Welcome to Perennial Consultancy

Your Business, Secured

Risk-free evaluation, First vulnerability at no cost Obligation free

If you are a nonprofit organization, we’d love to offer a special pricing to support your mission.  

Transparent Pricing

Cost-effective Application Pentesting

Lite

Static Web pages for Regulatory Compliance Purposes.

$SGD 2,800/Target

  • For a website with no user login functionality.

Best Value

Essential

Test your first line of defense against accounts breach.

$SGD 4,000/Target

  • No testing of business and functional logic.

Enterprise

For services where security is paramount, eg. MAS-regulated firms.

$SGD 8,000/Target


Large Language Models (LLMs)
Penetration Testing

LLMs are transforming industries, but they also introduce new security risks

Data Leakage

LLMs can unintentionally reveal PII, confidential business data, or API keys from their training data or interactions

Prompt Injection

Attackers manipulate prompts to bypass security controls, extract unauthorized data, or execute unintended actions

Data Poisoning

 Attackers inject malicious or biased data into training datasets, influencing future model behavior in unintended ways

Unauthorized Action

LLMs integrated with external systems can be tricked into executing unauthorized commands, such as resetting passwords or issuing transactions

Denial of Service

Attackers send overly complex or high-volume queries to exhaust system resources, making the LLM slow or unavailable

 

Securing these powerful systems has never been more critical

Picking the right vendor can be challenging

Here’s what makes us stand out

Licensed by Singapore Cybersecurity Agency (CSRO)

Licence No CS/PTS/C-2022-0123R

100% Singapore Based

All our ethical hackers are Singaporeans based in Singapore. We do not outsource our services

Industry Standards & more

Utilize the OWASP Top 10 framework and CVSS rating system. Hybrid approach with automated and manual testing

CREST Certified

Our professionals are CREST and CISSP certified with more than 10 years of experience

Specialise and Focus

We specialise in Penetration and Performance Test to ensure top-notch quality

Track Record (click to view)

Our customers come from Singapore government agencies, financial sector and SMEs


What Makes Our Approach Unique?

Real-World Exploitability Scenario

We don’t just check for the existence of a vulnerability, we assess how likely it is to be exploited in a real world scenario.

If an exploit requires excessive effort or highly unlikely conditions, (eg. first gaining access to the server or bypass multiple layers of security), it may not pose the same level of threat as a more easily exploitable finding.

This approach ensures a more balanced risk ratings and actionable reports that accurately reflect real security risks.

Focus on Business Critical Functions

We focus on business-critical functions that face high risk in real-world scenarios. 

By understanding your business environment, we tailor our penetration tests to target areas that truly matter – whether it’s your  wallet, authentication system, APIs or user data storage, where a breach could have real consequences.

Our tests aren’t generic, they are designed to uncover and exploit vulnerabilities based on your unique risk landscape.

 

Avoid turning Penetration Test into an Expensive Vulnerability Scan

 

Still Can’t Decide?

Here’s a little help.

Free Evaluation

Your first vulnerability is on us, no obligation to sign up any package thereafter

Price Beat

We will match or better the price from another licensed service provider with the same pentest scope

Discount for Repeat Testing

20% discount for Enterprise package and 10% discount for Lite and Essential package for the same site. Savings for Pentest that needs to be done on annual basis

Note*: T&C applies, contact us for more details

FAQ's

There are black box, grey box and white box pentesting. 

  • Black Box – Testing without any prior knowledge of the application, thus simulating a hacker attempting to breach a website over Internet
  • Grey Box – Testing with limited knowledge of the application. Simulating an internal user who has some internal access or knowledge
  • White Box – Testing with full knowledge of the application, simulating an internal threat with access to source code and other sensitive information. Often for internal security team review.

Vulnerability Assessment identifies vulnerabilities without exploiting them. It uses automated tools to scan the application, system or networks, is broad and shallow and is usually performed regularly.

Penetration Test uses both automated tools and manual techniques to exploit the vulnerabilities or any types of security gaps that have not yet been discovered. It is usually done annually or after major changes to the application or infra.

Our web application pentest include both VA and PT. 

Yes, it is done at least once a year or after significant changes to the infra, applications or network.

This is due to the evolving threat landscape, frequent changes in the application, for compliance requirements, identifying security gaps and risk management.

To help business save cost, we provide discount for repeat testing.

Our pentest package is comprehensive. We understand that not all companies require in depth pentest which can be quite costly especially if you have a simple website but required pentest for regulatory purpose. You can choose from basic to in depth pentest depending on your scope. If you are not sure, or none of them suits you, feel free to reach out to us. We perform Mobile and LLM Penetration Test as well.

While traditional web and mobile penetration testing focuses on finding vulnerabilities in code, networks or app interfaces such as SQL injection or broken authentication, LLM penetration testing dives into the unique world of AI.
 
Large Language Models (LLMs) don’t just have codes to exploit; they have behaviors to probe. They are tested for risks like prompt injection (tricking the AI into misbehaving), data exposure through clever queries, or even adversarial inputs that confuse the model’s logic.
 
Unlike web or mobile apps, LLMs learn from vast datasets, so we also check for unintended outputs or biases that could mislead or weaponized. Contact us to find out more.

Our penetration tests are planned and coordinated to avoid any disruption. We will work out a mutually agreed schedule and will only start with your authorization. For best practice, we recommend our clients to target a test environment if possible or backup the data before pentesting.

The duration of pentest varies depending on the scope. Below are the estimated duration (exclude report writing) for the different packages:

  1. Lite : ~ 2 to 3 days
  2. Essential :  ~ 1 week
  3. Enterprise: ~ 2 weeks

Yes, we offer a free evaluation where we identify first vulnerability without providing a detailed report. This allows you to understand the value of our services and see the potential security improvements.

There are 5 phases in our pentest.

We will walk through the results hand in hand with you, clarifying and explaining any findings and remediation.

  1. Planning 
    • define rules of engagement and scope
  2. Reconnaissance
    • Gather info on target assets to construct attack surface
  3. Vulnerability Assessment
    • Automated or manual test to identify weaknesses and security loopholes
  4. Exploitation
    • Align attack vectors with identified vulnerabilities to gain unauthorized access or escalate privileges
  5. Reporting
    • Correlate info taken during assessment and provide remediation recommendation.
    • An interim report and a final report will be submitted. Final report is based on a re-test after vulnerabilities are remediated

 

Our report consists of:

  1. Executive Summary
    • Overview of assessment for Management
    • Findings categorized by OWASP Top 10
    • Final observation
  2. Risk Register
    • Findings tracker
  3. Engagement scope
    • Scope of work, methodology and risk model used
  4. Detailed Findings
    • Issue details and background
    • Issue remediation


Latest Articles

G

G

Let's Start the Conversation