Next Gen Security Testing Services

Pricing

Cyber Security As a Service – CSaaS

Subscription Packages – Monthly Flat Fee Subscriptions to Secure your Businesses against Cyber Attacks

Review the Pricing Plans to find the option that best suits your Organization’s needs.

Tools

Best for Security, Dev & Engineering Teams
£95.00 /month
  • Up to 5 targets
  • Up to 20 Scans / Month
  • Unlimited data Analysis & Reporting
  • All Vulnerability Scanning Tools Included
  • Access to all Future Tools Released
  • Access to all Platform Features
  • Dedicated Cyber Security Experts
  • Standard Managed Security Testing Services
  • 5000+ Security Tests (OWASP, SANS etc.)
  • ?

Core

Best for Boutiques & Agencies
£285.00 /month
  • Up to 5 Targets
  • Access to all Platform Features
  • Monthly Scanning & Reporting
  • Dedicated Cyber Security Experts
  • Automated Vulnerability Scanning
  • Network – Port scanning and monitoring
  • Standard OSINT Assessment & Threat Intelligence
  • Standard Managed Security Testing Services
  • 1 x Target Yearly Manual Penetration Testing
  • 5000+ Security Tests (OWASP, SANS etc.)

Premium

Best for Medium Businesses- MB
£885.00 /month
  • Up to 20 targets
  • All Advance Package Features
  • Monthly Scanning & Reporting
  • Dedicated Cyber Security Experts
  • Automated Vulnerability Scanning
  • Network – Port scanning and monitoring
  • Deep OSINT Assessment & Threat Intelligence
  • Premium Managed Security Testing Services
  • 5000+ Security Tests (OWASP, SANS etc.)
  • 3 x Targets Yearly Manual Penetration Testing

Enterprise

Best for Medium Enterprises - ME
£1985.00 /month
  • Up to 50 targets
  • All Advance Package Features
  • Monthly Scanning & Reporting
  • Dedicated Cyber Security Experts
  • Automated Vulnerability Scanning
  • Network – Port scanning and monitoring
  • Deep OSINT Assessment & Threat Intelligence
  • Enterprise Managed Security Testing Services
  • 5000+ Security Tests (OWASP, SANS etc.)
  • 5 x Targets Yearly Manual Penetration Testing

Custom Offering

Best for any Organizations with a large number of assets and specific requirements
£?
  • Access to all Platform Features & all Cyber Legion testing Capabilities

Security Testing Workflow

1. Client Onboarding

All Cyber Legion's services are delivered via Web Secure Client Portals. You can SignUp for a Free account using the Secure Client Portal or you can Get in Touch and Cyber Legion team will create an account for you. 

2. NDA , Agreements & Digital Signature

We have a flexible pricing framework that can fits everyone. You can choose an existing standard service, a monthly subscription plan or ask for & accept a customized proposal. We'll work with you to evaluate and setup the scope of the engagement, (domains, applications, networks, cloud infrastructure, mobile, IOT etc). Our Web Client Portal is integrated with Digital Signature, that enables us to sign all required documents and agreements to legally engage and perform security tests on the target systems. 

3. Security Scanning & Testing

We meet agreed SLAs and follow security testing Framework checklists. Based on the commitment, our team of engineers will use our tools, automation and testing capabilities to achieve the objectives.

4. Findings, Reporting & Remediation

All security findings will be available in real time on the web portal which will give you clear visibility on the uncovered vulnerabilities. Along with the reporting of our findings, we provide you with an extensive set of recommendations to support senior executives and IT/Dev/Engineering teams to implement mitigation and remediation. 

5. Retesting & Validation of Remediation

All our security services includes a Free retesting to validate if the issue has been fixed or the mitigations have been implemented. You can choose various security testing services for continuous vulnerability discovery and validation. All delivered via the Secure Client Portal

Frequently Asked Questions – FAQ’s

You must send the request along with the message related to the targets scope for the Subscription Package you are interested in or request a custom offer.

We will take care of answering you in a very short time and setting up your Subscription. From there you will receive by email all the steps to follow as well as the Invoice, the Contract and the NDA – Non-disclosure Agreement.

