Chaining in Cybersecurity: How Attackers Exploit Multiple Vulnerabilities
In the ever-evolving world of cybersecurity, attackers constantly refine their strategies to bypass defenses
Welcome to Perennial Consultancy
Your Business, Secured
Risk-free evaluation, First vulnerability at no cost Obligation free
If you are a nonprofit organization, we’d love to offer a special pricing to support your mission.
Transparent Pricing
Cost-effective Application Pentesting
Lite
Static Web pages for Regulatory Compliance Purposes.
$SGD 2,800/Target
- Remote test from Internet
- Blackbox testing
- Up to 2 forms eg. Subscription, Contact Form
- Detailed Final report walk through
- For a website with no user login functionality.
Best Value
Essential
Test your first line of defense against accounts breach.
$SGD 4,000/Target
- Remote test from Internet
- Blackbox testing
- Login Mechanism
- Up to 2 forms eg. Subscription, Contact Form
- Detailed Final report walk through
- No testing of business and functional logic.
Enterprise
For services where security is paramount, eg. MAS-regulated firms.
$SGD 8,000/Target
- Remote test from Internet
- Greybox Testing
- Login Mechanism
- Up to 2 user roles eg. admin, standard user
- Session Management
- Business Logic
- Functional Logic
- APIs
- Detailed Final report walk through
Large Language Models (LLMs)
Penetration Testing
LLMs are transforming industries, but they also introduce new security risks
Data Leakage
LLMs can unintentionally reveal PII, confidential business data, or API keys from their training data or interactions
Prompt Injection
Attackers manipulate prompts to bypass security controls, extract unauthorized data, or execute unintended actions
Data Poisoning
Attackers inject malicious or biased data into training datasets, influencing future model behavior in unintended ways
Unauthorized Action
LLMs integrated with external systems can be tricked into executing unauthorized commands, such as resetting passwords or issuing transactions
Denial of Service
Attackers send overly complex or high-volume queries to exhaust system resources, making the LLM slow or unavailable
Securing these powerful systems has never been more critical
Picking the right vendor can be challenging
Here’s what makes us stand out
Licensed by Singapore Cybersecurity Agency (CSRO)
Licence No CS/PTS/C-2022-0123R
100% Singapore Based
All our ethical hackers are Singaporeans based in Singapore. We do not outsource our services
Industry Standards & more
Utilize the OWASP Top 10 framework and CVSS rating system. Hybrid approach with automated and manual testing
CREST Certified
Our professionals are CREST and CISSP certified with more than 10 years of experience
Specialise and Focus
We specialise in Penetration and Performance Test to ensure top-notch quality
Track Record (click to view)
Our customers come from Singapore government agencies, financial sector and SMEs
What Makes Our Approach Unique?
Real-World Exploitability Scenario
We don’t just check for the existence of a vulnerability, we assess how likely it is to be exploited in a real world scenario.
If an exploit requires excessive effort or highly unlikely conditions, (eg. first gaining access to the server or bypass multiple layers of security), it may not pose the same level of threat as a more easily exploitable finding.
This approach ensures a more balanced risk ratings and actionable reports that accurately reflect real security risks.
Focus on Business Critical Functions
We focus on business-critical functions that face high risk in real-world scenarios.
By understanding your business environment, we tailor our penetration tests to target areas that truly matter – whether it’s your wallet, authentication system, APIs or user data storage, where a breach could have real consequences.
Our tests aren’t generic, they are designed to uncover and exploit vulnerabilities based on your unique risk landscape.
Avoid turning Penetration Test into an Expensive Vulnerability Scan
Still Can’t Decide?
Here’s a little help.
Free Evaluation
Your first vulnerability is on us, no obligation to sign up any package thereafter
Price Beat
We will match or better the price from another licensed service provider with the same pentest scope
Discount for Repeat Testing
20% discount for Enterprise package and 10% discount for Lite and Essential package for the same site. Savings for Pentest that needs to be done on annual basis
Note*: T&C applies, contact us for more details
FAQ's
What are the different approaches of Pentesting?
