No Cure? No Pay.

You can only win as a company with this No Cure No Pay formula! If our hackers don't find any mistakes, you don't pay anything. If they do find mistakes, you pay a predetermined rate. Easy, right? Not unimportant: you always know who the hacker is and when he will hack. So 100% transparency.

Low urgency (K4)

Criticality from 0 to

€ 0,- per error

Medium urgency (K3)

Criticality from 25 to

€ 250,- per error

High urgency (K2)

Criticality from 50 to

€ 500,- per error

Very critical (K1)

Criticality from 75 to

€ 1250,- per error

Bugs No Cure No Pay according to criticality from low to high (4 - 1)

We guarantee 100% transparency by sharing the hacker's contact details as well as this pre-defined no cure no pay bug list. So you only pay for what we can hack.*

Criticality 4 - Low urgency

Server Security Misconfiguration - Misconfiguration DNS (zone transfer)
Server Security Misconfiguration - Mail server misconfiguration (e-mail spoof to Inbox as a result of miss/misconfiguration DMARC on e-mail)
Server Security Misconfiguration - Database Management System Misconfiguration (DBMS) (overly privileged user / DBA)
Server Security Misconfiguration - Lack of Password Confirmation (Delete account)Server Security Misconfiguration - No tariff restriction on the form (registration)
Server Security Misconfiguration - No tariff restriction on the form (login)
Server Security Misconfiguration - No rate restriction on the form (e-mail triggering)
Server Security Misconfiguration - No tariff restriction on the form (SMS triggering)
Server Security Misconfiguration - Missing secure or HTTP only cookie flag (session token)
Server Security Misconfiguration - Clickjacking (sensitive action)
Server Security Misconfiguration - Captcha bypass (implementation vulnerability)
Server Security Misconfiguration - Lack of security headers (cache-control for a sensitive page)
Server Security Misconfiguration - Web Application Firewall (WAF) bypass (direct server access)
Server-Side Injection - Spoofing content (external authentication Injection)
Server-Side Injection - Spoofing content (email HTML injection)
Broken Authentication and Session Management - Cleartext transmission of the session token
Broken Authentication and Session Management - Weak login function (other plaintext protocol without secure alternative)
Failed Authentication and Session Management - Weak login function (LAN only)
Failed Authentication and Session Management - Weak login function (HTTP and HTTPS available)
Broken Authentication and Session Management - Error or invalid session (log out on client and server)
Broken Authentication and Session Management - Error or invalid session (on password reset/change)
Failed Authentication and Session Management - Weak registration implementation (over HTTP)
Sensitive data exposure - EXIF geolocation data not stripped from uploaded images (manual user enumeration)
Sensitive data exposure - Visible detailed error/Debug page (detailed server configuration)
Sensitive data exposure - Token leakage via referer (unreliable 3rd party)
Sensitive data exposure - Token leakage via referer (over HTTP)
Sensitive data exposure - Sensitive token in URL (user-facing)
Sensitive data exposure - Weak password reset Implementation (password reset token sent over HTTP)
Cross-Site Scripting (XSS) - Saved (privileged user to no privileged elevation)
Cross-Site Scripting (XSS) - Flash-Based
Cross-Site Scripting (XSS) - IE only (IE11)
Cross-Site Scripting (XSS) - Reference
Cross-Site Scripting (XSS) - Universal (UXSS)
Cross-Site Scripting (XSS) - Off-Domain (Data URL)
Broken Access Control (BAC) - Server-Side Request Forgery (SSRF) (External)
Broken access control (BAC) - Username/Email enumeration (non-brute force)
Unvalidated Redirects and Forwards - Open redirect (GET-Based)
Insufficient Security Configuration - No Password Policy
Insufficient Security configuration - Weak password reset Implementation (the token is not invalid after use)
Insufficient Security Configuration - Weak 2FA Implementation (2FA secret cannot be rotated)
Insufficient Security Configuration - Weak 2FA Implementation (2FA secret remains available after 2FA is enabled)
Use of components with known vulnerabilities - Rosetta Flash
Unsafe data storage - Sensitive application data stored unencrypted (on external storage)
Unsafe data storage - Server-Side credentials storage (plaintext)
Unsafe data transport - Executable download (no secure integrity check)
Privacy Concerns - Unnecessary data collection (WiFi SSID+password)
Automotive Security Misconfiguration - Infotainment (source code dump)
Automotive Security Misconfiguration - Infotainment (Denial of Service (DoS / Brick)
Automotive Security Misconfiguration - Infotainment (default credentials)
Automotive Security Misconfiguration - RF Hub (unauthorized access/power on)
Automotive Security Misconfiguration - CAN (injection (prohibited messages))
Automotive Security Misconfiguration - CAN (Injection (DoS))

