Ethical Hacking

Ethical Hacking 'Classic Style' or 'No cure No pay'

We offer each customer the most suitable formula. We can pentest the defined scope in the traditional way at a fixed rate. Or we can test the scope top-down on all possible errors where you only pay for what we find. The choice is yours.

Either way, both ways are performed in a very thorough and professional way and according to the CVSS standard.

Classic Style

With this formula, we test in the traditional way whether your IT security is sufficient to exclude hackers. At a fixed rate, our pen testers perform a black box, grey box or white box. You are in good hands. All our testers work with a code of ethics and they are all top in terms of human insight and creativity. That is crucial for a good test.

BLACKBOX TEST

The tester doesn't get any information in advance, just like in real life.

So he puts himself in the shoes of a real hacker.

GREYBOX TEST

Some information is made available here, such as login details.

So the tester puts itself in the shoes of an informed hacker or malicious insider.

WHITEBOX TEST

In this test, full disclosure is given in advance, such as source code.

With this method, more complex and well-hidden vulnerabilities can be found.

No cure No pay (NCNP)

With our formula "No cure No pay" we are pioneers in the ethical hacking world and as a small or medium-sized company, you can only win! If our hackers don't find any mistakes, you don't pay anything. If they do find mistakes, you pay a predetermined rate.

100% TRANSPARENCY

You meet the hacker in advance. So you always know who is hacking and when.

You also always know in advance how much will be charged.

BUDGET-FRIENDLY

If no bugs or data leaks are found, the service costs nothing.

So you can also work with low budgets top security.

PERSONAL DEBRIEF

After the assignment, the ethical hacker will discuss the results with you.

Moreover, he will give your company a clear cybersecurity score.

Pricing NCNP based on Criticality and Predefined Bugs

Low urgency (K4)

Criticality from 0 to

€ 0,- per error

Medium urgency (K3)

Criticality from 25 to

€ 250,- per error

High urgency (K2)

Criticality from 50 to

€ 750,- per error

Very critical (K1)

Criticality from 75 to

€ 1250,- per error

Criticality 4 - Low urgency

Criticality 3 - Medium urgency

Server Security Misconfiguration - Misconfigured DNS (basic subdomain takeover)
Server Security Misconfiguration - Mail server misconfiguration (no spoofing protection on email domain)
Server-Side Injection - HTTP response manipulation (response splitting) (CRLF)
Server-Side Injection - Content spoofing (iframe Injection)
Broken Authentication and Session Management - Two Factor Authentication (2FA) Bypass
Failed Authentication and Session Management - Weak login function (HTTPS not available or HTTP default)
Failed Authentication and Session Management - Session fixation (remote attack vector)
Exposure sensitive data - EXIF Geolocation data not stripped from uploaded images (automatic user enumeration)
Cross-Site Scripting (XSS) - Saved privileged user to Privilege Elevation
Cross-Site Scripting (XSS) - Saved CSRF/URL-Based
Cross-Site Scripting (XSS) - Reflected Non-Self
Broken Access Control (BAC) - Server-Side Request Forgery (SSRF) (internal scan and/or medium Impact)
Application-Level Denial-of-Service (DoS) - High impact and/or medium difficulty
Client-Side Injection - Binary planting (default folder privilege escalation)
Automotive Security Misconfiguration - Infotainment (Code execution (not CAN Bus Pivot))
Automotive Security Misconfiguration - Infotainment (unauthorized access to services (API/endpoints))
Automotive Security Misconfiguration - RF Hub (Data leakage/pull encryption mechanism)

Criticality 2 - High urgency

Server Security Misconfiguration - Wrongly configured DNS (Subdomain takeover)
Server Security Misconfiguration - OAuth Misconfiguration (Account takeover)
Exposure to sensitive data - Weak password-reset implementation (Token leakage via Host Header Poisoning)
Cross-Site Scripting (XSS) - Saved (Non-Privileged User to Everyone)
Broken Access Control (BAC) - Server-Side Request Forgery (SSRF) (internal high impact)
Cross-Site Request Forgery (CSRF) - Application-wide
Application-level Denial-of-Service (DoS) - Critical impact and/or easy difficulty level
Insecure OS/Firmware - Hardcoded Password ( Non-Privileged User)
Automotive Security Misconfiguration - Infotainment (Code Execution - CAN Bus Pivot)
Automotive Security Misconfiguration - RF Hub CAN Injection (Interaction)

