Professional penetration testing and security assurance.
Every plan includes a retest. No surprises. Just results.
once-off · after your fixes
once-off · full test + report + retest
per year · 4 tests · unlimited retests
scoped to your organisation
All prices in ZAR (incl. VAT where applicable). Scope variations may affect final pricing — confirmed in writing before engagement begins. USD equivalents available on request.
Everything you get — no fine print surprises.
The average data breach costs a South African organisation R10 million+ in downtime, legal fees, regulatory fines, and reputational damage (IBM CDR 2024). Our Single Assessment costs the same number — with three fewer zeroes.
And that's before you factor in that the average attacker is in your network 194 days before detection — racking up costs the entire time.
SEE YOUR BREACH COST TICK LIVE →The bars are to scale.
See how your estimated breach exposure stacks up against the cost of protecting yourself. Takes 10 seconds.
Our tests include passive and active reconnaissance, vulnerability scanning, manual exploitation attempts, privilege escalation testing, lateral movement simulation, and post-exploitation analysis. Every test concludes with a comprehensive report that maps findings to business risk — not just CVE IDs — with a clear remediation priority order.
A Single Assessment typically takes 2–3 weeks from signed scope to final report delivery. This includes the active testing window (usually 5–10 business days depending on scope), report writing, and an initial findings briefing. Timeline varies based on scope complexity and number of systems in scope. We confirm everything in writing before starting.
Yes — all reports are structured to support compliance requirements. We produce findings mapped to HIPAA, PCI DSS, SOC 2 Type II, ISO 27001, POPIA, and NIST CSF as required. For the Annual Assurance and Enterprise tiers, we include quarterly compliance posture updates and a compliance roadmap as part of the engagement.
The retest verifies that every vulnerability identified in the original assessment has been genuinely closed — not just documented as patched. We re-exploit each finding category to confirm it's no longer accessible. We also perform regression testing to check that fixes haven't introduced new vulnerabilities. You receive a final certification report confirming the remediated state, suitable for auditors, board members, and insurers.
Always. We sign NDA before any technical discussion, before receiving any documentation, and certainly before any active testing begins. Client confidentiality is foundational to how we operate — we have never disclosed a client name, finding, or engagement detail without explicit written permission. You can request our standard NDA template before even booking a consultation.
Absolutely. These tiers are starting points — the real scope of every engagement is defined in a written Statement of Work agreed before anything begins. Whether you need a single API tested, a specific compliance scope, red team exercises, or a multi-phase engagement across a large environment, we'll scope it accurately and quote it in writing. No scope creep, no surprise invoices.
Automated scanners find what they're programmed to find — usually the obvious stuff. They don't chain vulnerabilities together, they can't social-engineer your staff, they miss business logic flaws, they generate enormous false-positive noise, and they produce reports that mean nothing to a board or insurer. Real attackers are human. Our testers think like humans. A scanner has never found SQL injection hidden behind a custom authentication layer. We have.
Let's talk through your specific security needs. Free consultation — no commitment, no hard sell. We'll tell you honestly what you need and what you don't.
We respond within 24 hours · All inquiries strictly confidential · NDA from first contact