Pentesting for SaaS companies

_{Web App Pentests 2.0:}

Top scoring bug bounty hunters,

armed with white-box level insights.

Don’t waste your money on one-off, standardized pentests, done with off the shelf pentesting tools.
Instead, get pentested by experienced and creative bounty hunters, armed with code & cloud scanning insights.

A typical one-off pentest won’t keep your SaaS product secure.

— So how can you do that?

Get a manually performed, creative pentest

Done by top notch bug bounty hunters that search for weak spots in typically risky features. (file uploads, password resets, new features…)

Set up continuous security monitoring

By a cloud-native AppSec product.

The old way
versus the new way.

Typical Pentests

Typical pentests won’t satisfy your needs, because...

They’re not built for SaaS companies
_{This means they don’t always test for typical SaaS dangers like data leaks between accounts…}

You don’t want to give code-level access
_{You don’t always want to give pentesters white-box access to your environment.}

They’re typically over-priced
_{Their methods are uninventive, relying on automated scanners. (OWASP Zap and the likes) This means you’ll pay a lot for mediocre findings.}

On top of that, they’re not connected to your security toolset
_{Without monitoring, you could be vulnerable the day after testing already. So they won’t keep you secure.}

Aikido's Pentest & Continuous Monitoring

Aikido's pentest, combined with a continuous security monitoring platform package...

Is built for SaaS companies
_{Aikido collaborates only with top notch bounty hunters. Bounty hunters that are creative and experienced in typical SaaS pitfalls.}

Is done with white-box level insights
_{The Aikido pentest team learns from your setup (code, langs, cloud, dependencies,...) via our AppSec monitoring platform. This way, we’re armed with insights that allow us to test where it hurts. The only way to know if you’re actually secure.}

Fair price for actual, manual work
_{You’ll pay for valuable creative bounty hunter work, not for time spent running automated tests.}

Aikido is continuously keeping you secure
_‍_{Aikido’s monitoring your environment every 24 hours, so you’ll know if a critical vulnerability pops up.}

The Methodology

What can you expect?

We will use our application testing methodology to assess your web application backend.
This includes an assessment of an extensive range of vulnerabilities, including those defined in the OWASP Top 10.
All verification of the testing is manual, aided with automatic tooling.

Our methodology contains the following activities

Searching for injection vulnerabilities

Verifying proper input validation

Examining session management and the possibility of session hijacking

Attempting to access other accounts, verifying access control mechanisms and effective access rights

"Get white-box level pentesting, without having to give access to your code."

The Process

In just a few weeks, you'll have a thorough report

Preparation period
_{Preparation by connecting aikido to your code & cloud (which takes 3 minutes), giving access to some needed accounts, URLs, etc...}

Testing period
_{In one week our team of bug bounty hunters go at it and try to hack your systems.}

Draft report delivery
_‍_{We deliver a report containing a summary of all findings, including technical details.}

Review meeting
_{We set up a meeting to discuss the findings, including fix status.}

Final report delivery
_{Delivery of the final version of the report. A report that is shareable with customers.}

Total time spend is 5 days (Including testing report-drafting)

Regular pentests VS Aikido's pentests

Legacy Pentest

Not built for SaaS companies' dangers

Done with checklist style methods

Typical consultancy style pentesters

4-6 working days per web app

Typical total cost:

€6000 to €20000 / pentest

Aikido Pentest

Built for SaaS companies' dangers

Done with deep insights

Top notch, creative bounty hunters

4 working days per web app

Aikido security license, for one year

Automated report generation (OWASP, ISO, SOC 2, …), for one year

Aikido's total cost:

€ 9728 / year

^{(€3.228 subscription + €6.500 yearly pentest*)
*Price for a typical webapp (1-3 domains max)}

Don't just take our word for it...

"Feels good to know we’re paying for actual creative manual work and not for standardized pentests."

Hans Ott

Co-founder & CTO, journy.io

“It costs me half as much, and I get double the amount of actual great findings”

Gertjan de Wilde

Co-founder & CEO, Apideck

Request a Pentest

We'll get back to you asap!

Check our availabilities

FAQ

Frequently Asked Questions

How many days of actual pentesting work is performed?

Typically, pentesting is completed in 5 days. (After preparation) Count half a day for report writing and half a day for preparation, setup & meetings.

How come your pentest costs only €6500?

The Aikido platform gives the bug bounty hunters relevant insights into your code & cloud security, making them way more efficient. We believe you shouldn't pay prime dollar for basic tests.