Fornax Security logo
Coverage Methodology Packages FAQ
Download proposal
Offensive assessment with executive and technical focus

Validate your real exposure
before an attacker does.

Enterprise pentesting for internal infrastructure, Active Directory, web servers, APIs, cloud environments, and in-house applications. Delivery is designed for CISOs and IT leadership: evidence, business impact, and prioritized remediation.

Download commercial proposal Explore interactive coverage
OWASP-aligned
PTES-informed
Executive + technical report
Re-test included
For leadershipRisk translated into business impact and executive prioritization.
For ITActionable backlog by asset, vulnerability, and severity.
For auditReproducible evidence and support for compliance initiatives.
Executive risk view
Pentesting enterprise-ready
Active
6
available assessment vectors
30/60/90
optional remediation roadmap
3
commercial tiers: Starter, Professional, Enterprise
1
single goal: reduce risk with verifiable evidence
Average assessment depth74%
What the client receives
- Executive summary
- Prioritized findings
- Technical evidence
- Actionable recommendations
- Re-test
- Remediation workshop

Service infographic

Executive view to explain scope, phases, and deliverables for the pentesting service.

Share this summary with leadership, IT, and audit teams before the scoping meeting.

Pentesting service infographic in English Infografia del servicio de pentesting en espanol

Interactive service coverage

Click each domain to review scope, objectives, deliverables, and the suggested technical stack. This section is designed for the Services > Pentesting page of your web portal.

Work methodology

A clear process creates less operational friction and more executive value. Each phase produces useful information for decisions and remediation.

1
Scoping

Assets, exclusions, testing windows, contingency contacts, and rules of engagement.

2
Reconnaissance

Network, services, domains, ports, endpoints, and observable technologies.

3
Enumeration

Users, shares, permissions, versions, authentication, and reachable surfaces.

4
Exploitation

Controlled validation of findings to demonstrate criticality and impact.

5
Post-exploitation

Privilege paths, lateral movement, data access, and affected business scenarios.

6
Report + re-test

Executive summary, prioritized technical backlog, and remediation validation.

Suggested commercial packages

Reference model to show fast alternatives to CISOs and IT leadership. Pricing can be adjusted based on the confirmed scope.

Quick entry

Starter

USD 4,500
Starting at - 1 test vector or limited scope
  • 1 to 2 weeks of execution
  • Executive + technical report
  • Limited re-test
  • Ideal for an initial assessment
Recommended

Professional

USD 9,500
Starting at - multi-vector coverage with deeper manual validation
  • 2 to 4 weeks
  • Remediation workshop
  • Greater manual testing coverage
  • Ideal for production environments
High criticality

Enterprise

Custom
AD + web + APIs + apps + cloud
  • 4+ weeks or recurring program
  • Executive results committee
  • 30/60/90 roadmap
  • Ideal for enterprise groups

Interactive scope estimator

This does not replace a formal quote, but it helps visitors self-segment and understand the recommended level of effort.

How to read this estimator Use it to guide the commercial conversation. A final proposal should confirm scope, exclusions, testing windows, and environment type.
Automatic recommendation
Professional
Estimated effort: 14 to 20 days
Starting at USD 9,500
The recommendation is calculated based on attack surface size, criticality, and required depth. Use it to qualify opportunities before a scoping meeting.
Download proposal Resolve common questions

Frequently asked questions

Answers designed to remove common objections in sales cycles with security, IT, and leadership teams.

What is the difference between a vulnerability assessment and pentesting?

A vulnerability assessment identifies potential exposure; pentesting validates exploitability and real impact through controlled testing. That makes the evidence more useful for prioritizing decisions.

Can an internal network be tested without administrator credentials?

Yes. A no-initial-privilege scenario simulates an attacker who already gained LAN presence. It can still reveal exposure paths, segmentation issues, insecure shares, and escalation vectors.

What does the CISO or IT manager receive at the end?

An executive summary for decision making, a detailed technical report, a prioritized remediation matrix, and, when contracted, a re-test to validate closure.

Can proprietary or in-house applications be evaluated?

Yes. Binaries, APKs, installers, and internal web applications can be reviewed through decompilation, static and dynamic analysis, secret review, and traffic validation.

Recommended next step
Turn this landing page into a real commercial opportunity.
Use this page as the destination for Services > Pentesting. The download button already points to the executive and commercial proposal included in this kit.
Download proposal View coverage
Download proposal