The quality of Security Assessment is more important to us and more meaningful to you. Based in Singapore, we focus more on the quality of the works.
Security issues are classified into Critical, High, Moderate and Low risk findings. Besides detailed security report with finding descriptions, proofs and recommendation, we could advise you how to fix and mitigate the security issues.
Please contact us to get an exact quotation for your projects at a good pricing.
1. Penetration Testing (PT)
Item | Description | Item Price |
---|---|---|
Web Penetration Testing (Web PT) | Security researchers to manually reveal security vulnerabilities in web sites. Detail security assessment report will be given. - Testing type: Grey-box - Penetration testing in both auto and manual modes - Reports with detail findings, proofs and recommendation - Follow OWASP Web Top 10 Standard - Malicious Input Checks - Session Violation checks - Access Control Security Analysis - Testing to be done in Staging or Production environment - 2 tests and reports performed: before and after defect fixing | Contact us Public pages and after-login pages will be counted as 2 websites. |
Mobile Penetration Testing (Mobile PT): iOS app OR Android app | Security researchers to manually reveal security vulnerabilities in iOS and Android applications. Detail security assessment report will be given. - Testing type: Grey-box - Penetration testing in manual and auto modes - Reports with detail findings, proofs and recommendation - Follow OWASP Mobile Top 10 Standard - Dynamic Runtime Analysis (Debugging, Memory analysis, IPC mechanisms and app components) - Network Analysis (Certificate pinning, …) - Static Analysis (Reverse Engineering) - Fuzzing APIs called from own mobile apps. - Testing to be done in Staging or Production environment - 2 tests and reports performed: before and after defect fixing | Contact us One Android app and one iOS app for the same app will be counted as 2 apps. |
2. Vulnerability Assessment (VA)
Item | Description | Price |
---|---|---|
Web Vulnerability Assessment (Web VA) | Vulnerability scans use automated tools, with some manual support, to identify known weaknesses in a target enterprise. Detailed reports will be provided. - Testing type: Grey-box - Reports with detail findings, proofs and recommendation - Follow OWASP Web Top 10 Standard - Injection - Broken Authentication and Session Management - Cross-Site Scripting - Insecure Direct Object References - Security Misconfiguration - Sensitive Data Exposure - Missing Function Level Access Control - Cross Site Request Forgery (CSRF) - Using Components with Known Vulnerabilities - Unvalidated Redirects and Forwards - Testing to be done in Staging or Production environment - 2 tests and reports performed: before and after defect fixing | Contact us |
OS Vulnerability Assessment (OS VA) | Vulnerability scans use automated tools, with some manual support, to identify known weaknesses in a target enterprise. Detailed reports will be provided. - Testing type: Grey-box - Reports with detail findings, proofs and recommendation - Follow OWASP Top 10 Standard - Check for open ports - Check access for services - Check for outdated components - Check for components with known vulnerabilities - Testing to be done in Staging or Production environment - 2 tests and reports performed: before and after defect fixing | Contact us |
3. Source Code Review
Source code review is the process of auditing the source code for an application to verify that the proper security controls are present, that they work as intended, and that they have been invoked in all the right places.
Item | Description | Item Price |
---|---|---|
Source Code Review | Security experts in software and security team manually review source code for security holes. Detailed reports will be provided. - Testing type: White-box - Source code review in both auto and manual modes - Reports with detail findings, proofs and recommendation - Testing to be verified with live system in staging or produciton environment - 2 tests and reports performed: before and after defect fixing | Contact us |
4. System Configuration Review
A system and configuration review audits and technically tests a network system, server or device to ensure it meets current security standards along with any applicable security policies.
Item | Description | Item Price |
---|---|---|
System Configuration Review | Security experts in software and security team manually extract the system configuration and review the configuration based on CIS bendmark framework. Detailed reports will be provided. – Testing type: Grey-box – Reports with detail findings, proofs and recommendation – Follow CIS Benchmark Framework – User Configuration – Mandatory Access Control Configuration (features and roles) – Ensure updates, patches and additional security software are installed – Service Configuration – Logging and Auditing – Remote Access Hardening – Software Configuration (i.e. databases) – Access, Authentication, and Authorization – Network Time Protocol Configuration – Network Configuration – Firewall Configuration – Testing to be done in Staging or Production environment – 2 tests and reports performed: before and after defect fixing | Contact us |
5. Onsite VAPT Support
Basic VAPT support is provided at customer site in Singapore for initial connection and basic tasks.
Item | Description | Item Price |
---|---|---|
Onsite VAPT Basic Support | Security engineer will perform basic VAPT support tasks at customer site. – To perform basic VAPT tasks at customer site – To setup remote connection to remote VAPT experts – To collect the raw reports and system configurations back for further assessment and reporting – Support hours: Mon-Fri, 9am-6pm | Contact us |
Onsite VAPT Expert Support | Security researcher will perform VAPT tasks at customer site. – For isolated production systems – To perform all VAPT tasks at customer site – To collect the raw reports and system configurations back for further assessment and reporting – Support hours: Mon-Fri, 9am-6pm | Contact us |