Once we’ve completed all of these steps and obtained your approval for the targets that are within the scope of the scan / test, we can arrange the schedule according to the specified time frame. 

A target is a system that we can scan/test using our tools.

e.g web app, application repository, mobile app, IP etc

Security scanning, or vulnerability scanning, can mean many different things, but it can be simply described as scanning the security of a website, web-based program, network, or file system for either vulnerabilities or unwanted file changes.

Software composition analysis (SCA) is an automated process that identifies the open source software in a codebase. This analysis is performed to evaluate security, license compliance, and code quality. Companies need to be aware of open source license limitations and obligations.

Static Application Security Testing (SAST) is a frequently used Application Security (AppSec) tool, which scans an application’s source, binary, or byte code. A white-box testing tool, it identifies the root cause of vulnerabilities and helps remediate the underlying security flaws.

Dynamic Application Security Testing (DAST) is a black box testing method that examines an application as it’s running to find vulnerabilities that an attacker could exploit.

This scanning method can help to find certain vulnerabilities in web applications while they are running in production.

OSINT is raw data that is openly available to the public. It may include information like names, addresses, interests, and other personal details. Location and behavioral data, affiliations, and daily patterns are all important pieces of information that can provide an inside look into a target’s life.

A port scan is a method for determining which ports on a network are open. As ports on a computer are the place where information is sent and received, port scanning is analogous to knocking on doors to see if someone is home.

Penetration tests (or pen tests) are attacks on your companies’ software and hardware systems, carried out by ‘ethical hackers’ to expose your system’s vulnerabilities. One example is a web application pen test. Web apps, browsers and plug-ins can house sensitive financial or personal data, so hackers are increasingly putting their efforts towards gaining access to them. The test would examine the endpoint of every web application.

Cyber Legion focus on modular security testing approach that include commercial, open source and custom testing scripts that can be run against targeted assets during the product full development lifecycle from design to production and in complete synch with client’s processes and technology stack.

Using a Secure Client Portal, the latest and most advanced security tools and commitment to innovation, we ensure that our clients continually benefit from Professional Cyber Services to detect, prevent and respond to threats & cyber attacks.

We follow precise testing checklists and Frameworks guidelines  that ensures a complete coverage of the security assessment. OWASP, SANS, NIST, CREST etc

Retesting enables programs to ask hackers to verify whether a vulnerability has been fixed in order to secure the protection of their data. If you submit a valid vulnerability report, programs can elect to invite you to retest the vulnerability to verify the fixes.

You can upgrade to a bigger plan which allows you to add more targets to the scope or rotate the targets based on your prioritization model.

You can ask for a custom offering based on your prioritization model. For a low number of targets you should expected a different price offering, usually much higher comparing with the bundle price/scan/assets.

If you do not want to include one or more types of scans in the plan, that’s not a problem at all. Just let us know so we’ll  take it out of scope and out of total cost.

Will reduce the cost with around £10.oo for basic scan and £15.00 for advanced scan. This apply for each scan that is not required.

Once we have completed all the scans/tests, we’ll ingested all the discovery data in the Web Portal (2nd Portal) so that you can Analyze, Prioritize, View, Track, Report and Fix any detected vulnerability.

Important: We’ll need  to whitelist your IP addresses to be able access the Portal.

You can change your plan (downgrade / upgrade) at any time, or cancel your subscription at any moment.

In case you are not satisfied with the service, there is a 7 day money-back guarantee since your first payment. However, if you decide to continue using the subscription, no further refunds will be granted.

Our Professional Security Engineers perform the scans and tests and provide you with all the resulting data through the web portal.

Vulnerability testing is an essential part of mitigating your organization’s security risks. By using a vulnerability scanners to identify the points of weakness in your systems, you can reduce the attack surface that criminals might exploit, focusing your security efforts on the most likely targeted areas.

Identifying and Fixing vulnerabilities will help you improve your security defenses for not just your business but your staff, clients, customers, and partners.

