All VidraSec Services Printable

Services:

Active Directory Security Audit

Active Directory Audit, test and audit AD, ransomware defense, second line of defense

An Active Directory Audit is a white-box security assessment of your on-premises Active Directory that identifies misconfigurations, dangerous permissions, and attack paths leading to domain takeover, before an attacker or ransomware can exploit them.

Ransomware attacks are on the rise, and the ones with the highest impact take over the whole Active Directory. We must secure these systems to minimize the risk of having our data encrypted and put up for sale on the internet!

Active Directory delivers extensive functionality; however, its complexity can often lead to security vulnerabilities. Given the critical role it plays in user management, any security flaw can have severe implications, from privilege escalation to full domain takeover.

This audit focuses on on-premise Active Directory. Entra ID (Microsoft’s cloud identity platform) is a different system and is covered by a separate Entra ID Audit.

VidraSec offers services designed to address these challenges head-on. Together, we will develop strategies to fortify your environment against threats.

Scope

This type of test is typically performed as white-box, meaning that the testers receive full access to the tested system and its documentation. This allows a comprehensive analysis of vulnerabilities and misconfigurations in a short time frame. These are the main focus points of the test:

  • Audit of the implementation status of the tier model and possible vulnerabilities
  • Review of all accounts and their password age
  • Review of the permissions of users, computers, and groups
  • Review of group memberships of highly privileged groups
  • Interview with administrators on how they typically administer the system
  • If present: domain and forest trusts
  • Test for typical vulnerabilities like “Kerberoasting” or (un)constrained delegation

Why

  • Forgotten, insecure permissions can be a huge security problem, making attacks extremely easy.
  • These are living systems, and errors occur. Only a regular check can help find them.
  • Having secure administrative processes makes the lives of the attackers very hard.

For a comprehensive assessment of the on-premise Active Directory, VidraSec recommends conducting this analysis in conjunction with a penetration test of the internal infrastructure. This approach offers a complete overview of your internal systems’ security posture.

Why VidraSec 🦦

I have multiple years of experience attacking and securing Active Directory. If I manage to get Domain Admin permissions after a few days of work, I am sure a real attacker can also do it. Thus, let me demonstrate what is wrong and how to fix it to protect yourself against attacks.

Typical Duration

3-5 days (scope-dependent). Reporting takes roughly 30-50% of the test time on top.

Typical Price

from 8,400 €

The final price depends on the scope of the project and the maturity level of your IT security. It is calculated individually based on the required effort.

Deliverables

Every engagement includes:

  • Written findings report with all vulnerabilities and misconfigurations, prioritized by severity, with remediation steps
  • Management summary tailored to your audience (technical or executive)
  • Live debriefing to walk through findings and answer questions
  • Retesting after remediation available on request

See example reports for what a VidraSec report looks like.

Compliance

Directly relevant for NIS2, ISO 27001, and TISAX (automotive industry). Active Directory security is a standard checkpoint in information security management audits.

Frequently asked questions

What is the difference between an Active Directory Audit and an internal penetration test?

An Active Directory Audit is a white-box configuration review with full read access. An internal penetration test attacks Active Directory from a normal user’s perspective to see whether Domain Admin is reachable. They are complementary and are often combined for a complete picture.

How long does an Active Directory Audit take?

Typically 3 to 5 days of analysis depending on the size of the environment, plus roughly 30 to 50 percent of that time for reporting.

Will the audit disrupt our production Active Directory?

No. The audit is read-only and white-box. VidraSec reviews configuration and permissions without making changes or running disruptive attacks against your domain controllers.

How much does an Active Directory Audit cost?

From 8,400 euros. The final price depends on the scope and the maturity level of your environment and is calculated individually based on the required effort.

Internal IT Infrastructure Penetration Test

Internal penetration test, test internal IT infrastructure, ransomware prevention

An Internal IT Infrastructure Penetration Test simulates an attacker who already has a foothold inside your network (for example after a phishing click) and tests whether they can move laterally and reach Domain Admin.

What if one of your employees clicks on the wrong email attachment? Will you be able to stop the attack, or will the attackers be able to move laterally from there and take over all your systems? This is why you should conduct an internal infrastructure penetration test. The internal system is just one wrong click away from being “public”.

