Welcome to Perennial Consultancy

Penetration Testing Services Singapore, CREST Certified Expert

CSRO Licensed Pentest,
Unlimited Retests

We prioritise what matters – Exploitable risks in your most critical functions – giving you confidence what matters most is protected

Talk To Us

Cost-effective Application Penetration Test Packages

Share Your Requirements for an Optimized Quote

Lite

Static Web pages for Regulatory Compliance Purposes, eg. Website.

$SGD 2,800/Target

Get Started
  • Remote test from Internet
  • Blackbox testing
  • Up to 2 forms eg. Subscription, Contact Form
  • Detailed Report walk through with remediation guidance
  • Up to 2 Retests after remediation
  • For a website with no user login and financial transaction functionality.

Best Value

Essential

Focus on Critical Function and high risk areas. e.g SaaS 

$SGD 4,000/Target

Get Started
  • Remote test from Internet
  • Greybox or Blackbox testing
  • Authentication / Authorization
  • Session Management
  • Business Logic
  • Functional Logic
  • Up to 2 user roles eg. admin, standard user
  • Detailed Report walk through with remediation guidance
  • Up to 3 Retests after remediation

Enterprise

For services where security is paramount, eg. Fintech, Govt agencies.

$SGD 8,000/Target

Get Started
  • Remote test from Internet
  • Greybox Testing
  • Authentication / Authorization
  • Session Management
  • Business Logic
  • Functional Logic
  • APIs (up to 20 endpoints)
  • Test WAF (Web App Firewall) Bypass
  • Up to 3 user roles eg. admin, operator, standard user
  • Detailed Report walk through with remediation guidance
  • Unlimited Retests after remediation

Need something not listed? Contact us for a customised Pentest Solution

Contact Us


Our Penetration Testing (VAPT) Process

Planning

Defines rules of engagement including scope, schedule, environment and boundaries

Intel Gathering

Gather info on target assets to construct a map of target attack surface to be used in the following phase

Assessment

Automated or manual tests using recon techniques to discover weaknesses in target network

Exploitation

Align attack vectors with identified vulnerabilities to exploit the target's critical functions

Report / Retests

Interim and final reports with remediation guidance & walkthrough, including retests


ChatBot Large Language Models (LLMs)
Penetration Testing

LLMs are transforming industries, but they also introduce new security risks

Data Leakage

LLMs can unintentionally reveal PII, confidential business data, or API keys from their training data or interactions

Prompt Injection

Attackers manipulate prompts to bypass security controls, extract unauthorized data, or execute unintended actions

Data Poisoning

 Attackers inject malicious or biased data into training datasets, influencing future model behavior in unintended ways

Unauthorized Action

LLMs integrated with external systems can be tricked into executing unauthorized commands, such as resetting passwords or issuing transactions

Denial of Service

Attackers send overly complex or high-volume queries to exhaust system resources, making the LLM slow or unavailable

 

Securing these powerful systems has never been more critical

Find out More

What Sets Our VAPT Services Apart

Our Key Differentiators in Penetration Testing

Licensed by Singapore Cybersecurity Agency (CSRO)

Licensed since June 2022 - Licence No CS/PTS/C-2022-0123R

100% Singapore Based

All our ethical hackers are Singaporeans based in Singapore. We do not outsource our services

Industry Standards & more

Utilize the OWASP Top 10 framework, CVSS severity rating & CWE/CVE mapping, delivered through a combination of automated and manual testing

CREST Certified

Our professionals are CREST and CISSP certified with more than 10 years of experience

Unlimited Retests (Enterprise)

We work alongside your team, providing full support to remediate the findings

Track Record (click to view)

Our customers come from Singapore government agencies, financial sector and SMEs


Our Unique Pentest & Vulnerability Assessment Approach

Real-World Exploitability Scenario

We don’t just check for the existence of a vulnerability, we assess how likely it is to be exploited in a real world scenario.

If an exploit requires excessive effort or highly unlikely conditions, (eg. first gaining access to the server or bypass multiple layers of security), it may not pose the same level of threat as a more easily exploitable finding.