Criticality 1 - Very critical

Server security misconfiguration - Use of standard certificates
Server-Side Injection - File Injection Local
Server-Side Injection - Remote Code Execution (RCE)
Server-Side Injection - SQL Injection
Server-Side Injection - XML External Entity Injection (XXE)
Broken Authentication and Session Management - Authentication bypass
Exposure to sensitive data - Critically sensitive data (disclosure of passwords)
Exposure to sensitive data - Critically sensitive data (private API keys)
Insecure OS/Firmware - Command Injection
Insecure OS/Firmware - Hardcoded Password (Privileged User)
Broken cryptography - Cryptographic error (improper use)
Automotive Security Misconfiguration - Infotainment (PII Leakage)
Automotive Security Misconfiguration - RF Hub (Key Fob Cloning)

Possible Ethical Hacks

Company Network

We check whether hackers can penetrate your internal network and also whether malicious employees or visitors can misuse data from within.

WiFi

Hackers can easily get in via WiFi. The signal is then picked up outside by criminals so that they can hack remotely and quietly without being noticed.

Web Applications

Websites, e-shops, portals or CRM systems are a gateway from the Internet to sensitive data. We identify all vulnerabilities and advise on measures to be taken.

Software Defined Radio

More and more communication between our systems is wireless. Software Defined Radio (SDR) has increased the risks enormously. We map out everything (think of IoT devices).

ICS-SCADA

Industrial control systems and SCADA are connected to internet and corporate networks but do not have optimal security. We check this thoroughly.

Cyber Threat Hunting

Through proactive and in-depth forensic analysis you can check if you have been hacked and if there are systems that leak information.

Compliance Audits

A pen test is often a mandatory part of an ISO 27001 or GDPR certification process. We thoroughly check whether you meet all the requirements.

Mobile Applications

Mobile apps process sensitive data and are linked to other (web) services in various ways. We test all possible connections of the devices and services.

Cloud Security

Your company works in the cloud. But are the links to your own environment safe? Maybe they create unforeseen security holes?

Mystery Guest

How far does an unannounced visitor physically get into your company? We come on-site incognito, test it out and deliver a comprehensive report.

Forensic Research

If you are a victim of a cyber intrusion or ransomware, we track down the hacking path trying to find the malware so that you can restore the security of your network.

Hack-proof Tools

We have online backups, cyber insurance, the most efficient anti-ransomware scanner and a security score to check the digital footprint of your own company and your suppliers.

Check-ups

Through teleworking and migrations to the cloud, your staff can work flexibly from different locations. Security risks are hardly taken into account. The check-ups immediately show all security holes in your cloud and Citrix Remote Teleworking environment.

Ethical Hacking

Ethical Hacking 'Classic Style' or 'No cure No pay'

Classic Style

BLACKBOX TEST

GREYBOX TEST

WHITEBOX TEST

No cure No pay (NCNP)

100% TRANSPARENCY

BUDGET-FRIENDLY

PERSONAL DEBRIEF

Pricing NCNP based on Criticality and Predefined Bugs

Low urgency (K4)

Medium urgency (K3)

High urgency (K2)

Very critical (K1)

Possible Ethical Hacks

Company Network

WiFi

Web Applications

Software Defined Radio

ICS-SCADA

Cyber Threat Hunting

Compliance Audits

Mobile Applications

Cloud Security

Other Hacking Solutions

Mystery Guest

Forensic Research

Hack-proof Tools

Check-ups

Mail us at info@sectricity.com or call +32 9 298 05 85
» Free Quote «

Ethical Hacking

Ethical Hacking 'Classic Style' or 'No cure No pay'

Classic Style

BLACKBOX TEST

GREYBOX TEST

WHITEBOX TEST

No cure No pay (NCNP)

100% TRANSPARENCY

BUDGET-FRIENDLY

PERSONAL DEBRIEF

Pricing NCNP based on Criticality and Predefined Bugs

Low urgency (K4)

Medium urgency (K3)

High urgency (K2)

Very critical (K1)

Possible Ethical Hacks

Company Network

WiFi

Web Applications

Software Defined Radio

ICS-SCADA

Cyber Threat Hunting

Compliance Audits

Mobile Applications

Cloud Security

Other Hacking Solutions

Mystery Guest

Forensic Research

Hack-proof Tools

Check-ups

Mail us at info@sectricity.com or call +32 9 298 05 85» Free Quote «

Mail us at info@sectricity.com or call +32 9 298 05 85
» Free Quote «