Simple Pricing
One-off purchase per engagement. No subscriptions, no hidden fees, no lock-in contracts.
Bundle: External + Grey Box
Save 25% when you combine perimeter testing with authenticated web application testing.
What's included
- Full external penetration test of your internet-facing infrastructure
- Full 65,535 TCP and UDP port scanning
- Scanning of up to 10 external IP addresses per engagement
- SSL/TLS configuration and cipher analysis
- DNS security review and subdomain enumeration
- Web vulnerability scanning, WAF detection, and technology fingerprinting
- AI cross-validated vulnerability analysis with remediation links
- Professional PDF report with executive summary and document control
- ATO-compliant tax invoice with GST breakdown
- Up to 5 test runs per engagement for remediation verification
- Scans run for 60 minutes to 2 hours; full report delivered within a day
- Unlimited report and invoice downloads
- ASD ISM and OWASP aligned methodology, supports Essential Eight evidence
- Secure platform with mandatory MFA authentication
Grey Box (Standard)
ex GST per engagement
$1,705.00 AUD inc. GST
Buy Grey Box StandardWhat's included
- Authenticated penetration test using your login credentials
- Site-wide crawl of every authenticated page, form, and API endpoint
- OWASP Top 10 (2021) coverage on all discovered URLs
- SQL injection (error-based + boolean-based) detection
- Reflected XSS, IDOR, path traversal, open redirect detection
- Anti-CSRF token coverage on every state-changing form
- Authenticated security headers + cookie attribute audit
- PII / secrets / credential leak detection across responses
- Three auth methods supported: form, session-paste, TOTP
- Up to 5 test runs over 2 weeks
- AES-256-GCM encrypted credential storage with full audit log
- Professional grey-box PDF report mapped to OWASP Top 10
Everything in Standard, plus
- Up to 3 additional user roles (e.g. user / manager / admin)
- Full Broken Access Control (BAC) matrix testing
- Cross-role privilege escalation detection on every URL
- Per-role authenticated coverage map
- Visual BAC heatmap in PDF report
- Independent audit log per role
MSP Partner Programme
Exclusive pricing on External, Grey Box Standard, Grey Box Plus and bundles for Managed Service Providers.
Applications reviewed within 24 hours
Frequently Asked Questions
What is included in the penetration test?
Each engagement includes comprehensive external reconnaissance: full TCP and UDP port scanning, service enumeration, SSL/TLS analysis, web vulnerability scanning, DNS enumeration, subdomain discovery, WAF detection, technology fingerprinting, HTTP header analysis, and service banner grabbing. All findings are cross-validated by two AI models and prioritised with actionable remediation guidance.
How long does a test take?
The active scan typically runs for 60 minutes to 2 hours, as all 65,535 TCP and UDP ports are scanned along with multiple vulnerability assessment tools. AI analysis and report generation follow once the scan completes - your finished PDF report is delivered within a day of starting the scan. You can close your browser and return later; the engagement continues in the background.
What testing methodology do you follow?
Our methodology is aligned to the Australian Signals Directorate Information Security Manual (ASD ISM) and the OWASP Web Security Testing Guide, with vulnerabilities scored using CVSS v3.1. Reports support Essential Eight Maturity Model evidence, APRA CPS 234 information security obligations, and ISO 27001 / SOC 2 audit requirements.
Can I run the test more than once?
Each engagement includes up to 5 test runs within a two-week window. This allows you to re-test after applying remediation to verify your fixes are effective. IP addresses can be updated between runs.
What payment methods are accepted?
We accept all major credit and debit cards via Stripe. All prices are in Australian Dollars (AUD) with GST applied at checkout.
Do you offer MSP partner pricing?
Yes. Managed Service Providers can apply for our MSP Partner Programme to receive discounted pricing on all tests. Apply via the MSP Partner section on our pricing page.
How are reports stored?
Reports are securely stored and available for download at any time through your account dashboard. All data is encrypted at rest and in transit.
What is the difference between External and Grey Box tests?
External Penetration Test assesses what an internet attacker can see - perimeter posture, open ports, TLS configuration, public web vulnerabilities. Grey Box Test assesses what a logged-in user can do - broken access control, IDOR, privilege escalation, authenticated injection vulnerabilities, session weaknesses. Most organisations need both.
How do I provide login credentials to CyberCTRL safely?
Three options: (1) Form login - username + password (CyberCTRL logs in for each scan). (2) TOTP - same plus a TOTP shared secret if your app uses MFA. (3) Pre-captured session - paste the session cookies / Authorization header from your browser after manually logging in. Credentials are encrypted with AES-256-GCM at rest, decrypted only inside the scan worker, never logged, and every decrypt event is audit-logged.
What does Grey Box Plus add over Standard?
Plus includes everything in Standard plus a multi-role Broken Access Control (BAC) matrix. You provide up to 3 user roles (e.g. user / manager / admin); CyberCTRL re-authenticates as each and verifies that resources accessible to one role are correctly denied to the others. This catches privilege-escalation issues that single-role testing cannot.
My app is behind SSO (Okta, Azure AD, Google Workspace) - can you still test it?
Yes. Use the "Pre-captured session" auth method - log in to your app manually in your browser, then copy your session cookies from DevTools and paste them into our configure form. We replay the session for the duration of the scan. This works for any auth flow, including SSO, CAPTCHA, hardware tokens, and JavaScript-rendered logins.