Cybercraft
In a Box In a Box

Your web application is the part of your business an attacker reaches first. Here is what they find.

Three tiers of web application penetration testing โ€” from a non-intrusive Bronze configuration review (from $990, delivered in 5โ€“7 days) to a full ASVS Level 1 Gold assessment for compliance-driven requirements. OSCP-certified testers. Developer-readable reports.

Book Bronze โ€” from $990 Non-intrusive. 5โ€“7 business days. Safe to run against production.
What brought you here?
Three buyers โ€” three tiers

The right tier depends on what's driving the engagement. Most businesses start with Bronze.

Bronze

From $990
5โ€“7 business days
For: Developers and technical leads who want to know if a web application is externally exposed before launch or after a significant change. Non-intrusive โ€” safe to run against production systems.
  • Exposed service and port mapping
  • SSL/TLS configuration review
  • HTTP security headers
  • Passive information leakage
  • Authentication mechanism review
Book Bronze

Silver

From $2,490
2โ€“3 weeks
For: Businesses with a revenue-generating application that needs assurance against the OWASP Top 10 โ€” before a major client review, an investor assessment, or an insurance renewal that asks specifically about application security testing.
  • Everything in Bronze
  • Active OWASP Top 10 testing
  • Authenticated testing
  • Business logic testing
  • Re-test within 90 days included
Book Silver

Gold

From $4,990
3โ€“4 weeks
For: Mature businesses or regulated entities that need ASVS Level 1 verification for compliance, enterprise client requirements, or ISO 27001 certification. Includes a compliance statement mapping findings to your specific requirement.
  • Everything in Silver
  • ASVS Level 1 verification
  • Architecture and design review
  • Limited source code review
  • Compliance statement included
Book Gold
Why CyberCraft
OSCP-certified testers. Developer-readable reports.

Every CyberCraft web app penetration test is conducted by an OSCP-certified tester. The report is written for developers โ€” not for auditors. Each finding includes the specific code-level or configuration change required to remediate it. A finding without a fix is an observation, not a useful output.

Bronze is non-intrusive. Bronze uses passive and semi-passive techniques โ€” it does not send attack payloads or attempt to exploit the application. It can be run against a production system without risk of disruption. Silver and Gold involve active exploitation attempts โ€” a test environment is strongly recommended for those tiers.

How it works
Same process for all tiers โ€” scaled by scope

Kickoff call โ€” 30 minutes

Scope agreement, application overview, test credentials (Silver/Gold only), and agreed test window. Bronze can often proceed without a kickoff call.

Active testing within the agreed window

Bronze: non-intrusive. Silver and Gold: active exploitation attempts in a test window or test environment. If we find anything critical, you hear from us immediately โ€” not in the final report.

Draft report delivered for review

You see the draft before finalisation. If any finding needs clarification or context, this is when we address it.

Debrief call (Silver and Gold)

One-hour walkthrough of findings with your development or technical lead. Optional for Bronze. Silver and Gold include a re-test within 90 days of final report delivery.

Where to next
In a Box โ†’ Testing

Silver after Bronze

Bronze found exposure that needs active exploitation testing. Silver tests what Bronze identified.

Book Silver โ†’
Getting Started

Security Health Check

Want to know the full external picture beyond the web application? The Security Health Check covers the broader attack surface.

Security Health Check โ†’
Annual

Annual re-testing

Web applications change. Annual re-testing is standard practice. CyberCraft provides an annual Bronze or Silver re-test at a reduced rate for returning clients.

Talk to us โ†’

Not sure which tier? Bronze is the right starting point for most businesses.

Book Bronze โ€” from $990, 5โ€“7 days
Non-intrusive. Safe for production. Upgrade to Silver after you see the results.
Silver โ€” OWASP Top 10 โ€” from $2,490  ยท  Gold โ€” ASVS Level 1 โ€” from $4,990

Kaurna Acknowledgement

We acknowledge and pay our respects to the Kaurna people, the traditional custodians of the ancestral lands on which we work. We acknowledge the deep feelings of attachment and relationship of the Kaurna people to country and we respect and value their past, present and ongoing connection to the land and cultural beliefs.