Pick the right test for the question you need answered.
CyberCTRL runs four kinds of penetration testing for Australian businesses. Every engagement is methodology-aligned to the ASD Information Security Manual and the OWASP Web Security Testing Guide, with findings mapped to Essential Eight controls and CVSS v3.1 severity. All reports support Essential Eight, APRA CPS 234, ISO 27001, and SOC 2 evidence requirements.
External Penetration Testing
Comprehensive vulnerability assessment of your internet-facing infrastructure. 65,535 TCP and UDP port scanning, SSL/TLS analysis, DNS enumeration, subdomain discovery, WAF detection, and web vulnerability scanning with AI cross-validated findings.
Grey Box Penetration Testing
Authenticated application testing covering broken access control, IDOR, session weaknesses, and authenticated injection vulnerabilities. Plus tier adds a multi-role BAC matrix for up to three roles.
Essential Eight Audit Evidence
Defensible Essential Eight Maturity Model evidence aligned to the ASD Information Security Manual and ACSC guidance. Suitable for APRA CPS 234, ISO 27001, SOC 2, and NSW/VIC/QLD/WA government supplier evidence.
MSP Penetration Testing
For Australian Managed Service Providers selling penetration testing to their clients. Discounted partner pricing, optional co-branding, fast turnaround so you can bill within the week.
Where to start
If you need compliance evidence (insurance, audit, procurement) start with an External Penetration Test plus an Essential Eight audit. If you have a web application or SaaS product with logged-in users, run a Grey Box test on top. The Bundle covers both and saves 25 percent.
Not sure which test you need? See the sample report to see what you get, or jump straight to pricing.
Ready to test?
Sign up, configure scope, click Start. Your defensible penetration test report is delivered within a day.