URAY BILIŞIM

Our Service Packages

Productized security services designed for clarity, speed, and impact.

PACKAGE A

Security Check-up

A rapid, low-friction assessment of your external posture. Perfect for startups needing a baseline or businesses preparing for compliance.

What's Included:

  • External Attack Surface Mapping: We identify what you are exposing to the world (subdomains, open ports, exposed panels).
  • Automated Scan + Manual Validation: We run industry-standard tools and then manually verify findings to remove false positives.
  • Reporting: One-page executive summary + detailed technical report.
Timeline: 1 Week

Sample Findings We Catch

  • Exposed .git/.env files
  • Unpatched services (CVEs)
  • Weak SSL/TLS configurations
  • Open databases (Elasticsearch/MongoDB)
Request Check-up

The Fix-Verify Promise

Most firms hand you a PDF and leave. We don't.

1
We find vulnerability
2
You fix it (with our guidance)
3
We RE-TEST it for free
Book Pentest
PACKAGE B (MOST POPULAR)

Web App Penetration Test

Comprehensive testing of your web application's logic, authentication, and data handling.

What's Included:

  • Deep Dive: Authenticated & Unauthenticated testing.
  • Business Logic Focus: We look for flaws tools miss (IDOR, privilege escalation, payment bypass).
  • PoC Evidence: Screenshots and videos proving the risk.
  • Remediation Guidance: Developer-friendly fix instructions.
Timeline: 2-3 Weeks
PACKAGE C

Continuous Security / vCISO Light

Security isn't a one-time event. We act as your security team extension.

What's Included:

  • Monthly Monitoring: Recurring scans and manual spot-checks.
  • Backlog Management: We help prioritize security tickets in your Jira/Trello.
  • Quarterly Exec Review: Zoom call to discuss posture and roadmap.

Why Continuous?

New code means new bugs. One-off pentests rot the moment you deploy the next feature.

Start Subscription

Strategic Add-ons

  • Attack Surface Monitoring

    Get alerted when a new subdomain or exposed port appears.

  • CI Security Gate

    SAST, Secrets Scanning, and Dependency checks integrated into your GitHub/GitLab.

  • Incident Readiness Workshop

    Tabletop exercise to test your response plan.

Clear Scope Boundaries

To ensure speed and focus, the following are OUT OF SCOPE unless explicitly contracted:

  • Social Engineering (Phishing, Vishing)
  • Physical Security Assessments
  • DoS / DDoS Stress Testing
  • User Device Forensics

We focus purely on Technical & Application Security.