Choose Your Preferred Contact Method
Comprehensive security assessment of web-based applications, covering vulnerabilities up and down the entire stack, leveraging our experience with just about every web technology.
In-depth security testing for iOS and Android applications, including runtime analysis and static analysis.
Thorough evaluation of API security endpoints, authentication mechanisms, and data validation processes.
Security analysis of CI/CD pipelines, focusing on secure deployment practices and infrastructure hardening.
Security evaluation of embedded systems and firmware, including binary analysis and hardware security testing.
Security evaluation of cloud environments, including access controls, network configuration, and compliance requirements.
Our Toronto team brings decades of specialized penetration testing experience, with hundreds of successful assessments completed. Our work begins where the typical junior armed with a scanner ends. 95% of our testing is manual.
We're a small team of application security experts, we don't try to be all things to all clients. If you need help with incident response, forensics or some other speciality, we're happy to refer you to trusted partners.
Our Toronto, Canada local team has performed hundreds of application penetration tests. Manual testing by experts, with the same team from start to finish.
Our comprehensive methodology is built on decades of industry penetration testing and development experience, leveraging the OWASP Top 10, OWASP application testing guide and refined through countless CTFs and conferences.
Personalized assessment approach based on your unique system architecture and requirements.
Connect directly with our security experts either by e-mail, submitting a contact form or setting up a call - no salespeople involved. We'll discuss your requirements, provide sample pricing, demonstrate our capabilities and outline a preliminary scope. Afterwards we'll prepare a proposal inline with our discussion and sample prices below.
After acceptance of the proposal, we'll schedule a kick-off to formalize the engagement with a clear scope document and testing parameters. We'll establish all technical requirements and communication protocols.
Expert-led penetration testing with regular communication. Critical findings are reported within 24 hours, with weekly status updates throughout the engagement.
Receive a detailed technical report with clear remediation guidance. Our experts will walk you through all findings and answer your questions. Providing follow-up remediation advice.
Verify your fixes with up to three free retests within 30 days. Our team remains available for remediation guidance throughout this period.
Please see below for example pricing of typical engagement scopes. All amounts are in CAN ($). These are provided for information purposes only and are non-binding until the engagement of a services agreement.
A web application with linear business logic such as a search, calculator or submission page, overall less than 5 pages. Often no authentication or one user role.
Estimated Cost:$8,000
Typical Duration: 1 Week
A web application with more complex business logic including database backend elements such as an inventory or messaging system. Usually includes user authentication and permission management with user profiles, 2-3 user roles. 5+ to dozens of pages.
Estimated Cost:$15,000
Typical Duration
2 - 3 Weeks
A web application with high complexity business logic, robust feature set and complex authentication and permission management. Customizable permission and privilege level user roles. Often incorporates elements of other high value systems (payment, ICS, etc.).
Estimated Cost:$30,000
Typical Duration
4 Weeks
Comprehensive documentation with actionable recommendations
3 rounds of retesting within 1 month
Expert guidance on vulnerability remediation
Simple API (REST / SOAP / GraphQL / gRPC) with a limited number of endpoints. Basic authentication with a flat permission scheme. Usually under 10 endpoints. If authentication is present typically standalone.
Estimated Cost:$8,000
Typical Duration: 1 Week
Medium complexity API (REST / SOAP / GraphQL / gRPC) with multiple endpoints, typically in the 10-50 endpoint range, authenticated with a small number of permission/authorization levels.
Estimated Cost:$18,000
Typical Duration
2 - 3 Weeks
Complex API with 50+ endpoints and hundreds of parameters. Potentially multiple versions and API implementations (ie: both SOAP and REST). Multiple permission roles and integrations.
Estimated Cost:$35,000
Typical Duration
4 Weeks
Comprehensive documentation with actionable recommendations
3 rounds of retesting within 1 months
Expert guidance on vulnerability remediation
Small mobile application with a limited number of pages. Testing on one platform only. Assessments cover on-device, in-transit and backend interface testing.
Estimated Cost:$9,000
Typical Duration: 1 Week
Medium sized application with authentication and backend database. Multiple web services. Focus on iOS or Android with limited testing on the other platform. Assessment scope will cover a full range of on-device, data-in-transit and backend endpoints.
Estimated Cost:$18,000
Typical Duration
2 - 3 Weeks
High complexity business logic with extremely feature rich mobile application. In-depth authentication and permission management. Both iOS and Android applications will be assessed, including static code review. Assessment scope will cover a full range of on-device, data-in-transit and backend endpoints.
Estimated Cost:$35,000
Typical Duration
4 Weeks
Comprehensive documentation with actionable recommendations
3 rounds of retesting within 1 month
Expert guidance on vulnerability remediation
