Elementrica
03Case Studies04References05Company06News07Contact
PLENDE

PENETRATION TESTING

Penetration testing that shows where your company can actually be attacked

Manual penetration testing aligned with PTES and OWASP, run by pentesters certified in OSCP and OSEP. You get a report with evidence, risk priorities and a concrete fix list, plus a retest after remediation.

11 types of penetration testManual testing, not an automated scanReport with reproduction stepsRetest after fixes included

WHY IT MATTERS

A scanner shows known issues. Attackers look for the ones it cannot see

An automated scan finds what already has a signature. Real breaches run through business-logic flaws, privilege chains and configurations no scanner can assemble into one path. That is exactly what we test by hand.

A real example: a single API flaw let one client pull another client’s data. Unfixed, that means a data breach, a GDPR fine and a duty to notify the regulator. The scanner reported that endpoint as fine.

TEST TYPES

Black-box, grey-box, white-box. Three levels of knowledge, three perspectives

The test model depends on how much knowledge of the system you hand the team. Each one mirrors a different kind of attacker and gives a different depth of coverage. We match it to the test goal and the time budget.

Black-box
No prior knowledge

The pentester gets no knowledge of the system and acts like an outside attacker. It most faithfully mirrors a real breach from the internet, but takes more time.

Grey-box
Partial knowledge

The team gets limited access, for example a user account. It balances realism with efficiency and lets us test permissions and privilege escalation.

White-box
Full knowledge

The pentester receives full documentation and often the source code. It enables the deepest analysis and finds the maximum number of vulnerabilities in the shortest time.

WHAT YOU GET

A report your team can act on Monday morning

01
Technical report
Every finding with a description, evidence, a CVSS score and reproduction steps so your team can confirm it.
02
Executive summary
Risk and business impact without jargon. The material a CISO uses to convince the board.
03
Remediation priorities
A fix list ordered by real impact, not by CVSS number alone.
04
Concrete recommendations
Exactly what to change, not a vague “improve validation”. We point to the spot and the method.
05
Retest after fixes
Once fixes ship we test again and confirm the issue is gone, in writing.
06
Post-test support
We answer your team’s questions during remediation. We do not vanish after sending a PDF.

We tailor scope to your environment. Below is the full list of test types we run.

OUR APPROACH

Manual testing by experienced, certified pentesters, not an automated scan

Anyone can run a scanner. The value of a pentest is a human who connects seemingly small flaws into a real attack path and proves it with a working exploit. That is why every project is run by experienced pentesters whose certifications confirm their competence, not a tool console.

We work to PTES and OWASP, so the result is repeatable and comparable. We document not only what we found, but how we used it and what it means for the business. Without that second part, a report is just a list of alerts.

COMPLIANCE

A test that passes the regulator’s audit

Penetration testing is an explicitly required or strongly recommended part of compliance. We deliver a report you can hand to an auditor.

DORA
Digital operational resilience testing for financial entities. A report ready for the regular-testing requirement.
NIS2
Risk management and security testing duties for essential and important entities.
ISO 27001
Evidence that controls work (A.8) for maintaining and recertifying the system.
NIS Act (KSC)
Security testing of systems for operators of essential services and public bodies.

STANDARDS & CERTIFICATIONS

We work to recognized methodologies, not gut feeling

Every project is run by certified pentesters and based on public standards. That makes the result repeatable, auditable and comparable across vendors.

