Penetration Testing and Website Security Report

An informed and independent review of site security.

This security scan is useful for fulfilling industry and government requirements such as ISO/IEC 27000, PCI DSS, HIPAA, NIST, GDPR, or SOC 2.

The scan is targeted at public facing websites however we can expand the scope as required. Such as performing code review, server configuration, API audit, DDOS mitigation, SPF / DKIM for email, and DNS issues. We are very comfortable with the OWASP Top 10 and the SANS Top 25. Please let us know if you have any specific security concerns.

The security review is available in two modes.

The first is “penetration testing”. With penetration testing we find as many security gaps as possible. This is what most businesses want. This engagement usually takes 2 to 3 weeks to complete.

The second is “red teaming”. With red teaming we attempt to find a single vulnerability and actually exploit it as far as your parameters allow. Hardened environments would order this to complement penetration testing. This engagement usually takes 4 to 5 weeks to complete.

Both security reviews include pre-scan scope and post-scan debrief teleconferences. The PDF report consists of an executive summary, an overview for technical managers, possible next steps for subject matter experts, and a very detailed section with reference links. The audit can be scheduled when required.

Each test is available for $5,000 USD via Stripe. After product purchase you will be provided with a dedicated engineer’s telephone and email address. They are your 24 / 7 point of contact during the engagement.

Contact us at support@chadbourne.consulting for a free discovery teleconference to discuss how we can assist with your testing goals.

Thanks!