Token Pricing for NetSPI Offerings
Azure Cloud Penetration Testing
NetSPI’s Cloud Penetration Test will identify architectural and configuration weaknesses that could lead to compromise of critical cloud-based environments. NetSPI will focus on internal and external network services coupled with a configuration review of utilized cloud services (e.g. IaaS, PaaS). NetSPI leverages proprietary manual testing processes and deep expertise in cloud security as well as commercial, open source, and proprietary toolsets.
| Size | Scoping Parameters: One (1) deep dive Azure Cloud Pentest against Azure Cloud | Tokens |
|---|---|---|
| Small | Network penetration testing will include external network layer testing of approximately 20 Internet IPs and internal network layer testing of approximately 20 VMs | 14 |
| Medium | Network penetration testing will include external network layer testing of approximately 50 Internet IPs and internal network layer testing of approximately 50 VMs | 21 |
| Large | Network penetration testing will include external network layer testing of approximately 100 Internet IPs and internal network layer testing of approximately 100 VMs | 29 |
Testing Deliverables:
- Testing on 1 Azure subscription and the services hosted under the subscription
- Configuration review including:
- Review of security group rules
- IAM review of AzureAD users and groups
- Review of utilized Azure services (including, but not limited to, App Services, AzureSQL, Virtual Machines, & Storage Accounts)
- Remediation testing is not included
- All testing will be conducted from NetSPI facilities
- Testing in a production environment
- A testing schedule will be coordinated between NetSPI client delivery managers and client stakeholders
- Automated scanning and manual testing 24×7
- Findings analysis, reporting, and quality assurance reviews
AWS Cloud Penetration Testing
NetSPI’s Cloud Penetration Test will identify architectural and configuration weaknesses that could lead to compromise of critical cloud-based environments. NetSPI will focus on internal and external network services coupled with a configuration review of utilized cloud services (e.g. IaaS, PaaS). NetSPI leverages proprietary manual testing processes and deep expertise in cloud security as well as commercial, open source, and proprietary toolsets.
| Size | Scoping Parameters: One (1) deep dive AWS Cloud Pentest against AWS Cloud | Tokens |
|---|---|---|
| Small | Network penetration testing will include external network layer testing of approximately 20 Internet IPs and internal network layer testing of approximately 20 EC2 instances | 14 |
| Medium | Network penetration testing will include external network layer testing of approximately 50 Internet IPs and internal network layer testing of approximately 50 EC2 instances | 21 |
| Large | Network penetration testing will include external network layer testing of approximately 100 Internet IPs and internal network layer testing of approximately 100 EC2 instances | 29 |
Testing Deliverables:
- Testing on 1 AWS account and the services hosted under the account
- Configuration review including:
- Review of security group rules
- IAM review of AWS users and groups
- Review of utilized AWS services (including, but not limited to, EC2, RDS, S3, & Lambda)
- Remediation testing is not included
- All testing will be conducted from NetSPI facilities
- Testing in a production environment
- A testing schedule will be coordinated between NetSPI client delivery managers and client stakeholders
- Automated scanning and manual testing 24×7
- Findings analysis, reporting, and quality assurance reviews
Google Cloud Penetration Testing
NetSPI’s Cloud Penetration Test will identify architectural and configuration weaknesses that could lead to compromise of critical cloud-based environments. NetSPI will focus on internal and external network services coupled with a configuration review of utilized cloud services (e.g. IaaS, PaaS). NetSPI leverages proprietary manual testing processes and deep expertise in cloud security as well as commercial, open source, and proprietary toolsets.
