Penetration test packages
At Oneleet, we offer 3 different types of penetration test packages.
| Feature | Compliance | Comprehensive | Custom |
|---|---|---|---|
| Description | A high-level assessment of your application, evaluating the effectiveness of your security measures. | A penetration test that examines all aspects of your application’s attack surface to identify vulnerabilities across all categories. | A penetration test that examines all aspects of your application’s attack surface to identify vulnerabilities across all categories. |
| Target | Web Applications Mobile Applications APIs | Web Applications Mobile Applications APIs Networks Cloud Assessmentss Secure Code Reviews Social Engineering | Web Applications Mobile Applications APIs Networks Cloud Assessmentss Secure Code Reviews Social Engineering Red Teaming IoT Devices |
| Use cases | Vulnerability testing of existing & new features. Often sufficient for early-stage companies going through SOC 2 | Vulnerability testing of existing & new features. Microservices testing. Testing based on several OWASP frameworks | Companies with multiple applications, red teaming, etc. |
| Testers | Manual test with a penetration tester that is at minimum OSCP & OSCE/OSWE certified | Manual test with a penetration tester that is at minimum OSCP & OSCE/OSWE certified | Manual test with a penetration tester that is at minimum OSCE/OSWE certified |
| Customizable Report | Not Included | Included | Included |
| Support | Answer within 48H | Dedicated point of contact that answers within 24H | Dedicated point of contact that answers within 24H |
| Free Retesting | 12 months | 12 months | 12 months |
| Rush delivery | Optional | Optional | Included |
| Letter of Engagement | Included | Included | Included |
| Letter of Attestation | Included | Included | Included |
| Customized Letters | Not included | Included | Included |
| Onboarding Support | Slack | Slack & Live | Slack & Live |
| Dedicated Customer Success Manager | Not included | Included | Included |
| Used Standards | Pentest conducted in accordance with industry-standard methodologies such as OWASP Top-10 | Pentest conducted in accordance with industry-standard methodologies such as OWASP WSTG, OWASP ASVS, etc. | Pentest conducted in accordance with industry-standard methodologies such as OWASP WSTG, OWASP ASVS, etc. |