Pricing

You must send the request along with the message related to the targets scope for the Subscription Package you are interested in or request a custom offer.

We will take care of answering you in a very short time and setting up your Subscription. From there you will receive by email all the steps to follow as well as the Invoice, the Contract and the NDA – Non-disclosure Agreement.

Once we’ve completed all of these steps and obtained your approval for the targets that are within the scope of the scan / test, we can arrange the schedule according to the specified time frame. 

A target is a system that we can scan/test using our tools.

e.g web app, application repository, mobile app, IP etc

Security scanning, or vulnerability scanning, can mean many different things, but it can be simply described as scanning the security of a website, web-based program, network, or file system for either vulnerabilities or unwanted file changes.

Software composition analysis (SCA) is an automated process that identifies the open source software in a codebase. This analysis is performed to evaluate security, license compliance, and code quality. Companies need to be aware of open source license limitations and obligations.

Static Application Security Testing (SAST) is a frequently used Application Security (AppSec) tool, which scans an application’s source, binary, or byte code. A white-box testing tool, it identifies the root cause of vulnerabilities and helps remediate the underlying security flaws.

Dynamic Application Security Testing (DAST) is a black box testing method that examines an application as it’s running to find vulnerabilities that an attacker could exploit.

This scanning method can help to find certain vulnerabilities in web applications while they are running in production.

OSINT is raw data that is openly available to the public. It may include information like names, addresses, interests, and other personal details. Location and behavioral data, affiliations, and daily patterns are all important pieces of information that can provide an inside look into a target’s life.

A port scan is a method for determining which ports on a network are open. As ports on a computer are the place where information is sent and received, port scanning is analogous to knocking on doors to see if someone is home.

Penetration tests (or pen tests) are attacks on your companies’ software and hardware systems, carried out by ‘ethical hackers’ to expose your system’s vulnerabilities. One example is a web application pen test. Web apps, browsers and plug-ins can house sensitive financial or personal data, so hackers are increasingly putting their efforts towards gaining access to them. The test would examine the endpoint of every web application.

Cyber Legion focus on modular security testing approach that include commercial, open source and custom testing scripts that can be run against targeted assets during the product full development lifecycle from design to production and in complete synch with client’s processes and technology stack.

Using a Secure Client Portal, the latest and most advanced security tools and commitment to innovation, we ensure that our clients continually benefit from Professional Cyber Services to detect, prevent and respond to threats & cyber attacks.

We follow precise testing checklists and Frameworks guidelines  that ensures a complete coverage of the security assessment. OWASP, SANS, NIST, CREST etc

Retesting enables programs to ask hackers to verify whether a vulnerability has been fixed in order to secure the protection of their data. If you submit a valid vulnerability report, programs can elect to invite you to retest the vulnerability to verify the fixes.

You can upgrade to a bigger plan which allows you to add more targets to the scope or rotate the targets based on your prioritization model.

You can ask for a custom offering based on your prioritization model. For a low number of targets you should expected a different price offering, usually much higher comparing with the bundle price/scan/assets.

If you do not want to include one or more types of scans in the plan, that’s not a problem at all. Just let us know so we’ll  take it out of scope and out of total cost.

Will reduce the cost with around £10.oo for basic scan and £15.00 for advanced scan. This apply for each scan that is not required.

Once we have completed all the scans/tests, we’ll ingested all the discovery data in the Web Portal (2nd Portal) so that you can Analyze, Prioritize, View, Track, Report and Fix any detected vulnerability.

Important: We’ll need  to whitelist your IP addresses to be able access the Portal.

You can change your plan (downgrade / upgrade) at any time, or cancel your subscription at any moment.

In case you are not satisfied with the service, there is a 7 day money-back guarantee since your first payment. However, if you decide to continue using the subscription, no further refunds will be granted.

Our Professional Security Engineers perform the scans and tests and provide you with all the resulting data through the web portal.

Vulnerability testing is an essential part of mitigating your organization’s security risks. By using a vulnerability scanners to identify the points of weakness in your systems, you can reduce the attack surface that criminals might exploit, focusing your security efforts on the most likely targeted areas.

Identifying and Fixing vulnerabilities will help you improve your security defenses for not just your business but your staff, clients, customers, and partners.

• Identify weaknesses
• Prevent attacks
• Protect sensitive data
• Protect reputation
• Avoid fines and ransom costs

Unauthenticated Testing

This tests the hosts in scope for any identified vulnerabilities in software versions or configuration issues on exposed services. It does not login to the system, therefore does not run more detailed checks that would only be possible when using local administrative user credentials.

Authenticated Testing

This tests the hosts in scope for any identified vulnerabilities in software versions or configuration issues, by logging into the host as an administrative user. This performs a much more detailed review and covers patch checking and configuration issues for the unexposed services on the host. If you wished to check all patching levels of systems across your network, an authenticated test would be the best option.

Our specialized team of security professionals hold industry qualifications such as CREST, OSCP, CISSP, CISM, CEH and Cloud security certification such as AWS, azure, GCP etc.

We are a SC Cleared team combine this with many years of industry experience at the highest level working across all industry sectors. We are skills hands-on engineers with clear track record of implementing, running managing security testing programs across various organizations.

Security Testing is a type of assessment that uncovers vulnerabilities of the system and determines that the data and resources of the system are protected from possible intruders. It ensures that the software system and application are free from any threats or risks that can cause a loss.

This statement refers to Cyber Legion services that are delivered through Web Client Portals.

→ Web Portal 1 – Features & Capabilities 

• Private & Secure Client Portal
• NDA, Contract & Digital Signature
• Estimates, Invoices & Payments
• Work Request Scheduler
• Client File Upload/Download
• Complete Project Management Solution
• Private meeting & messaging

→ Web Portal 2 – Features & Capabilities

• Private & Secure Client Portal
• Client Workspace
• Rea Time Finding Analytics & Statistics
• Assets & Vulnerability Details
• Artefacts & Attack Path
• Engagement & Testing Reporting

You can Start for Free by register your account on the Secure Client Portal and benefit of a large are of services, all at your fingerprints.

Our prices are lower than any competitor on the market. Why?

We have built a complete solution of security automation through a Framework that incorporates commercial, open source and custom tooling that helps us deliver the services at an advantageous Price for the client. Basically, we eliminated a lot of onerous traditional activities that were time consuming and cost organizations tons of money.

How did we build the package pricing and how did we calculate the cost?

Based on our research, there are no commercial solutions (tools) on the market that are cheaper than £10.00 per scan or per month. If you find any other alternative solution, it will offer basic functions as a starter package.

That’s why we decided to build our Subscription offering that will help you Take Control of your security testing and  Monthly costs.

1. We built the best packages in terms of security Framework testing checklists and pricing, so you can spend less and gain more, with better results.
2. All our packages/bundles, offer 4 types of complete scans (SCA, SAST, DAST, Network and OSINT) that are performed by our security specialists.
3. In addition to the scans, we give you access to all our platform capabilities, professional workforce and support you with additional knowledge base, until flaws are remediated.
4. Based on the minimum price on the market, our offering is calculated to start from 4 Scans x £10.00 = £40.00 /Asset
5. This means that the Core bundle that includes up to 10 assets costs £400.00
6. On average, we are charging around £10.00 for scan on basic scans, and around £15.00 for advance and deep scans (completed by our engineers) with our tooling. You will be able to access the results and reports on our Secure Web Portal.

Note: If you find any cheaper solution on the market (that includes at least the 4 scans listed in our packages as MSSP), just let us know. We’ll give you 1 month Free testing for 10 applications and we’ll adjust our pricing accordingly.