Experience has shown that the externally facing infrastructure is often quite well secured nowadays. However, if you look at the internal network, the story is often sadly different. No encryption used, security mechanisms turned off (legacy software does not support them), or completely outdated software. In the worst-case scenario, these vulnerabilities could lead to a complete compromise of company data. Regular internal infrastructure penetration testing finds these weaknesses before an attacker does.

Scope

This penetration test can be tailored to focus on specific systems, such as a particular server or the configuration of Windows clients, as determined during the scoping call. Moreover, this test can assess your detection capabilities, although it’s important to note that detection is not the primary focus of a penetration test. These are the main focus points of the test:

  • Penetration test of Active Directory, including credential attacks such as dumping local hashes (see Dumping Hashes in Windows 11 24H2) and mapping attack paths to Domain Admin with BloodHound
  • Check whether all recommended countermeasures are in place
  • Identification of vulnerabilities in the network
  • Identification of outdated software in the network
  • Misconfigurations, e.g., Active Directory Certificate Services or AD Tiering gaps
  • Test for open file shares with confidential data
  • And overall: can an attacker gain Domain Admin rights in your network?

Why

  • Find and fix vulnerabilities in your internal infrastructure
  • Secure your machines so that the impact of attacks is lower
  • Your infrastructure is a living system; only regular checks can help find misconfigurations.

Why VidraSec 🦦

I have, many times, gained Domain Admin rights, starting just as a normal user. In many different types of companies, I can tell you that being small or big doesn’t make a difference. If I can do it, an attacker can also do it. And I hope that me explaining the vulnerabilities and how to fix them in a report is more pleasant than an attacker explaining where to send the Bitcoins. If you are comparing internal pentest services, the example reports show exactly what you get.

Note: This test includes Active Directory testing from an attacker’s perspective (can I reach Domain Admin?). An Active Directory Audit is a separate, deeper white-box analysis of AD configuration. Both are complementary and often combined.

Typical Duration

3 to 5 days of testing (up to 2 weeks for large environments). Reporting takes roughly 30 to 50% of the test time on top.

Typical Price

from 8,000 €

The final price depends on the scope of the project and the maturity level of your IT security. It is calculated individually based on the required effort.

Deliverables

Every engagement includes:

  • Written findings report with all vulnerabilities, prioritized by severity, with remediation steps
  • Management summary tailored to your audience (technical or executive)
  • Live debriefing to walk through findings and answer questions
  • Retesting after remediation available on request

See example reports for what a VidraSec report looks like.

Compliance

Directly relevant for NIS2 (Article 21, security of network and information systems), ISO 27001, and TISAX (automotive industry).

Frequently asked questions

Why do I need an internal penetration test if my perimeter is secure?

Perimeters are increasingly well secured, but internal networks often are not. A single wrong click can put an attacker inside, where weak segmentation, legacy software, and Active Directory misconfigurations frequently allow full compromise. The internal test measures that real-world risk.

Does the internal penetration test require on-site presence?

Internal pentests are generally performed on-site, but can be done remotely via VPN or a dedicated jump host if your network setup allows it. This is agreed during scoping.

How long does an internal penetration test take?

Typically 3 to 5 days of testing, up to 2 weeks for large environments, plus roughly 30 to 50 percent of that time for reporting.

How much does an internal penetration test cost?

From 8,000 euros. The final price depends on the size of the environment and is calculated individually based on the required effort.

What company sizes is an internal penetration test suitable for?

Internal infrastructure penetration testing makes sense for practically any organization that runs its own network and Active Directory, from small and mid-sized businesses to large enterprises. The effort scales with the size of the environment, so smaller networks need fewer testing days and cost less.

Cloud Infrastructure Security Audit

Cloud Infrastructure Audit, Azure, AWS configuration review, IAM, cloud security

A Cloud Infrastructure Audit is a read-only, white-box review of your Azure, AWS, or GCP environment that finds misconfigurations, over-privileged IAM roles, and exposed services before attackers do.

