Penetration Testing

CCV certified - blackbox, greybox & whitebox

€175 /hour CCV certified

Our CCV certified pentesters perform thorough security tests on your applications, networks and infrastructure. We identify vulnerabilities before malicious actors do. Available in blackbox, greybox and whitebox variants.

What is a pentest?

A penetration test - pentest for short - is a controlled attack on your IT environment. We break in, document how, and show what a real attacker could have done. Proven attack paths with proof-of-concept.

The difference with a vulnerability scan? With a vulnerability scan, someone runs Nessus or Qualys, a PDF with CVEs comes out and they call it done. We go further. Our pentesters combine tools like Burp Suite, BloodHound and Nuclei with manual investigation and years of experience. We find the business-logic flaws, chained exploits and configuration issues that scanners structurally miss.

Zolder is a CCV Keurmerk Pentesten certified penetration testing company. This certification guarantees competence, independence and reporting quality. For organisations subject to NIS2 or ISO 27001, this is often a requirement.

Types of pentests

We offer three variants:

Blackbox: we know nothing upfront and work as an external attacker.
Greybox: we receive limited information, for example an account, some architecture documentation, etc.
Whitebox: full access to source code and configuration. The most thorough, and our recommendation if you want to get the most out of the test.

Which type fits, we discuss during the scoping call. There you sit directly with the pentester who will perform the test.

Why should you get a pentest?

A pentest gives you:

Proven attack paths: not theoretical lists, but concrete exploits with screenshots and commands.
Compliance: NIS2, BIO, ISO 27001 and PCI-DSS require periodic pentests.
Trust: more and more clients and partners demand a pentest report in tenders.
Honest picture: we do not inflate findings to make the engagement larger. If something is secure, the report says so.

Our approach

Short lines, direct action. That is how we work.

Scoping & threat modelling - you speak directly with the pentester. Together we determine scope, objectives and rules of engagement. What are your crown jewels? What is your goal?
Reconnaissance - OSINT, port scanning, service fingerprinting, subdomain enumeration.
Vulnerability analysis & exploitation - systematic testing, followed by controlled exploitation. We demonstrate real impact.
Post-exploitation - lateral movement, privilege escalation, persistence. How far can an attacker get?
Reporting - clear report with management summary, technical details including reproduction steps, and concrete recommendations. No consultancy jargon.
Retest - after your fixes we can verify whether vulnerabilities have actually been resolved.

During the test we share critical findings with you immediately. You get a Teams, Slack or Signal group with the researcher. That is what we mean by short lines.

What does a pentest cost?

Our hourly rate is €175 per hour (excl. VAT). Total costs depend on scope, test type and complexity:

Scope: a web application versus a full infrastructure with hundreds of hosts.
Test type: blackbox requires more reconnaissance hours than whitebox.
Complexity: custom applications, proprietary protocols or legacy systems take more time.
Compliance requirements: OWASP ASVS or PTES may require additional test cases.

An average web application pentest amounts to €5,000 - €15,000. Infrastructure tests are higher. We always provide a fixed quote after a free scoping call.

Methodology

Scoping

Defining scope, objectives and rules of engagement.

Reconnaissance

Actively and passively gathering information about the target system.

Exploitation

Actively testing and exploiting vulnerabilities.

Reporting

Detailed report with findings and recommendations prioritised by severity.

Retest

Verification that discovered vulnerabilities have been successfully resolved.

Frequently asked questions

How long does a pentest take?

A web application pentest takes 1-3 weeks turnaround. An infrastructure test 2-4 weeks. The actual testing hours depend on the size of the environment to be tested. We always schedule in consultation to minimise disruption to your operations. During the test you can contact the pentester directly with any questions.

What is the difference between a vulnerability scan and a pentest?

A vulnerability scan is automated and reports known CVEs. A pentest goes much further: we actually exploit vulnerabilities, chain weaknesses into attack paths and manually test for business-logic flaws. We find what Nessus and Qualys miss.

What standards does Zolder follow for pentests?

We are CCV Keurmerk Pentesten certified and work according to PTES, OWASP Testing Guide and OWASP ASVS. Depending on your industry, we can also perform PCI-DSS or BIO-specific test cases. Which standard fits best, we discuss during the scoping call.

Can a pentest disrupt my systems?

We work in a controlled manner and in consultation. High-risk tests are only performed after explicit consent. In practice, our pentests rarely cause disruption. If something does go wrong, the pentester is directly reachable.

How often should you have a pentest performed?

At least annually, and after significant changes to your application or infrastructure. Many compliance frameworks (ISO 27001, NIS2, PCI-DSS) require periodic tests. After the pentest we discuss what makes sense for your situation - we do not recommend testing more often than necessary.