| Size | Scoping Parameters: One (1) deep dive Google Cloud Pentest against GCP | Tokens |
|---|---|---|
| Small | Network penetration testing will include external network layer testing of approximately 20 Internet IPs and internal network layer testing of approximately 20 VMs | 17 |
| Medium | Network penetration testing will include external network layer testing of approximately 50 Internet IPs and internal network layer testing of approximately 50 VMs | 26 |
| Large | Network penetration testing will include external network layer testing of approximately 100 Internet IPs and internal network layer testing of approximately 100 VMs | 37 |
Testing Deliverables:
- Testing on 1 Google Cloud Platform subscription and the services hosted under the subscription
- Configuration review including:
- Review of security group rules
- IAM review of GCP users, roles, and groups
- Review of utilized GCP services (including, but not limited to, VM, Cloud SQL, Cloud Storage, & Cloud Functions)
- Remediation testing is not included
- All testing will be conducted from NetSPI facilities
- Testing in a production environment
- A testing schedule will be coordinated between NetSPI client delivery managers and client stakeholders
- Automated scanning and manual testing 24×7
- Findings analysis, reporting, and quality assurance reviews
External Penetration Testing
NetSPI will identify Client’s susceptibility to an external penetration from the Internet (e.g., hacker, worm, etc.). We will identify and verify system, network, and application layer weaknesses. We will target identified vulnerabilities and attempt to gain unauthorized access to networks, systems, hosts, applications that may host sensitive or restricted data (including PCI data, PII, PHI, etc.). NetSPI relies on expert manual testing and leverages commercial, open source, and proprietary software to fulfill test objectives.
| Size | Scoping Parameters: One (1) Deep Dive External Penetration Test | Tokens |
|---|---|---|
| X-Small | Discovery scanning on up to 256 IP addressesPenetration testing on up to 10 active systems | 10 |
| Small | Discovery scanning on up to 512 IP addressesPenetration testing on up to 50 active systems | 13 |
| Medium | Discovery scanning on up to 1,024 IP addressesPenetration testing on up to 100 active systems | 16 |
| Large | Discovery scanning on up to 2,048 IP addressesTesting on up to 200 active systems | 20 |
| X-Large | Discovery scanning on up to 4,096 IP addressesPenetration testing on up to 300 active systems | 24 |
Testing Deliverables:
- Unauthenticated testing of web interfaces or applications identified through service discovery
- Privilege escalation will be performed where possible
- Remediation testing is included; each medium and higher vulnerability may be retested, in a single batch process, 1 time within 90 calendar days of initial identification
- Testing will be conducted from NetSPI facilities
- Remediation testing will be conducted from NetSPI facilities, will not be restricted to specific times of day, and may occur 24×7
- Testing in a production environment
- A testing schedule will be coordinated between NetSPI client delivery managers and client stakeholders
- Open source intelligence (OSINT) discovery will not be restricted to specific times of day and may occur 24×7
- Discovery scanning (ping/port scanning and domain enumeration) will not be restricted to specific times and may occur 24×7
- Automated testing (scanning) will not be restricted to specific times of day and may occur 24×7
- Manual testing will not be restricted to specific times of day and may occur 24×7
- Findings analysis, reporting, and quality assurance reviews
- One report
Internal Penetration Testing
NetSPI will identify Client’s susceptibility to a penetration from an internal threat (e.g., malicious user, third party, or attacker that has breached the perimeter). We will identify and verify system, network, and application layer weaknesses. We will target identified vulnerabilities and attempt to gain unauthorized access to networks, systems, hosts, applications that may host any sensitive or restricted data (including PCI data, PII, PHI, etc.). NetSPI relies on expert manual testing and leverages commercial, open source, and proprietary software to fulfill test objectives.
