Individual pricing
Price depends on the scope of testing, number of applications, pentester time and depth of testing. Pricing in 48 hours from the form.
or 399 PLN net/msc
– continuous monitoring of people
PROCESS
PROCESS
OWASP Top 10 Class Vulnerability Categories
Injection, Broken Authentication, Sensitive Data Exposure and more.
Business logic of the application
Authorization errors between roles, parameter manipulation, race conditions
APIs and integrations
REST/GraphQL, token authentication, input validation
Configuration of servers and infrastructure supporting the application
Security mechanisms
Encryption, session management, password recovery mechanisms
Each pentest ends with two separate reports – one for management and one for the technical team. This is the same standard we use for all our services, tailored to the specifics of manual testing.
How does it work?
01
You fill out the form, describe the application, specify the type of testing you want and your preferred date. You receive a quote in 48 business hours with a specific turnaround time.
02
Online with our lead pentester. We agree on the exact scope of testing, hours allowed for testing (if the application is sensitive to interruptions), emergency contact in case of an incident, requirements for test accounts.
03
Pentester works on a test environment (preferably staging – production only with explicit permission and strict limits). Daily communication via channel of choice (email, Slack), immediate reporting of critical findings.
04
05
Manual penetration tests are priced by the pentester’s time. The main factors affecting pricing:
You will receive a specific quote with a proposed schedule after completing the inquiry form. In response, we also offer a kick-off meeting, where we clarify the scope together before starting the work.
Manual penetration testing is performed by our CISO and a trusted third-party vendor (certified pentester with OSCP/OSCE). Each test is personally supervised by our CISO; the customer always receives a single, unified report signed by Ragnar Shield.
Manual penetration testing is essential for business-critical, financial, medical, e-commerce applications above a certain scale, and any application that processes sensitive or personal data. Standardly required by ISO 27001, PCI DSS, SOC 2 verifications, and increasingly by large corporate customers as a condition of signing a contract.
Recommended to perform the pentest once a year and after any significant application change (new module, integration with a partner, architectural migration). For advanced security teams – also after major infrastructure changes or after a security incident, as verification that the vulnerability has been successfully patched.
Normally, we perform testing on a staging or test environment that is separate from production. If for some reason it is necessary to test on production (rarely), we agree on strict limits – hours allowed, load limits, emergency contact on both sides. A manual pentest is much more careful than an automated scan – the pentester understands where verification ends and the risk of data destruction begins.
We have a procedure to follow: the pentester immediately withdraws, documents the situation without tampering with the evidence, contacts our CISO and you. Together we decide on the next steps (report to CERT, to the supervisory authority, etc.). The pentester is immediately suspended for clarification.
Yes. Our CISO holds CISSP-ISSMP, CISM, CISA certifications, and ISO 27001 and ISO 42001 verification. The third-party pentester working with us has an OSCP (Offensive Security Certified Professional) and years of experience in enterprise application testing.
Yes. We prepare reports in accordance with the requirements and expectations of certification verifiers. The format includes all required elements: test scope, methodology, CVSS classification, evidence, recommendations, re-test status. The report can be an attachment to the verification documentation.
Ragnar Shield diagnoses and reports, but does not provide implementation services – this principle also applies to pentests. This ensures that the report is unbiased: we have no interest in artificially increasing the number of findings. If you need a partner to fix vulnerabilities found, we will recommend a trusted entity from our network.
499,00 zł
Checks the company’s obligations as a result of detected leaks
Static code analysis complements testing of a running application
Quote in 48 hours. Re-test after repair included.
