Welcome to Perennial Consultancy

Your Business, Secured

Risk-free evaluation, First vulnerability at no cost Obligation free

If you are a nonprofit organization, we’d love to offer a special pricing to support your mission.  

Talk To Us

Transparent Pricing

Cost-effective Web Application Pentesting

Lite

Static Web pages for Regulatory Compliance Purposes.

$SGD 2,800/Target

Get Started
  • Remote test from Internet
  • Blackbox testing
  • Up to 2 forms eg. Subscription, Contact Form
  • Detailed Final report walk through
  • For a website with no user login functionality.

Best Value

Essential

Test your first line of defense against accounts breach.

$SGD 4,000/Target

Get Started
  • Remote test from Internet
  • Blackbox testing
  • Login Mechanism
  • Up to 2 forms eg. Subscription, Contact Form
  • Detailed Final report walk through
  • No testing of business and functional logic.

Enterprise

For Web services where security is paramount.

$SGD 8,000/Target

Get Started
  • Remote test from Internet
  • Greybox Testing
  • Login Mechanism
  • Up to 2 user roles eg. admin, standard user
  • Session Management
  • Business Logic
  • Functional Logic
  • Detailed Final report walk through

Picking the right vendor can be challenging.

Here’s what makes us stand out.

Licensed by Singapore Cybersecurity Agency (CSRO)

Licence No CS/PTS/C-2022-0123R

100% Singapore Based

All our ethical hackers are Singaporeans based in Singapore. We do not outsource our services

Industry Standards & more

Utilize the OWASP Top 10 framework and CVSS rating system. Hybrid approach with automated and manual testing

CREST Certified

Our professionals are CREST and CISSP certified with more than 10 years of experience

Specialise and Focus

We specialise in Web Penetration and Performance Test to ensure top-notch quality

Track Record (click to view)

Our customers come from Singapore government agencies, financial sector and SMEs

Still Can’t Decide?

Here’s a little help.

Free Evaluation

Your first vulnerability is on us, no obligation to sign up any package thereafter

Price Beat

We will match or better the price from another licensed service provider with the same pentest scope

Discount for Repeat Testing

20% discount for Enterprise package and 10% discount for Lite and Essential package for the same site. Savings for Pentest that needs to be done on annual basis

Note*: T&C applies, contact us for more details
Contact Us

FAQ's

There are black box, grey box and white box pentesting. 

  • Black Box – Testing without any prior knowledge of the application, thus simulating a hacker attempting to breach a website over Internet
  • Grey Box – Testing with limited knowledge of the application. Simulating an internal user who has some internal access or knowledge
  • White Box – Testing with full knowledge of the application, simulating an internal threat with access to source code and other sensitive information. Often for internal security team review.

Vulnerability Assessment identifies vulnerabilities without exploiting them. It uses automated tools to scan the application, system or networks, is broad and shallow and is usually performed regularly.

Penetration Test uses both automated tools and manual techniques to exploit the vulnerabilities or any types of security gaps that have not yet been discovered. It is usually done annually or after major changes to the application or infra.

Our web application pentest include both VA and PT. 

Yes, it is done at least once a year or after significant changes to the infra, applications or network.

This is due to the evolving threat landscape, frequent changes in the application, for compliance requirements, identifying security gaps and risk management.

To help business save cost, we provide discount for repeat testing.

Our pentest package is comprehensive. We understand that not all companies require in depth pentest which can be quite costly especially if you have a simple website but required pentest for regulatory purpose. You can choose from basic to in depth pentest depending on your scope. If you are not sure, or none of them suits you, feel free to reach out to us.

Our penetration tests are planned and coordinated to avoid any disruption. We will work out a mutually agreed schedule and will only start with your authorization. For best practice, we recommend our clients to target a test environment if possible or backup the data before pentesting.

The duration of pentest varies depending on the scope. Below are the estimated duration (exclude report writing) for the different packages:

  1. Lite : ~ 2 to 3 days
  2. Essential :  ~ 1 week
  3. Enterprise: ~ 2 weeks

Yes, we offer a free evaluation where we identify first vulnerability without providing a detailed report. This allows you to understand the value of our services and see the potential security improvements.

There are 5 phases in our pentest.

We will walk through the results hand in hand with you, clarifying and explaining any findings and remediation.

  1. Planning 
    • define rules of engagement and scope
  2. Reconnaissance
    • Gather info on target assets to construct attack surface
  3. Vulnerability Assessment
    • Automated or manual test to identify weaknesses and security loopholes
  4. Exploitation
    • Align attack vectors with identified vulnerabilities to gain unauthorized access or escalate privileges
  5. Reporting
    • Correlate info taken during assessment and provide remediation recommendation.
    • An interim report and a final report will be submitted. Final report is based on a re-test after vulnerabilities are remediated

 

Our report consists of:

  1. Executive Summary
    • Overview of assessment
    • Findings categorized by OWASP Top 10
    • Final observation
  2. Risk Register
    • Findings tracker
  3. Engagement scope
    • Scope of work, methodology and risk model used
  4. Detailed Findings
    • Issue details and background
    • Issue remediation


Latest Articles

G
Read More

G

Let's Start the Conversation