Services
Every engagement is executed 100% remote. No travel costs, no delays — you get senior CISSP + OSCP+ certified expertise wherever you are in the EU.
Core Services
All core services include an executive summary, full technical report with PoC evidence, and a debrief call.
In-depth security assessment of web applications following OWASP WSTG and ASVS methodology. Covers authentication, authorisation, injection flaws, business logic, and configuration weaknesses — not just automated scanning.
Security testing of REST, GraphQL, and WebSocket APIs. Focuses on auth and authorisation flaws, input validation, rate limiting, data exposure, and business logic errors — issues automated tools consistently miss.
Configuration and security assessment of AWS, Azure, and GCP environments. Covers IAM policies, network configuration, storage permissions, logging and monitoring gaps, and compliance control mapping.
Assessment of your internet-facing infrastructure: port scanning, service enumeration, vulnerability identification, and controlled exploitation. Covers the attack surface your organisation exposes to the public internet.
Additional Services
Specialist services to complement your security programme or address specific needs.
Assessment of your internal network via VPN. Active Directory enumeration, lateral movement paths, and privilege escalation. Requires a stable VPN setup.
Manual and automated analysis of source code. Identifies vulnerabilities introduced during development — before they reach production.
External reconnaissance: exposed assets, leaked credentials, shadow IT, and publicly accessible sensitive data. Understand what attackers see before they do.
Compliance readiness assessment with control mapping against NIS2 or DORA requirements. Delivers a gap analysis, remediation roadmap, and regulator-ready report.
Part-time security leadership on a retainer or project basis. Strategy, risk management, board reporting, and programme oversight — without the cost of a full-time hire.
Realistic adversary simulation targeting people, processes, and technology. Includes phishing, chained exploitation, and persistence — scoped and priced per engagement.
Remote Delivery
Every step is designed to be frictionless — for you and your team.
30 minutes to align on target, timeline, and objectives.
Scope of work and NDA signed. Testing doesn't start without written sign-off.
I execute the engagement remotely. You get a brief daily update if the timeline is more than 2 days.
You review the draft report and flag any questions before the final version.
A call to walk through findings, answer questions, and discuss remediation priority.
Quick Reference
A simple overview so you know what to prepare before we start.
| Service | You provide | Timeline | Starting price | Type |
|---|---|---|---|---|
| Web Application Pentest | URL + test accounts | 3–5 days | €3,500 | Core |
| API Security Assessment | Endpoints + credentials | 2–4 days | €2,500 | Core |
| Cloud Security Review | Read-only access | 2–3 days | €3,500 | Core |
| External Network Pentest | IP ranges + authorisation | 2–3 days | €2,000 | Core |
| Internal Network Pentest | VPN access + domain account | 4–5 days | €3,500 | Add-on |
| Secure Code Review | Repository access | 3–5 days | €3,000 | Add-on |
| OSINT / Attack Surface | Company name + domain | 1–2 days | €1,500 | Add-on |
| NIS2 / DORA Gap Analysis | Documentation + stakeholder | 3–5 days | €3,500 | Add-on |
| vCISO / Security Advisory | Onboarding call | Ongoing | €125–150/hr | Add-on |
Get Started
Get in touch to discuss scope, timeline, and pricing. Most engagements can start within one week of sign-off.
Or email: info@cyberscore.nl — response within 24 hours on business days.