  • Identify weaknesses
  • Prevent attacks
  • Protect sensitive data
  • Protect reputation
  • Avoid fines and ransom costs

Unauthenticated Testing

This tests the hosts in scope for any identified vulnerabilities in software versions or configuration issues on exposed services. It does not login to the system, therefore does not run more detailed checks that would only be possible when using local administrative user credentials.

Authenticated Testing

This tests the hosts in scope for any identified vulnerabilities in software versions or configuration issues, by logging into the host as an administrative user. This performs a much more detailed review and covers patch checking and configuration issues for the unexposed services on the host. If you wished to check all patching levels of systems across your network, an authenticated test would be the best option.

Our specialized team of security professionals hold industry qualifications such as CREST, OSCP, CISSP, CISM, CEH and Cloud security certification such as AWS, azure, GCP etc.

We are a SC Cleared team combine this with many years of industry experience at the highest level working across all industry sectors. We are skills hands-on engineers with clear track record of implementing, running managing security testing programs across various organizations.

Security Testing is a type of assessment that uncovers vulnerabilities of the system and determines that the data and resources of the system are protected from possible intruders. It ensures that the software system and application are free from any threats or risks that can cause a loss.

This statement refers to Cyber Legion services that are delivered through Web Client Portals.

→ Web Portal 1 – Features & Capabilities 

  • Private & Secure Client Portal
  • NDA, Contract & Digital Signature
  • Estimates, Invoices & Payments
  • Work Request Scheduler
  • Client File Upload/Download
  • Complete Project Management Solution
  • Private meeting & messaging

 

→ Web Portal 2 – Features & Capabilities

  • Private & Secure Client Portal
  • Client Workspace
  • Rea Time Finding Analytics & Statistics
  • Assets & Vulnerability Details
  • Artefacts & Attack Path
  • Engagement & Testing Reporting

 

You can Start for Free by register your account on the Secure Client Portal and benefit of a large are of services, all at your fingerprints.

Our prices are lower than any competitor on the market. Why?

We have built a complete solution of security automation through a Framework that incorporates commercial, open source and custom tooling that helps us deliver the services at an advantageous Price for the client. Basically, we eliminated a lot of onerous traditional activities that were time consuming and cost organizations tons of money.

How did we build the package pricing and how did we calculate the cost?

Based on our research, there are no commercial solutions (tools) on the market that are cheaper than £10.00 per scan or per month. If you find any other alternative solution, it will offer basic functions as a starter package.

That’s why we decided to build our Subscription offering that will help you Take Control of your security testing and  Monthly costs.

  1. We built the best packages in terms of security Framework testing checklists and pricing, so you can spend less and gain more, with better results.
  2. All our packages/bundles, offer 4 types of complete scans (SCA, SAST, DAST, Network and OSINT) that are performed by our security specialists.
  3. In addition to the scans, we give you access to all our platform capabilities, professional workforce and support you with additional knowledge base, until flaws are remediated.
  4. Based on the minimum price on the market, our offering is calculated to start from 4 Scans x £10.00 = £40.00 /Asset
  5. This means that the Core bundle that includes up to 10 assets costs £400.00
  6. On average, we are charging around £10.00 for scan on basic scans, and around £15.00 for advance and deep scans (completed by our engineers) with our tooling. You will be able to access the results and reports on our Secure Web Portal.

 

Note: If you find any cheaper solution on the market (that includes at least the 4 scans listed in our packages as MSSP), just let us know. We’ll give you 1 month Free testing for 10 applications and we’ll adjust our pricing accordingly.

On demand Security Testing Services; Pricing References

A complete Organization discovery, inventory and classification, risk scoring and security ratings, continuous security monitoring, malicious asset and incident monitoring with advance security verifications/checklists – OWASP, SANS, NIST, CREST frameworks.

