Our Customer Portal Has Been Updated! Sign-in, orders, support tickets, and invoices are now managed through our new customer portal.

Go to Portal
Knowledge Base
Rates 47,05 53,95

Security Audit & Pentest

Penetration Testing

Pentest Lite, Standard, and Red Team Enterprise packages with OWASP Top 10 analysis, detailed reporting, and retest rights.

  • OWASP Top 10
  • Web · API · Network
  • Retest Rights
  • Risk Classification
  • Red Team
  • Detailed Report

Pentest Plans

Security Audit & Pentest Plans

Pentest Lite, Standard, and Red Team Enterprise plans from single domain to full corporate red team scenarios — scope, delivery timeline, and retest rights with fixed TRY/USD/EUR pricing.

Prices reflect current hostingturkiye.com.tr list rates (not central bank conversion). Evaluate firewall & WAF and DDoS protection before and after pentest.

Pentest Lite

Written authorization · Detailed report

  • 1 domain kapsamı
  • 3 business day delivery
  • Vulnerability report delivery
  • 1 retest included
  • OWASP Top 10 analysis

23,999.90/Project

Add to cart

Red Team Enterprise

Written authorization · Detailed report

  • 2–3 week testing process
  • SOC recommendations and workshop
  • Scenario-based attacks across all systems
  • Executive-level reporting
  • Custom retest plan

289,999.90/Project

Add to cart

3 plans include standard infrastructure

OWASP Top 10 analysis, detailed risk classification, remediation guidance, and retest rights on all pentest plans.

  • OWASP Top 10 Web application vulnerability analysis
  • Web + API + Network Standard plan and above
  • Risk Classification Critical/high/medium/low
  • Retest Verification after remediation
  • Detailed Report Executive summary + technical detail
  • Red Team Scenario-based attack on Enterprise plan

Current pricing · Prices exclude VAT

Guide

About this service

Security audit and penetration testing services identify vulnerabilities in your infrastructure and web applications through authorized, controlled testing — with detailed reporting and a remediation roadmap.

Service overview

Penetration testing evaluates system, network, and application layers from an attacker’s perspective. Findings are classified by risk level with actionable remediation steps.

Who it’s for

  • E-commerce and payment infrastructure operators
  • SaaS and API-based platform providers
  • Regulated industries (finance, healthcare, government)
  • Corporate hosting and premium VDS customers

Pentest methodology

TypeDescription
Black boxExternal testing with no prior knowledge
Grey boxLimited system information provided
White boxFull source code and access provided

Test scope is defined in writing during the proposal phase.

Vulnerability analysis scope

  • OWASP Top 10 web application vulnerabilities
  • Network and port scanning
  • Authentication and session management
  • Authorization and access control
  • Configuration and hardening errors
  • Data leakage and information disclosure

Reporting process

Two-layer reports are delivered:

  1. Executive summary: Risk profile, critical findings, priority matrix
  2. Technical report: Vulnerability details, proof of concept, affected components, remediation steps

Retest (verification testing) is available on request.

Defense layers after pentest

After remediating findings, add Firewall & WAF and DDoS protection for ongoing defense. Monitoring & SLA provides continuous surveillance.

Support

24/7 support for pentest planning, report interpretation, and retest coordination.

FAQ

Frequently asked questions

What is penetration testing?

Penetration testing (pentest) is the authorized, controlled process of identifying security vulnerabilities in systems, networks, or web applications. Findings are reported with remediation recommendations.

Which systems can be tested?

Web applications, API endpoints, network infrastructure, virtual servers, dedicated servers, and server colocation environments can be included in test scope.

What pentest methodologies are used?

Black box (external, no prior knowledge), grey box (limited information), and white box (full access) methodologies are available. Scope and methodology are defined during the proposal phase.

How is reporting structured?

A detailed report includes vulnerability descriptions, risk levels (critical/high/medium/low), proof of concept (PoC), and remediation recommendations. Executive summary and technical detail sections are separated.

Is OWASP Top 10 covered?

Web application pentests reference OWASP Top 10 and OWASP Testing Guide. SQL injection, XSS, authorization flaws, and configuration vulnerabilities are evaluated.

What should I do after testing?

Prioritize critical and high findings for remediation. Add Firewall WAF and DDoS protection as defense layers. Schedule regular pentests for ongoing assurance.

Is this suitable for regulated industries?

Periodic security audits for finance, healthcare, and e-commerce sectors can be scoped to meet compliance requirements. Expectations are clarified during the proposal phase.

How does the proposal process work?

Test scope, methodology, timeline, and reporting format are evaluated, then a proposal is prepared. Testing begins after written authorization.

How often should pentests be performed?

Critical systems should be tested at least annually. Additional tests are recommended after major updates or infrastructure changes.

Is pentest legal?

Yes. Pentest with written authorization is a legal and ethical security audit. Scope, target systems, and timeline are defined in the agreement.

Is retest available after remediation?

After fixing findings, retest (verification testing) can be requested to confirm critical and high vulnerabilities are properly closed.

What are the package differences?

Pentest Lite covers basic web app testing; Standard adds network and API scope; Red Team Enterprise includes full red team simulation with social engineering components.

Why Hosting Türkiye?

Support & activation

Our 24/7 support team helps with hosting, email, and SSL questions.

Choose your pentest package.

From Lite to Red Team Enterprise — project-based USD pricing.

Support