Cloud services offer enormous flexibility, but that flexibility comes with risk. Misconfigured storage buckets, overly permissive IAM roles, and exposed management interfaces are among the most common causes of cloud security incidents. A Cloud Infrastructure Audit reviews your cloud environment with a read-only account to identify exactly these issues before attackers do.

Supported platforms: Azure, AWS, and GCP. For Azure environments, cloud IAM misconfigurations are frequently intertwined with Entra ID role assignments and Conditional Access, both are often reviewed together.

Scope

This audit is performed as a white-box engagement using a read-only account and standard tooling (ScoutSuite, manual review). The following areas are covered:

  • Identity and Access Management: role assignments, over-privileged accounts, service principals, least-privilege review
  • Storage and data exposure: public buckets/blobs, access policies, sensitive data exposure
  • Virtual Network Configuration: security groups, network ACLs, firewall rules, exposure of management ports
  • Logging and Monitoring: audit log configuration, alerting, detection coverage
  • Security Settings: Defender/Security Hub/Security Command Center configuration, encryption at rest and in transit
  • Service-specific hardening: configuration of the cloud services actively used in your environment

Why

  • Cloud environments are a frequent source of breaches, often because default configurations are not hardened
  • IAM mistakes (e.g. overly broad roles, unused service accounts with high permissions) are the most common cloud security gap
  • A read-only configuration review can surface critical exposures in hours that might otherwise go unnoticed for months

Typical findings include a CI/CD service principal with Contributor or Owner rights far beyond what its pipeline needs, storage accounts or buckets left publicly readable after a one-off data export, and stale guest accounts retaining access long after a project ends. None of these require exploiting a vulnerability. They are configuration mistakes visible to anyone who knows where to look, which is exactly why a read-only review finds them so quickly.

Why VidraSec 🦦

I have conducted Cloud Infrastructure Audits across Azure, AWS, and GCP environments. My background in identity and access management, particularly in the Microsoft stack, extends naturally into cloud IAM, where many of the same misconfigurations appear.

Typical Duration

3 to 5 days (scope-dependent, depends on the number and complexity of cloud services in use). Reporting takes roughly 30 to 50% of the test time on top.

Typical Price

from 7,000 €

The final price depends on the scope of the project and the maturity level of your IT security. It is calculated individually based on the required effort.

Deliverables

Every engagement includes:

  • Written findings report with all misconfigurations, prioritized by severity, with remediation steps
  • Management summary tailored to your audience (technical or executive)
  • Live debriefing to walk through findings and answer questions
  • Retesting after remediation available on request

See example reports for what a VidraSec report looks like.

Compliance

Directly relevant for NIS2 and ISO 27001. Cloud configuration is increasingly scrutinized in information security management reviews.

Frequently asked questions

Which cloud platforms does VidraSec audit?

Azure, AWS, and GCP. The audit uses a read-only account and a combination of automated tooling such as ScoutSuite and manual expert review.

Is a Cloud Infrastructure Audit the same as a cloud penetration test?

Not quite. A configuration audit reviews your environment from a read-only account to find misconfigurations efficiently. A cloud penetration test actively attempts to exploit issues. For most organizations the configuration audit surfaces the highest-impact problems fastest.

How long does a Cloud Infrastructure Audit take?

Typically 3 to 5 days depending on the number and complexity of cloud services in use, plus roughly 30 to 50 percent of that time for reporting.

How much does a Cloud Infrastructure Audit cost?

From 7,000 euros. The final price depends on scope and the maturity level of your environment and is calculated individually.

Cyber Attack Simulation

Cyber attack simulation, red team, attack detection, response testing

A Cyber Attack Simulation recreates realistic, end-to-end attack scenarios to test whether your people, processes, and security tools actually detect and respond to an attacker who is already inside.

Also called an attacker simulation or adversary simulation.

Realistic attack scenarios and typical attack paths are recreated to validate how well your organization can detect and respond to real-world attacks. A penetration test finds vulnerabilities in systems. A cyber attack simulation tests whether your people, processes, and tools actually catch an attacker who is already inside.