  • Small Organization = £2999.00/Organization
  • Medium Size Organization = £4999.00/Organization
  • Large organization = £9999.00/organization

 

Sample of checklists

  • Web applications, services, and APIs
  • Mobile applications and their backends
  • Cloud storage and network devices
  • Domain/subdomains names, SSL certificates, and IP addresses
  • IoT and connected devices
  • Public code repositories such as GitHub, GitLab, and BitBucket
  • Email servers

A continue full security research (penetration testing) suitable network, websites/applications, APIs, IoT devices advance security verifications/checklists – OWASP, SANS, NIST, CREST frameworks.

You will pay only for severe findings as bellow:

  • Critical severity flaw= £3500
  • High severity flaw= £2500
  • Medium severity flaw = £500
  • Negotiable for large number of findings/assets

A complete Startup security testing program suitable network, websites/applications, APIs, IoT devices with advance security verifications/checklists – OWASP, SANS, NIST, CREST frameworks.

A complete Security Managed service package for your organization with advanced Cyber Security services such as Attack Surface ManagementVulnerability Assessment & Management, Risk Assessment, SAST & DAST scanscontinue Vulnerability discoveryPenetration Testing etc to support your business and improve your security resilience.

  • Small Organization = £999.00/Organization/month
  • Medium Size Organization = £1999.00/Organization/month
  • Large organization = £3499.00/organization/month

A full DAST scan suitable for web apps, webservices/APIs, networks etc with advance security verifications/checklists – OWASP, CREST frameworks.

Cyber Legion team will run in-depth continue Dynamic Application Security Testing – DAST scans against your web app, API or network with targeted scan profiles.

All the results will be available on the Client Portal.

1 x domain or 1 x IP

e.g

exmaple.com & 1.1.1.1

Small app start from:

  • DAST Scan= £45/App

 

Sample of checklists:
 
  • Authentication bypass
  • Password policy
  • Login limitation policy
  • Session management
  • Hijacking
  • Predictable identifiers
  • Reply and expiration attacks
  • Privilege escalation
  • Horizontal access
  • Cryptographic algorithm strength
  • Key management
  • Data-in-transit & data storage protection
  • Key management & algorithm logic
  • Information disclosure
  • Injection vulnerability (XSS, SQL, HTML, XML, JSON, OS command)
  • Path traversal
  • Object identifiers
  • Local and remote file inclusion
  • Stack-based bounds checking

+

  • Custom Checklists against latest Threat and Vulnerabilities

A full Penetration Testing suitable websites/applications advance security verifications/checklists – PTF, OSSTMM, PTES. SANS, NIST, CREST frameworks.

  • Network Penetration Testing start at £2500 for up to 5 IPs/assets
  • Then £250.00 of any additional IP (negotiable for large number of assets)
  • Number of IP Addresses – The biggest cost factor for an external penetration test is the number of IP addresses on your Internet perimeter. This will dictate how much time is spent in testing. One way to reduce this cost is to only perform a penetration test on the Internet hosts that have ports open and services listening on the Internet.
 
Sample of checklists:
 
  •  
  • Port scanning
  • Authentication bypass
  • Password policy
  • Login limitation policy
  • Session management
  • Hijacking
  • Predictable identifiers
  • Reply and expiration attacks
  • Privilege escalation
  • Horizontal access
  • Cryptographic
  • Validate and exploit known vulnerabilities
  • Network segmentation
  • Credential capture
  • Insecure network protocols
  • MITM attacks
  • VLAN/ACL issues algorithm strength
  • Key management
  • Data-in-transit & data storage protection
  • Key management & algorithm logic
  • Information disclosure
  • Injection vulnerability (XSS, SQL, HTML, XML, OS command)
  • Path traversal
  • Object identifiers
  • Local and remote file inclusion
  • Stack-based bounds checking

+

  • Custom Checklists against latest Threat and Vulnerabilities

A full Penetration Testing suitable websites/applications advance security verifications/checklists (OWASP,SANS,NIST, CREST frameworks approach)

  • 1 x IP addresses/domains= £2500.00/asset
  • Then £250.00 of any additional IP (negotiable for large number of assets)
  • Number of additional assets – The biggest cost factor for an external penetration test is the number of assets are in the scope. This will dictate how much time is spent in testing. One way to reduce this cost is to only perform a penetration test with less security checks
 