Team certifications
OSCPOSCPOffSec
OSEPOSEPOffSec
OSWEOSWEOffSec
OSEDOSEDOffSec
OSWAOSWAOffSec
OSWPOSWPOffSec
BSCPBSCPPortSwigger
CPTSCPTSHack The Box
CBBHCBBHHack The Box
CWEECWEEHack The Box
CRTOCRTOZero-Point Security
CREST CRTCREST CRTCREST
CREST CPSACREST CPSACREST
ISO 27001 LAISO 27001 LAISO/IEC
Azure Security EngineerAzure Security EngineerMicrosoft
Security Operations AnalystSecurity Operations AnalystMicrosoft
Security AdministratorSecurity AdministratorMicrosoft
OSCPOSCPOffSec
OSEPOSEPOffSec
OSWEOSWEOffSec
OSEDOSEDOffSec
OSWAOSWAOffSec
OSWPOSWPOffSec
BSCPBSCPPortSwigger
CPTSCPTSHack The Box
CBBHCBBHHack The Box
CWEECWEEHack The Box
CRTOCRTOZero-Point Security
CREST CRTCREST CRTCREST
CREST CPSACREST CPSACREST
ISO 27001 LAISO 27001 LAISO/IEC
Azure Security EngineerAzure Security EngineerMicrosoft
Security Operations AnalystSecurity Operations AnalystMicrosoft
Security AdministratorSecurity AdministratorMicrosoft
Verification standards
OWASP ASVS 5.0.0OWASP MASVS
Testing methodologies
PTESOWASP WSTGOWASP MASTGNIST SP 800-115MITRE ATT&CK
Top 10 lists
OWASP Top 10:2025OWASP API Security Top 10OWASP Mobile Top 10OWASP Top 10 for LLM

We share the full list of certifications and standards on request, together with a sample test scope.

HOW WE DO IT

A repeatable process based on PTES

01
Scoping
We define the goal, scope and rules of engagement, so you know what we test and when before we start.
02
Intelligence gathering
We map the attack surface: assets, technologies and entry points.
03
Threat modeling
We define what a real attacker would go after and prioritize the most damaging scenarios.
04
Vulnerability analysis
We hunt for weak points by hand and verify each one to filter out false positives.
05
Exploitation
We confirm vulnerabilities with a working proof, not a theoretical alert list.
06
Post-exploitation
We check the real blast radius: privilege escalation, lateral movement and access to data.
07
Report and retest
You get a report with fix priorities, and after remediation we confirm the gaps are closed.

PRICING

Priced individually, with no hidden line items

We price a test on scope, because every environment is different. After a short call you get a concrete, no-obligation quote, usually within 24 hours.

What the price depends on
Size and complexity
The number of applications, roles, functions and hosts in scope.
Test model
Black-box, grey-box or white-box. Each means a different amount of work.
Scope
Web, mobile, API, network or social engineering, individually or combined.
Standards and report format
Required methodologies, compliance mapping and an audit-ready report format.

EVIDENCE

Numbers behind every promise

Every test is run by certified pentesters, and we document the result with reproduction steps, evidence and a verified remediation path. Proof, not a promise.

500+
security tests and audits completed
5.0
average score from 10 verified Clutch reviews
20+
offensive certifications across the team
01
Certified team
20+ offensive certifications across the team (OSCP, OSEP, OSWE, CREST). Tests are run by our people, not anonymous subcontractors.
02
Manual testing
We work by hand to PTES and OWASP, chaining seemingly small flaws into a real, proven attack path.
03
Evidence, not a promise
Every finding comes with reproduction steps and a working proof. A report that holds up in front of an auditor.
04
Retest included
After fixes are deployed we confirm in writing that the gaps are closed. We do not vanish once the PDF is sent.

TEST SCOPE

Pick the area you want to check

Eleven types of penetration testing, grouped by where the risk lives. Each links to a detailed scope.

KNOWLEDGE

Penetration testing in practice, step by step

What a penetration test is, and what it is not

A penetration test is a controlled, authorized attack on your system, run the way a real attacker would but within an agreed scope and fully documented. The goal is not just to produce a list of vulnerabilities, but to prove what can actually be done with them: which data can be reached, which account taken over and how far into the infrastructure an attacker can go.

That is what separates a pentest from a vulnerability scan. A scanner compares what it sees against a database of known signatures and returns a list of alerts, often with many false positives. A pentester verifies every hypothesis by hand, chains individually harmless flaws into a single attack path and confirms it with a working proof. A scan can be part of a test, never a replacement for it.

When to commission a test

The best moment to test is just before a system goes live for users, and after every significant change: a new feature, a cloud migration, an architecture change or an integration with an external provider. Each of those creates new attack surface that an earlier test did not cover.