There are black box, grey box and white box pentesting.
- Black Box – Testing without any prior knowledge of the application, thus simulating a hacker attempting to breach a website over Internet
- Grey Box – Testing with limited knowledge of the application. Simulating an internal user who has some internal access or knowledge
- White Box – Testing with full knowledge of the application, simulating an internal threat with access to source code and other sensitive information. Often for internal security team review.
What is Vulnerability Assessment? How is it different from Pentest?
Vulnerability Assessment identifies vulnerabilities without exploiting them. It uses automated tools to scan the application, system or networks, is broad and shallow and is usually performed regularly.
Penetration Test uses both automated tools and manual techniques to exploit the vulnerabilities or any types of security gaps that have not yet been discovered. It is usually done annually or after major changes to the application or infra.
Our web application pentest include both VA and PT.
Is it necessary to perform Pentest regularly?
Yes, it is done at least once a year or after significant changes to the infra, applications or network.
This is due to the evolving threat landscape, frequent changes in the application, for compliance requirements, identifying security gaps and risk management.
To help business save cost, we provide discount for repeat testing.
How to identify the type of Pentest package we should go for?
Our pentest package is comprehensive. We understand that not all companies require in depth pentest which can be quite costly especially if you have a simple website but required pentest for regulatory purpose. You can choose from basic to in depth pentest depending on your scope. If you are not sure, or none of them suits you, feel free to reach out to us. We perform Mobile and LLM Penetration Test as well.
How is LLM Penetration Test different from Web Penetration Test?
While traditional web and mobile penetration testing focuses on finding vulnerabilities in code, networks or app interfaces such as SQL injection or broken authentication, LLM penetration testing dives into the unique world of AI.
Large Language Models (LLMs) don’t just have codes to exploit; they have behaviors to probe. They are tested for risks like prompt injection (tricking the AI into misbehaving), data exposure through clever queries, or even adversarial inputs that confuse the model’s logic.
Unlike web or mobile apps, LLMs learn from vast datasets, so we also check for unintended outputs or biases that could mislead or weaponized. Contact us to find out more.
Will pentesting disrupt our environment or cause our system to go down?
Our penetration tests are planned and coordinated to avoid any disruption. We will work out a mutually agreed schedule and will only start with your authorization. For best practice, we recommend our clients to target a test environment if possible or backup the data before pentesting.
How long does a pentest take?
The duration of pentest varies depending on the scope. Below are the estimated duration (exclude report writing) for the different packages:
- Lite : ~ 2 to 3 days
- Essential : ~ 1 week
- Enterprise: ~ 2 weeks
Do you offer a free evaluation of your pentesting services?
Yes, we offer a free evaluation where we identify first vulnerability without providing a detailed report. This allows you to understand the value of our services and see the potential security improvements.
What is your Pentest process like?
There are 5 phases in our pentest.
We will walk through the results hand in hand with you, clarifying and explaining any findings and remediation.
- Planning
- define rules of engagement and scope
- Reconnaissance
- Gather info on target assets to construct attack surface
- Vulnerability Assessment
- Automated or manual test to identify weaknesses and security loopholes
- Exploitation
- Align attack vectors with identified vulnerabilities to gain unauthorized access or escalate privileges
- Reporting
- Correlate info taken during assessment and provide remediation recommendation.
- An interim report and a final report will be submitted. Final report is based on a re-test after vulnerabilities are remediated
What is included in your Pentest report?
Our report consists of:
- Executive Summary
- Overview of assessment for Management
- Findings categorized by OWASP Top 10
- Final observation
- Risk Register
- Findings tracker
- Engagement scope
- Scope of work, methodology and risk model used
- Detailed Findings
- Issue details and background
- Issue remediation
Latest Articles
The Wild World of Large Language Models: How Secure Are They Really?
A super-smart assistant that can write essays, crack jokes, and even help you code—all
The Hidden Cybersecurity Risk in Your Job Listings: Why Less is More
In today’s competitive job market, companies need to be strategic when it comes to