| Size | Scoping Parameters: One (1) Deep Dive Internal Penetration Test | Tokens |
|---|---|---|
| Small | Discovery scanning on up to 512 IP addressesPenetration testing on up to 50 active systems | 15 |
| Medium | Discovery scanning on up to 1,024 IP addressesPenetration testing on up to 100 active systems | 18 |
| Large | Discovery scanning on up to 2,048 IP addressesTesting on up to 200 active systems | 22 |
| X-Large | Discovery scanning on up to 4,096 IP addressesPenetration testing on up to 300 active systems | 27 |
Testing Deliverables:
- Privilege escalation will be performed where possible
- Remediation testing is included; each high and critical vulnerability may be retested, in a single batch process, 1 time within 90 calendar days of initial identification
- Testing will be conducted from NetSPI facilities
- Remediation testing will be conducted from NetSPI facilities, will not be restricted to specific times of day, and may occur 24×7
- Testing in a production environment
- A testing schedule will be coordinated between NetSPI client delivery managers and client stakeholders
- Automated testing (scanning) will not be restricted to specific times of day and may occur 24×7
- Manual testing will not be restricted to specific times of day and may occur 24×7
- Findings analysis, reporting, and quality assurance reviews
- One report
Mobile Application Penetration Testing
NetSPI uses deep-dive manual testing processes to identify design and configuration weaknesses in mobile applications. Through a process of multi-vector testing, NetSPI will identify vulnerabilities and create actionable recommendations to assist Client in reducing risk to mobile applications and associated environments.
| Size | Scoping Parameters: One (1) Deep Dive Mobile Application Penetration Test | Tokens |
|---|---|---|
| Small | Testing on up to 40 functional elements (including forms, screens, web service methods, and dynamic endpoints)Testing from the perspective of 1 user roleIn-scope application runs on iOS or Android | 12 |
| Medium | Testing on up to 25 functional elements (including forms, screens, web service methods, and dynamic endpoints)Testing from the perspective of 1 user roleIn-scope application runs on iOS & Android | 15 |
| Large | Testing on up to 50 functional elements (including forms, screens, web service methods, and dynamic endpoints)Testing from the perspective of 1 user roleIn-scope application runs on iOS & Android | 19 |
| X-Large | Testing on up to 85 functional elements (including forms, screens, web service methods, and dynamic endpoints)Testing from the perspective of 1 user roleIn-scope application runs on iOS & Android | 23 |
Testing Deliverables:
- Remediation testing is included; each medium and higher vulnerability may be retested, in a single batch process, 1 time within 90 calendar days of initial identification
- Testing will be conducted from NetSPI facilities
- Remediation testing will be conducted from NetSPI facilities, will not be restricted to specific times of day, and may occur 24×7
- Testing in a non-production environment
- A testing schedule will be coordinated between NetSPI client delivery managers and client stakeholders
- Automated testing (scanning) will not be restricted to specific times of day and may occur 24×7
- Manual testing will not be restricted to specific times of day and may occur 24×7
- Findings analysis, reporting, and quality assurance reviews
- One report
Static Application Penetration Testing
NetSPI uses a combination of commercial and open source SAST tools to identify security vulnerabilities in an application’s source code. We manually analyze all medium and high severity findings to eliminate false positives and ensure that developers can focus on security issues that matter (true positives). Reports include actionable recommendations to assist Client in following secure development best practices.
| Size | Scoping Parameters | Tokens |
|---|---|---|
| Small | Up to 75,000 LOCLevel of effort: 3 business days | 8 |
| Medium | Between 75,000 and 150,000 LOCLevel of effort: 4 business days | 11 |
| Large | Between 150,000 and 300,000 LOCLevel of effort: 6 business days | 16 |
| X-Large | Between 300,000 to 500,000 LOCLevel of effort: 7 business days | 19 |
Languages Supported:
- Java – Java, J2SE, J2EE
- .NET – C#,
- VB.NET
- ASP
- Visual Basic 6
- PHP
- Ruby – Ruby on Rails
- JavaScript
- TypeScript – Angular
- Perl
- Android (Java)
- iOS (Objective-C, Swift)
- PL/SQL
- Python
Testing Deliverables:
- Only OWASP Top 10 category of vulnerabilities will be reported
- Medium or higher severity vulnerabilities will be triaged, and false positives will be removed
- Assessment report provided with vulnerability description, location of each instance of the vulnerability (file path & line number), severity and actionable remediation guidance
- PDF report available at the end of the assessment
- Vulnerability information available through the NetSPI Platform
Static Application Penetration Testing (SAST) OWASP Top 10
NetSPI uses a combination of commercial and open source SAST tools to identify security vulnerabilities belonging to the OWASP Top 10 category in an application’s source code. We manually analyze all medium and high severity findings to eliminate false positives and ensure that your developers can focus on security issues that matter (true positives). Reports include actionable recommendations to assist Client in following secure development best practices.