Sample of checklists:
 
  • Device Decomposition
  • Dependencies
  • Authentication bypass
  • Default/Weak Passwords
  • Missing Security Updates
  • Insecure Web Administration
  • Use of Insecure protocols
  • Check for known configuration weaknesses
  • Insecure Data Storage
  • Wireless Vulnerabilities
  • Bluetooth Vulnerabilities
  • GSM Network Vulnerabilities
  • Infrared Network Vulnerabilities
  • LPWAN Network Vulnerabilities

A full Penetration Testing suitable for mobile applications with advance security verifications/checklists (OWASP,SANS,NIST, CREST frameworks approach)

  • Small app= £900
  • Medium app= £1400
  • Large app= £1900
  • Negotiable for large number of assets
 
Sample of checklists:
 
  • Authentication bypass
  • Password policy
  • Login limitation policy
  • Session management
  • Hijacking
  • Predictable identifiers
  • Reply and expiration attacks
  • Privilege escalation
  • Horizontal access
  • Cryptographic algorithm strength
  • Key management
  • Data-in-transit & data storage protection
  • Key management & algorithm logic
  • Information disclosure
  • Injection vulnerability (XSS, SQL, HTML, XML, JSON, OS command)
  • Path traversal
  • Object identifiers
  • Local and remote file inclusion
  • Stack-based bounds checking

+

  • Custom Checklists against latest Threat and Vulnerabilities

A full SAST scan with advance security verifications/checklists (OWASP frameworks approach)

Cyber Legion team will run in-depth continue Static Application Security Testing – SAST scans against your repository with targeted scan profiles.

All the results will be available on our Secure Client Portal.

1 x repo or app

e.g

exmaple.com

Small app start from:

  • SAST Scan= £45/App
 
Sample of checklists:
 
  • Programming Language Tools
  • OWASP’s list of criteria strategies
  • OWASP’s Top Ten web application security vulnerabilities
  • Accuracy
  • Compatibility
  • Correct libraries
  • Compilation instructions
  • All required code

+

  • Custom Checklists against latest Threat and Vulnerabilities

A full monthly vulnerability scanning suitable network, websites/applications, IOT devices etc advance security verifications/checklists – OWASP, SANS, NIST, CREST frameworks

  • 1 to 5 x IP addresses/domains= £40.00/asset /month
  • 5 to 20 x IP addresses/domains= £25.00/asset /month
  • 20 to 50 x IP addresses /domains= £22.00/asset /month
  • 50 to 100 IP addresses/domains = £18.00/asset /month
  • 100 + IP addresses/domains = £15.00/asset /month
  • Negotiable for large number of assets
 
Sample of checklists:
 
  • Authentication bypass
  • Password policy
  • Login limitation policy
  • Session management
  • Hijacking
  • Predictable identifiers
  • Reply and expiration attacks
  • Privilege escalation
  • Horizontal access
  • Cryptographic algorithm strength
  • Key management
  • Data-in-transit & data storage protection
  • Key management & algorithm logic
  • Information disclosure
  • Injection vulnerability (XSS, SQL, HTML, XML, JSON, OS command)
  • Path traversal
  • Object identifiers
  • Local and remote file inclusion
  • Stack-based bounds checking

+

  • Custom Checklists against latest Threat and Vulnerabilities

A full Penetration Testing suitable websites/applications with advance security checks:

  • Small app= £1900
  • Medium app= £2700
  • Large app= £3500
  • Negotiable for large number of assets
 

A full Penetration Testing suitable for websites/applications with advance security verifications/checklists – OWASP, SANS, CREST frameworks. Black , White and Grey Box available.

