Duration depends on scope. A single web application takes 3–5 business days. API assessments 2–4 days. Cloud assessments 3–5 days. Red team operations 10–30 days. We provide a precise timeline during scoping.
Absolutely. We sign a comprehensive NDA before any scoping discussions. All findings and reports are kept strictly confidential.
A vulnerability scan is automated. A penetration test involves a certified human researcher manually verifying and exploiting vulnerabilities, demonstrating actual business impact. We never deliver scanner output rebranded as a pentest.
After remediation, we re-test every critical and high finding to confirm it has been properly fixed — at no additional charge. Professional plans include unlimited re-testing for 60 days.
Yes, and we prefer it. We operate with extreme care using non-destructive techniques and coordinate carefully with your team to avoid service disruption.
Critical findings are escalated immediately — within 2 hours of discovery. You receive an out-of-band notification before the final report.
Need a custom quote?
Tell us about your environment — we'll respond within 24 hours.