| Size | Scoping Parameters | Tokens |
|---|---|---|
| Small | Up to 75,000 LOCLevel of effort: 2 business days | 6 |
| Medium | Between 75,000 and 150,000 LOCLevel of effort: 3 business days | 9 |
| Large | Between 150,000 and 300,000 LOCLevel of effort: 4 business days | 11 |
| X-Large | Between 300,000 to 500,000 LOCLevel of effort: 5 business days | 14 |
Languages Supported:
- Java – Java, J2SE, J2EE
- .NET – C#, VB.NET
- ASP
- Visual Basic 6
- JavaScript
- PHP
- Perl
- Android (Java)
- iOS (Objective-C, Swift)
- PL/SQL
Testing Deliverables:
- Only OWASP Top 10 category of vulnerabilities will be reported
- Comprehensive list of medium or higher severity vulnerabilities identified using a combination of deep-dive manual code review and true positive findings from automated scans
- Assessment report provided with vulnerability description, location of each instance of the vulnerability (file path & line number), severity and actionable remediation guidance, including vulnerabilities that are typically detected using manual techniques
- PDF report available at the end of the assessment
- Vulnerability information available through the NetSPI Platform
Secure Code Review
NetSPI uses commercial and open source Static Analysis Security Testing (SAST) tools along with a deep-dive manual review to identify security vulnerabilities in an application’s source code. The Manual Code Review component within our SCR offering identifies vulnerabilities that automated scanners cannot detect and provides additional coverage utilizing a more thorough ‘contextual’ review to gain insights into the real risk associated with insecure code. We manually review each application’s configuration, underlying frameworks, and libraries to determine vulnerabilities that can be exploited based on how the application has been stitched together. Reports include actionable recommendations to assist Client in following secure development best practices.
| Size | Scoping Parameters | Tokens |
|---|---|---|
| Small | Up to 75,000 LOCLevel of effort: 5 business days | 14 |
| Medium | Between 75,000 and 150,000 LOCLevel of effort: 7 business days | 19 |
| Large | Between 150,000 and 300,000 LOCLevel of effort: 10 business days | 27 |
| X-Large | Between 300,000 to 500,000 LOCLevel of effort: 15 business days | 40 |
Languages Supported:
- Java – Java, J2SE, J2EE
- .NET – C#, VB.NET
- ASP
- Visual Basic 6JavaScriptPHPPerl
- Android (Java)
- iOS (Objective-C, Swift)
- PL/SQL
- Python
Testing Deliverables:
- Comprehensive list of medium or higher severity vulnerabilities identified using a combination of deep-dive manual code review and true positive findings from automated scans
- Assessment report provided with vulnerability description, location of each instance of the vulnerability (file path & line number), severity and actionable remediation guidance, including vulnerabilities that are typically detected using manual techniques
- PDF report available at the end of the assessment
- Vulnerability information available through the NetSPI Platform
Secure Code Review (SCR) OWASP Top 10
NetSPI uses commercial and open source Static Analysis Security Testing (SAST) tools along with a deep-dive manual review to identify security vulnerabilities belonging to OWASP Top 10 category in an application’s source code. The Manual Code Review component within our SCR OWASP Top 10 offering identifies vulnerabilities that automated scanner cannot detect and provides additional coverage utilizing a more thorough ‘contextual’ review approach to gain insights into the real risk associated with insecure code. We manually review each application’s configuration, underlying frameworks, and libraries to determine vulnerabilities that can be exploited based on how the application has been stitched together. Reports include actionable recommendations to assist Client in following secure development best practices.