  • Small app= £1900
  • Medium app= £2700
  • Large app= £3500
  • Negotiable for large number of assets
 
Sample of checklists:
 
  • Information Gathering
  • Configuration and Deployment Management Testing
  • Identity Management Testing
  • Authentication Testing
  • Authorization Testing
  • Session Management Testing
  • Input Validation Testing
  • Testing for Error Handling
  • Testing for Weak Cryptography
  • Business Logic Testing
  • Client-side Testing

+

  • Custom Checklists against latest Threat and Vulnerabilities

A full Vulnerability Assessment suitable for webservices/APIs with advance security verifications/checklists – OWASP, CREST frameworks

  • Small APIs= £1900
  • Medium APIs= £2700
  • Large APIs= £3500
  • Negotiable for large number of assets
 
Sample of checklists:
  • Broken Object Level Authorization
  • Broken User Authentication
  • Excessive data exposure
  • Lack of resources and rate-limiting
  • Broken Function Level Authorization
  • Mass assignment
    Security misconfiguration
  • Injection
  • Improper assets management
  • Insufficient logging and monitoring

+

  • Custom Checklists against latest Threat and Vulnerabilities

Vulnerability Scanning Tools to explore our wide ranges of security testing services. Get advantage of Cyber Legion managed security scanning services and integrated testing tools to scan you application, network and find every vulnerability that matters. All findings are delivered in a single dashboard with advanced tracking, collaboration and reporting options. 

Note***VAT NOT INCLUDED

Get started with Cyber Legion

Discover Vulnerabilities that Matters

  • Understand your organizational risk profile

    Identify your attack surface and protect is based on business impact. Make security investments that count.

  • Focus on what matters

    Discover every Vulnerability that Matters. Scale your security testing from zero to hundreds and never miss a test deadline again.

  • Gain visibility into your organizational risks and vulnerable assets

    Identify hackers’ complete attack routes to sensitive business assets and highlight cybersecurity issues.

  • Measure, track, and improve your cybersecurity maturity

    Enhance your risk prevention capabilities, see how they evolve over time, and evaluate how they hold up against your industry competitors.

  • Optimize your security testing processes

    You deserve to find all the vulnerabilities that affect your Organization. Using the latest and most advanced security tools and commitment to innovation, we ensure that our clients continually benefit from Professional Cyber Services to detect, prevent and respond to threats & cyber attacks.

Discover every Vulnerability that Matters
Risk Mitigation & Optimization

Benefits With Our Testing Services

  • Take advantage of technology, AI & HI

    Get the power of technology, artificial and human intelligence to simplify the vulnerability discovery and remediation processes & timelines.

  • Manage your organization's security vulnerabilities

    Identify and manage your organization’s security vulnerabilities via the Secure Client Portal. Next generation security testing based on modular scripts, machine learning, human intelligence and client requirements.

  • Take control of your Security Testing and Monthly costs

    Looking for alternative solutions to protect your Organization. you could own a complete solution of Next Gen Security Testing Services

  • Get ready to protect your Organization

    We helps businesses focus on what they do best while we conduct continues security testing to protect their Organizations to remain resilient against Cyber Attacks and Data Breaches.

  • Take control of your company's assets

    Incorporate your company’s assets, web application, mobile, application, API, IoT devices, or network components into the Cyber Legion platform and benefit from ongoing information and cyber security services.

  • Take off your Security concerns

    CyberCrime can have a significant negative impact on your business if proper precautions are not taken to prevent it.

Why Choose Cyber Legion

Client Testimonials

Cyber Security Automation
Very Good Work Shown By This Company To Solve Cyber Problems

We contracted Cyber ​​​​Legion to do some security testing for our new web applications and APIs and we were very pleased with the results and the vulnerabilities they found, some serious flaws! I received access to the portal where I worked with the team. All details were clearly reported and we have received full support until all vulnerabilities were fixed.

I Tentis

Founder & CEO Ecobild

Get Started Today & Improve your Business Security Posture

We Help Companies to Avoid Data Breaches

Test every asset in your business and apply the most appropriate measures (controls) to mitigate risks.

Protect Your Business Assets From Hackers

Find and fix your vulnerabilities before attackers do. Take action before there is a problem. Master the most common security vulnerabilities now.

Can you have an Efficient Cyber Security Program?

Cyber ​​​​Legion is ready to provide you with a continuous and consistent security testing service that leverages our platform with the help of security researchers and smart technology. We recommend to find and fix vulnerabilities before attackers exploit them and breach happen.