This approach ensures a more balanced risk ratings and actionable reports that accurately reflect real security risks.

Focus on Business Critical Functions

We focus on business-critical functions that face high risk in real-world scenarios with > 80% of our findings from manual test

By understanding your business environment, we tailor our penetration tests to target areas that truly matter.  Eg. An authentication token with TTL of 2 hrs could be excessive for fintech but not for a F&B caterer.

Our tests aren’t generic, they are designed to uncover and exploit vulnerabilities based on your unique risk landscape.

 

Avoid turning Penetration Test into an Expensive Vulnerability Scan

 

Why Choose Us for Penetration Testing?

Risk-free evaluation, transparent pricing and cost saving for recurring Pentest

Free Evaluation

Get your first vulnerability at no cost. No obligation, no long sales pitch -just proof of value before you commit.

Price Beat

Already have a quote? We will match or beat any equivalent pentest scope from a licensed service provider. Same quality, better value.

Discount for Repeat Testing

Need annual pentesting to satisfy compliance requirements? Get up to 20% discount for repeat testing on the same application or environment.

Note*: Risk-free evaluation is available for customers considering our enterprise package
Contact Us

FAQ's

There are black box, grey box and white box pentesting. 

  • Black Box – Testing without any prior knowledge of the application, thus simulating a hacker attempting to breach a website over Internet
  • Grey Box – Testing with limited knowledge of the application. Simulating an internal user who has some internal access or knowledge
  • White Box – Testing with full knowledge of the application, simulating an internal threat with access to source code and other sensitive information. Often for internal security team review.

Vulnerability Assessment identifies vulnerabilities without exploiting them. It uses automated tools to scan the application, system or networks, is broad and shallow and is usually performed regularly.

Penetration Test uses both automated tools and manual techniques to exploit the vulnerabilities or any types of security gaps that have not yet been discovered. It is usually done annually or after major changes to the application or infra.

Our web application pentest include both VA and PT. 

Yes, it is done at least once a year or after significant changes to the infra, applications or network.

This is due to the evolving threat landscape, frequent changes in the application, for compliance requirements, identifying security gaps and risk management.

To help business save cost, we provide discount for repeat testing.

Our pentest package is comprehensive. We understand that not all companies require in depth pentest which can be quite costly especially if you have a simple website but required pentest for regulatory purpose. You can choose from basic to in depth pentest depending on your scope. If you are not sure, or none of them suits you, feel free to reach out to us. We perform Mobile and LLM Penetration Test as well.

While traditional web and mobile penetration testing focuses on finding vulnerabilities in code, networks or app interfaces such as SQL injection or broken authentication, LLM penetration testing dives into the unique world of AI.
 
Large Language Models (LLMs) don’t just have codes to exploit; they have behaviors to probe. They are tested for risks like prompt injection (tricking the AI into misbehaving), data exposure through clever queries, or even adversarial inputs that confuse the model’s logic. Unlike web or mobile apps, LLMs learn from vast datasets, so we also check for unintended outputs or biases that could mislead or weaponized.
 
We use OWASP Top 10 for LLM Applications framework for our pentesting.
Contact us to find out more.

Our penetration tests are planned and coordinated to avoid any disruption. We will work out a mutually agreed schedule and will only start with your authorization. For best practice, we recommend our clients to target a test environment if possible or backup the data before pentesting.

The duration of pentest varies depending on the scope. Below are the estimated duration (exclude report writing) for the different packages:

  1. Lite : ~ 2 to 3 days
  2. Essential :  ~ 1 week
  3. Enterprise: ~ 1.5 to 2 weeks

Yes, we offer a free evaluation where we identify first vulnerability without providing a detailed report.

This service is for customer considering Enterprise package. This allows you to understand the value of our services and see the potential security improvements.

Our report consists of:

  1. Executive Summary
    • Overview of assessment for Management
    • Findings categorized by OWASP Top 10
    • Final observation
  2. Risk Register
    • Findings tracker
  3. Engagement scope
    • Scope of work, methodology and risk model used
  4. Detailed Findings
    • Issue details and background
    • Issue remediation


Latest Articles

G
Read More

G

Let's Start the Conversation