| Size | Scoping Parameters | Tokens |
|---|---|---|
| Small | Up to 75,000 LOCLevel of effort: 4 business days | 11 |
| Medium | Between 75,000 and 150,000 LOCLevel of effort: 5 business days | 14 |
| Large | Between 150,000 and 300,000 LOCLevel of effort: 8 business days | 22 |
| X-Large | Between 300,000 to 500,000 LOCLevel of effort: 10 business days | 27 |
Languages Supported:
- Java – Java, J2SE, J2EE
- .NET – C#,
- VB.NET
- ASP
- Visual Basic 6
- PHP
- Ruby – Ruby on Rails
- JavaScript
- TypeScript – Angular
- Perl
- Android (Java)
- iOS (Objective-C, Swift)
- PL/SQL
- Python
Testing Deliverables:
- Only OWASP Top 10 category of vulnerabilities will be reported
- Medium or higher severity vulnerabilities will be triaged, and false positives will be removed
- Assessment report provided with vulnerability description, location of each instance of the vulnerability (file path & line number), severity and actionable remediation guidance
- PDF report available at the end of the assessment
- Vulnerability information available through the NetSPI Platform
Thick Application Penetration Testing
NetSPI uses deep-dive manual testing processes to identify design and configuration weaknesses in thick applications. Through a process of multi-vector testing, NetSPI will identify vulnerabilities and create actionable recommendations to assist Client in reducing risk to applications.
| Size | Scoping Parameters: One (1) Deep Dive Thick Application Penetration Test | Tokens |
|---|---|---|
| Small | Testing on up to 15 functional elements (including forms, screens, web service methods, and dynamic endpoints)No interactive users (e.g., service) | 13 |
| Medium | Testing on up to 20 functional elements (including forms, screens, web service methods, and dynamic endpoints)Testing from the perspective of 1 user role | 17 |
| Large | Testing on up to 30 functional elements (including forms, screens, web service methods, and dynamic endpoints)Testing from the perspective of 1 user role | 21 |
| X-Large | Testing on up to 50 functional elements (including forms, screens, web service methods, and dynamic endpoints)Testing from the perspective of 1 user role | 29 |
Testing Deliverables:
- Each medium and higher vulnerability may be retested 1 time within 90 days of initial identification
- All testing will be conducted from NetSPI facilities
- Testing in a non-production environment
- Automated scanning and manual testing 24×7
- Findings analysis, reporting, and quality assurance reviews
Web Application Penetration Testing (Non-Production)
NetSPI uses sophisticated manual processes and automated tools to identify weaknesses in web applications from the perspective of authenticated users. These processes identify security vulnerabilities including business logic flaws and the OWASP Top 10. Verified findings and actionable recommendations are provided to assist Client in reducing the risk to critical applications.
| Size | Scoping Parameters: One (1) Deep Dive Web Application Penetration Test | Tokens |
|---|---|---|
| Small | Testing on up to 40 functional elements (including forms, screens, web service methods, and dynamic endpoints)Testing from the perspective of 3 user roles | 13 |
| Medium | Testing on up to 70 functional elements (including forms, screens, web service methods, and dynamic endpoints)Testing from the perspective of 3 user roles | 17 |
| Large | Testing on up to 100 functional elements (including forms, screens, web service methods, and dynamic endpoints)Testing from the perspective of 3 user roles | 21 |
| X-Large | Testing on up to 150 functional elements (including forms, screens, web service methods, and dynamic endpoints)Testing from the perspective of 3 user roles | 33 |
Testing Deliverables:
- Each medium and higher vulnerability may be retested 1 time within 90 days of initial identification
- All testing will be conducted from NetSPI facilities
- Testing in a non-production environment
- Automated scanning and manual testing 24×7
- Findings analysis, reporting, and quality assurance reviews
Web Application Penetration Testing (Production)
NetSPI uses sophisticated manual processes and automated tools to identify weaknesses in web applications from the perspective of authenticated users. These processes identify security vulnerabilities including business logic flaws and the OWASP Top 10. Verified findings and actionable recommendations are provided to assist Client in reducing the risk to critical applications.
