We find what scanners
miss.
Red Team
Automated tools find the obvious. We find the rest. Manual penetration testing per OWASP Testing Guide, PTES and NIST SP 800-115, with proof-of-exploit for every finding.
Why Scanners Aren't Enough
Vulnerability scanners are good at identifying known CVEs. They're bad at finding business logic flaws, exploiting trust boundaries or recognising combined attack paths. A motivated attacker doesn't work with Nessus. They work with creativity, patience and context.
A pentest simulates exactly that. We map your application logic, identify where the system trusts an attacker more than it should, and demonstrate the impact with real exploits. What we describe in the report, we can reproduce.
For companies with client or partner data, cloud infrastructure or regulatory requirements, an annual pentest is no longer optional. It's due diligence.
Our Approach
Phase 01
Scoping & Rules of Engagement
We jointly define scope, test type (black/grey/white box), time window and escalation paths. No test begins without clear written consent.
Phase 02
Reconnaissance
Passive and active information gathering. Attack surface mapping, subdomain enumeration, technical footprinting techniques from OWASP Testing Guide and PTES.
Phase 03
Exploitation
Manual exploitation of identified vulnerabilities. Every finding documented with proof-of-exploit, including screenshot, request/response and CVSS impact assessment.
Phase 04
Post-Exploitation & Lateral Movement
Where in scope: privilege escalation, lateral movement, data access and persistence techniques. We show the realistic attack path, not just the entry point.
Phase 05
Report, Debriefing & Retest
Technical report with prioritised findings and remediation guidance, live debriefing with your team, followed by retest of implemented fixes.
What You Receive
Proof-of-Exploit per Finding
Every finding is reproducibly documented. No theoretical risks, but demonstrated impact.
Prioritised Findings Report
CVSS-based prioritisation, reproduction steps, remediation recommendation and effort estimate for your development team.
Live Debriefing
Walkthrough of critical findings with your technical team. We answer questions directly, not via email ping-pong.
Retest of Fixes
After your remediation, we verify that patches hold and no regression risk has been introduced.
Executive Summary
Short, non-technical summary for management: risk posture, action required and status after remediation.
Common Questions
What's the difference between a pentest and a vulnerability scan?
A vulnerability scanner runs automatically and reports known vulnerabilities based on signatures. A pentest is manual: we understand your application logic, look for vulnerabilities no scanner knows, and demonstrate the real impact through exploitation. The pentest report contains reproducible exploits, not scanner output.
What's the difference between black box, grey box and white box?
Black box: we start without prior information, like an external attacker. Grey box: we receive user credentials and basic system info, simulating realistic internal or privileged attackers. White box: full access to code, architecture and credentials, enabling the deepest assessment. For most SMEs, we recommend grey box.
What belongs in the scope?
We agree this in writing before the engagement. Typical scopes: web applications, REST or GraphQL APIs, network and Active Directory, cloud configurations in AWS/Azure/GCP. We can combine scopes or focus on one area, depending on budget and risk profile.
How long does a pentest take?
A focused web application pentest takes two to five days. A combined network and AD engagement five to ten days. A full-scope red team seven to fourteen days. We clarify the effort transparently in the scoping call.
Plan a Pentest
We clarify scope and effort in a free initial consultation. Directly with the tester who will conduct the pentest.
Plan a PentestCHF 4,500–15,000
Manual, per OWASP/PTES. Price depends on scope and complexity. Includes report, debriefing and retest.