Web App Pentests 2.0:
Top scoring bug bounty hunters,
armed with white-box level insights.
Instead, get pentested by experienced and creative bounty hunters, armed with code & cloud scanning insights.
A typical one-off pentest won’t keep your SaaS product secure.
The old way
versus the new way.
This means they don’t always test for typical SaaS dangers like data leaks between accounts…
You don’t always want to give pentesters white-box access to your environment.
Their methods are uninventive, relying on automated scanners. (OWASP Zap and the likes) This means you’ll pay a lot for mediocre findings.
Without monitoring, you could be vulnerable the day after testing already. So they won’t keep you secure.
Aikido collaborates only with top notch bounty hunters. Bounty hunters that are creative and experienced in typical SaaS pitfalls.
The Aikido pentest team learns from your setup (code, langs, cloud, dependencies,...) via our AppSec monitoring platform. This way, we’re armed with insights that allow us to test where it hurts. The only way to know if you’re actually secure.
You’ll pay for valuable creative bounty hunter work, not for time spent running automated tests.
Aikido’s monitoring your environment every 24 hours, so you’ll know if a critical vulnerability pops up.
This includes an assessment of an extensive range of vulnerabilities, including those defined in the OWASP Top 10.
All verification of the testing is manual, aided with automatic tooling.
In just a few weeks, you'll have a thorough report
Preparation period
Preparation by connecting aikido to your code & cloud (which takes 3 minutes), giving access to some needed accounts, URLs, etc...
Testing period
In one week our team of bug bounty hunters go at it and try to hack your systems.
Draft report delivery
We deliver a report containing a summary of all findings, including technical details.
Review meeting
We set up a meeting to discuss the findings, including fix status.
Final report delivery
Delivery of the final version of the report. A report that is shareable with customers.
Regular pentests VS Aikido's pentests
Not built for SaaS companies' dangers
Done with checklist style methods
Typical consultancy style pentesters
4-6 working days per web app
Built for SaaS companies' dangers
Done with deep insights
Top notch, creative bounty hunters
4 working days per web app
Aikido security license, for one year
Automated report generation (OWASP, ISO, SOC 2, …), for one year
Don't just take our word for it...
![](https://cdn.prod.website-files.com/63d261b16e9eb023180a3ec0/6425c097478b0f80c54397a8_611e5aaca883f12c83f844c0_dscf4159-3-copy.jpg)
Hans Ott
Co-founder & CTO, journy.io
![](https://cdn.prod.website-files.com/63d261b16e9eb023180a3ec0/63d3ac2a7e4bf456e6836488_gertjan%20image.png)
Gertjan de Wilde
Co-founder & CEO, Apideck
Request a Pentest
Frequently Asked Questions
How many days of actual pentesting work is performed?
Typically, pentesting is completed in 5 days. (After preparation) Count half a day for report writing and half a day for preparation, setup & meetings.
How come your pentest costs only €6500?
The Aikido platform gives the bug bounty hunters relevant insights into your code & cloud security, making them way more efficient. We believe you shouldn't pay prime dollar for basic tests.