| Size | Scoping Parameters: One (1) Deep Dive Web Application Penetration Test | Tokens |
|---|---|---|
| Small | Testing on up to 40 functional elements (including forms, screens, web service methods, and dynamic endpoints)Testing from the perspective of 3 user roles | 14 |
| Medium | Testing on up to 70 functional elements (including forms, screens, web service methods, and dynamic endpoints)Testing from the perspective of 3 user roles | 18 |
| Large | Testing on up to 100 functional elements (including forms, screens, web service methods, and dynamic endpoints)Testing from the perspective of 3 user roles | 22 |
| X-Large | Testing on up to 150 functional elements (including forms, screens, web service methods, and dynamic endpoints)Testing from the perspective of 3 user roles | 35 |
Testing Deliverables:
- Remediation testing is included; each medium and higher vulnerability may be retested, in a single batch process, 1 time within 90 calendar days of initial identification
- Testing will be conducted from NetSPI facilities
- Remediation testing will be conducted from NetSPI facilities, will not be restricted to specific times of day, and may occur 24×7
- Testing in a production environment
- A testing schedule will be coordinated between NetSPI client delivery managers and client stakeholders
- Automated testing (scanning) will not be restricted to specific times of day and may occur 24×7
- Manual testing will not be restricted to specific times of day and may occur 24×7
- Findings analysis, reporting, and quality assurance reviews
- One report
Attack Surface Management
| Asset Tiers | Scoping Parameters | Tokens |
|---|---|---|
| Up to 5,000 assets | Domains and IPs totaling up to 5,000 assets$15,000 | 15 |
| Up to 10,000 assets | Domains and IPs totaling up to 10,000 assets$30,000 | 30 |
| Up to 15,000 assets | Domains and IPs totaling up to 15,000 assets$45,000 | 45 |
Each of the above Tiers will be accompanied by a one (1) year subscription to our Attack Surface Management Platform, subject to the Attack Surface Management terms and conditions contained in the applicable SOW.
Breach and Attack Simulation
| Tiers | Scoping Parameters | Tokens |
|---|---|---|
| Lite | BAS Platform Access (2 Seats)Additional Access available on a per seat basis. Each additional seat costs $5,000/yearWorkspace, Timeline, and Heatmap dashboardsPDF ReportSimple and Advanced filteringThreat and Malware TagsCommon Play PackCore agent functionality to execute playsResolve AccessYour subscription includes an annual 1-week detective control baseline evaluation with our team of experts. During your first evaluation, NetSPI will also onboard your team onto the BAS platform. All evaluations will be conducted remotely during daytime business hours. | 75 |
| Standard | BAS Platform Access (5 Seats)Additional Access available on a per seat basis. Each additional seat costs $5,000/yearLite Access +Data export to CSV/JSONPlay schedulingAdvanced Play PackExtended Play PackUp to 2 custom play requestsResolve AccessYour subscription includes an annual 2 week detective control baseline evaluation with our team of experts. During your first evaluation, NetSPI will also onboard your team onto the BAS platform. All evaluations will be conducted remotely during daytime business hours. | 100 |
| Plus | BAS Platform Access (10 Seats)Additional Access available on a per seat basis. Each additional seat costs $5,000/yearStandard Access +Up to 4 custom play requestsResolve AccessCustom configuration of 3 operations and deployment of agent to three systemsYour subscription includes an annual 2 week detective control baseline evaluation with our team of experts. During your first evaluation, NetSPI will also onboard your team onto the BAS platform. All evaluations will be conducted remotely during daytime business hours. 3 additional detective control evaluations will be conducted on a cadence of once per quarter to validate the efficacy of your detective controls on a recurring basis. | 150 |
Each of the above Tiers will be accompanied by a one (1) year subscription to our Breach and Attack Simulation Solution, subject to the Breach and Attack Simulation terms and conditions contained in the applicable SOW.
Custom Scope
| Scoping Parameters | Tokens |
|---|---|
| NetSPI will work directly with Client to scope out any work that falls outside the defined menu listed above. | TBD |