Regardless of changes, we recommend at least an annual cycle, and a more frequent one in high-risk environments. A test is also often required outright by regulation or by a counterparty as part of due diligence. If an incident has occurred, a separate test after remediation confirms that the flaw was actually closed, not merely worked around.

What determines scope and how we set the rules

Before we start, we agree the scope and rules of engagement together: which systems are in play, which techniques are allowed, the time windows we work in and who your point of contact is. That way you know exactly what happens and when, and the test does not disrupt production.

We match scope to real risk, not to a price list. A public web application is tested differently from an internal Active Directory network, and differently again from an OT environment where operational continuity is the priority. The choice of model, from black-box to white-box, directly affects the depth of coverage and the time the test needs.

How to read the report and what to do next

We deliver the report in two layers. The technical part describes each vulnerability with evidence, a CVSS score and reproduction steps, so your team can confirm the issue and start fixing it immediately. The executive part explains the risk in business language, without jargon, so that priority decisions are made on real impact.

The most important work happens after the report is sent. We order fixes by actual risk rather than CVSS number alone, answer your team’s questions during remediation, and after the fixes ship we run a retest and confirm in writing that the flaw is closed. Without that step, the report remains just a document.

Penetration testing and regulatory compliance

For a growing number of companies, penetration testing has stopped being good practice and become an obligation. DORA requires regular digital resilience testing from financial entities, NIS2 places risk-management and security-testing duties on essential and important entities, and the Polish NIS Act (KSC) covers operators of essential services and public bodies.

We prepare our reports so they can be put straight in front of an auditor and mapped to specific requirements, including the Annex A controls of ISO 27001. A test provides evidence that the declared controls actually work, which shortens and simplifies the later compliance audit.

FAQ

Common questions

How is a pentest different from a vulnerability scan?

A scan is an automated tool looking for known signatures. A pentest is a human who chains flaws into a real attack path, verifies them and assesses business impact. A scan can be part of a test, not a replacement for it.

And how is it different from a security audit?

An audit is a broader, often formal assessment of compliance with standards and procedures, for example ISO 27001. A pentest is a technical verification through a controlled attack in which a vulnerability is actually exploited.

How long does a pentest take?

A typical web application test runs from a few days to two or three weeks, depending on its size and the chosen model. We confirm the exact timing during scoping.

How often should tests be done?

We recommend at least once a year and after every significant system change, such as a new feature, migration or architecture change, as well as whenever a regulation requires it.

How is a pentest different from ethical hacking?

Ethical hacking is a broader term covering all legal offensive activity. A penetration test is its concrete, structured form, run within a defined scope and ending in a report.

Will the test disrupt production?

We define scope and rules before we start. Destructive tests are arranged separately, and sensitive actions run in maintenance windows or on a test environment.

Who performs the tests?

Certified pentesters (OSCP, OSEP and related). We do not subcontract testing to anonymous third parties.

What do I get after the test?

A technical report with evidence, an executive summary, remediation priorities and a retest after fixes are deployed.

RELATED

Related reading

CASE STUDIES

Case studies in this area

REFERENCES

“The project was delivered professionally and on time, with a strong grasp of both technology and business. We were impressed by their cybersecurity expertise and partnership approach.”
M
Mateusz Widenka
Head of Delivery, Order Group
Clutch★★★★★5.0 · 10 reviewsRead all reviews on Clutch

FIRST STEP

Start with a free consultation

Tell us what you want tested. Within 24 hours you get a proposed scope and next steps. You talk to a consultant who understands the technical side, not a salesperson.

Get in touch
No obligation · we reply within 24 h · your data stays confidential
Methodology
PTES · OWASP
Team
20+ certifications
Rating
5.0 on Clutch
What you get
A scope proposal matched to your risk
A report with evidence and reproduction steps
Remediation priorities by real impact
A retest after fixes are deployed
Asia, ElementricaKacper, ElementricaGrzesiek, Elementrica
A member of our team runs the call, and we reply within 24 hours. No bots, no call center.