are happy to prove it.

The Secure Ideas Difference

Secure Ideas has been testing security systems since 2010, and its core testing competency is comprised of consultants with at least ten years of IT experience each. Our primary goal in every penetration testing engagement is to help our clients improve their security posture. Here are a few other ways we stand out:

Integrity: Though we are referred to as "hackers", Secure Ideas was founded on a strong foundation of ethical security testing. Well defined rules of engagement, local and federal laws, and the privacy of our clients are all critical considerations to us in every engagement.

Quality: You will never have to worry about Secure Ideas trying to pass off an automated scan as a penetration test. We make an effort to understand the technology and the current threat landscape so that we can thoroughly test the security of IT systems and advise our clients accordingly.

Partnership: We place a high value on our relationships with our clients. It is not enough to just do a penetration test and write up a report. At Secure Ideas, we welcome follow-up conversations, feedback, and questions from our clients year-around.

Types of Penetration Testing


Below are examples of common types of penetration testing performed by Secure Ideas:

Network

  • Internal / External / Both
  • Gray / White / Black Box
  • Remote / On-Site / Cloud
  • Any Size
  • HIPAA / PCI / Other*
  • Segmentation Testing*
Request Scoping*Optional

Application (Web / Mobile)

  • Internal / External
  • Any Technology Stack
  • Gray / White / Black Box
  • SPA / Legacy
  • Remote / On-Site
Request Scoping

API

  • RESTful / SOAP / Other
  • Gateway / Standalone
  • Swagger / Postman
  • Client or Service APIs
  • Any Technology Stack
Request Scoping

Devices & Mechanisms

  • IoT
  • Security Devices
  • Medical
  • SCADA
  • Others
Request Scoping

Wireless, Physical, Social Engineering

  • On-Site
  • Buildings, Multi-Site
  • Phishing
  • Focus on Users
Request Scoping

Pricing Model

All of our proposals for penetration testing work are made at a fixed-price, based on the estimated level of effort for the included tasks. Since the level of effort can vary significantly, so can the price. Most penetration tests fall somewhere in range of $10,000 - $45,000 USD. See How much does a penetration test cost for a deeper dive on this topic.

Our Engagement Process

Many people find the process for engaging a third party penetration supplier daunting. We recognize this and do what we can to simplify and streamline our process. Unfortunately, there is no one size fits all penetration test because each situation has a unique scope and considerations. Our engagement process is as follows:

  1. Scoping: We will need a few moments of your time to estimate the effort of an engagement. This is typically a 15-30 minute phone call with one of our consultants to understand your needs.
  2. Proposal: Our consultant will use the information from scoping plus years of experience to estimate the effort of the penetration test and write this into a Statement of Work (SoW) with a quote. All of our penetration test work is proposed as a fixed-price contract based on the estimate.
  3. Scheduling: Once you have decided to move forward with our proposal, we work with you to find a mutually agreeable time to perform the test.
  4. Kick-Off: About 1-2 weeks before the start of the test, our assigned consultants will meet with you to go over the details of the test and any items they will need to start the work.
  5. Testing: Testing will occur over the duration specified in the SoW, usually somewhere between a few days and two weeks.
  6. Delivery: The draft report is typically delivered within one week of the end of testing. You then have some time to review it and provide feedback; then we will make any necessary adjustments. If you need a letter of attestation, then we'll get that to you as well.
  7. Retesting: If you remediate items from a test we performed, we are happy to test the changes to make sure they are done correctly.

Need

Scout Services?

Need

Training?