Criticality 3 - Medium urgency

Server Security Misconfiguration - Misconfigured DNS (basic subdomain takeover)
Server Security Misconfiguration - Mail server misconfiguration (no spoofing protection on email domain)
Server-Side Injection - HTTP response manipulation (response splitting) (CRLF)
Server-Side Injection - Content spoofing (iframe Injection)
Broken Authentication and Session Management - Two Factor Authentication (2FA) Bypass
Failed Authentication and Session Management - Weak login function (HTTPS not available or HTTP default)
Failed Authentication and Session Management - Session fixation (remote attack vector)
Exposure sensitive data - EXIF Geolocation data not stripped from uploaded images (automatic user enumeration)
Cross-Site Scripting (XSS) - Saved privileged user to Privilege Elevation
Cross-Site Scripting (XSS) - Saved CSRF/URL-Based
Cross-Site Scripting (XSS) - Reflected Non-Self
Broken Access Control (BAC) - Server-Side Request Forgery (SSRF) (internal scan and/or medium Impact)
Application-Level Denial-of-Service (DoS) - High impact and/or medium difficulty
Client-Side Injection - Binary planting (default folder privilege escalation)
Automotive Security Misconfiguration - Infotainment (Code execution (not CAN Bus Pivot))
Automotive Security Misconfiguration - Infotainment (unauthorized access to services (API/endpoints))
Automotive Security Misconfiguration - RF Hub (Data leakage/pull encryption mechanism)

Criticality 2 - High urgency

Server Security Misconfiguration - Wrongly configured DNS (Subdomain takeover)
Server Security Misconfiguration - OAuth Misconfiguration (Account takeover)
Exposure to sensitive data - Weak password-reset implementation (Token leakage via Host Header Poisoning)
Cross-Site Scripting (XSS) - Saved (Non-Privileged User to Everyone)
Broken Access Control (BAC) - Server-Side Request Forgery (SSRF) (internal high impact)
Cross-Site Request Forgery (CSRF) - Application-wide
Application-level Denial-of-Service (DoS) - Critical impact and/or easy difficulty level
Insecure OS/Firmware - Hardcoded Password ( Non-Privileged User)
Automotive Security Misconfiguration - Infotainment (Code Execution - CAN Bus Pivot)
Automotive Security Misconfiguration - RF Hub CAN Injection (Interaction)

Criticality 1 - Very critical

Server security misconfiguration - Use of standard certificates
Server-Side Injection - File Injection Local
Server-Side Injection - Remote Code Execution (RCE)
Server-Side Injection - SQL Injection
Server-Side Injection - XML External Entity Injection (XXE)
Broken Authentication and Session Management - Authentication bypass
Exposure to sensitive data - Critically sensitive data (disclosure of passwords)
Exposure to sensitive data - Critically sensitive data (private API keys)
Insecure OS/Firmware - Command Injection
Insecure OS/Firmware - Hardcoded Password (Privileged User)
Broken cryptography - Cryptographic error (improper use)
Automotive Security Misconfiguration - Infotainment (PII Leakage)
Automotive Security Misconfiguration - RF Hub (Key Fob Cloning)

*We work using Bugcrowd's classification of vulnerabilities.

Advantages of this No Cure No Pay formula?

100% TRANSPARENCY

You meet the hacker beforehand. So you always know who's hacking and when. Moreover, there is a clear overview of possible errors and data leaks. So you always know in advance how much will be charged (or nothing at all, of course).

BUDGET-FRIENDLY

With this formula, you can have your business environment regularly checked for cyber security, even with low budgets. You don't pay unnecessary hours. If no bugs or data leaks are found, the service costs nothing. If we discover data leaks, you'll know immediately.

SECURITY BOOST

You have nothing to lose. On the contrary! As an independent party, we often act as a control body for our clients. Even if your IT supplier says your environment is super secure, you can have it double-checked. That way, your company is always in top-cyber form.

Hacking facts and figures

Hacking is a serious problem for companies.

days it takes on average for a hack to be discovered

% of all hacking attacks can be easily prevented

% of digital burglaries have been patchable for more than 1 year

What is the purpose of ethical hacking?

What is the result of ethical hacking?

Is ethical hacking necessary?

Is ethical hacking expensive?

Connect with our ethical hackers today!

Email: info@sectricity.com

Call: Belgium +32 9 298 05 85 or Netherlands +31 85 888 16 44

>> Free quote <<