Red Team vs Purple Team

Two approaches are available:

  • Red Team (blue team unaware): The security or IT team does not know a simulation is running. This gives the most realistic picture of your detection and response capabilities.
  • Purple Team (cooperative): The security team works alongside the attacker. This is more educational, great for training, building detection rules, and rapidly improving defenses.

Which approach fits your situation is discussed in the kick-off meeting.

Typical Scenarios

Specific scenarios are agreed in the kick-off. Common examples include:

  • Phishing simulation, targeted or mass phishing campaign to test staff recognition and reporting processes
  • Social engineering, phone-based or in-person pretexting
  • Malware infection, simulated malware deployed on an endpoint, testing EDR response and alert handling
  • Ransomware attack simulation, recreating the early stages of a ransomware attack (initial access, spreading, access to backups), without encrypting any real data of course
  • Business Email Compromise (BEC), impersonation of executives or suppliers
  • Credential theft and reuse, testing whether stolen credentials trigger alerts
  • Living-off-the-land techniques, using built-in system tools to avoid detection
  • Lateral movement, testing whether an attacker can move from one compromised system to others

Deliverables

Unlike a standard pentest, the output of a Cyber Attack Simulation focuses on process insights alongside technical findings:

  • What allowed the attack to succeed (or what stopped it)?
  • Are alerts being monitored? How quickly did the team respond?
  • Did anyone report the phishing email, or did someone submit the malware to VirusTotal, tipping off the attacker?
  • Which detection gaps need to be addressed?

Every engagement includes a written report, management summary, and live debriefing.

See example reports for what a VidraSec report looks like.

Typical Duration

3 days (phishing-only exercise) to 3+ weeks (full multi-vector simulation). Scope-dependent.

Typical Price

from 5,600 € (for a phishing simulation)

This type of project must be very precisely tailored to your needs, the final price depends on the scope and required effort and is calculated individually.

Compliance

Relevant for NIS2 Article 21, organizations are required to have incident detection and response capabilities. A cyber attack simulation directly tests whether those capabilities work.

Frequently asked questions

What is an attacker simulation?

An attacker simulation (also called an adversary simulation or cyber attack simulation) recreates the actions of a real attacker, such as phishing, social engineering, or credential theft, to test whether your team, processes, and security tools detect and stop an attack.

What is the difference between a penetration test and a cyber attack simulation?

A penetration test finds vulnerabilities in systems. A cyber attack simulation tests whether your team and tooling catch an attacker who is already inside, including alerting, monitoring, and incident response. The two answer different questions and complement each other.

What is the difference between a red team and a purple team engagement?

In a red team engagement the defenders do not know a simulation is running, which gives the most realistic measure of detection and response. In a purple team engagement the security team works alongside the attacker, which is more educational and ideal for building detection rules quickly.

How long does a cyber attack simulation take?

From around 3 days for a phishing-only exercise to 3 weeks or more for a full multi-vector simulation, depending on the agreed scope.

How much does a cyber attack simulation cost?

From 5,600 euros for a phishing simulation. Larger multi-vector engagements are scoped and priced individually because they must be tailored precisely to your environment.

Entra ID Security Audit

EntraID Audit, Azure AD / Microsoft Entra ID configuration review, identity management

An Entra ID Audit (formerly Azure AD) is a white-box review of your Microsoft Entra ID tenant that uncovers identity and access misconfigurations, weak Conditional Access policies, and privilege escalation paths.

EntraID (Microsoft Entra ID) is Microsoft’s central identity and access management (IAM) solution, especially in Microsoft 365 environments, and forms the basis for single sign-on (SSO) and access control. A misconfiguration can lead to unauthorized access to company resources or facilitate social engineering attacks. Therefore, this component must be thoroughly tested.

Scope

This type of test is typically performed as white-box, meaning that the testers receive full access to the tested system and its documentation. This allows a comprehensive analysis of vulnerabilities and misconfigurations in a short time frame. These are the main focus points of the test:

  • Audit of the implementation status of the tier model and possible vulnerabilities
  • Review of all accounts and their password age
  • Review of the permissions of users, computers, and groups
  • Review of group memberships of highly privileged groups
  • Interview with administrators on how they typically administer the system
  • Conditional access policies
  • Verification against best practices
  • The link to the on-premise Active Directory

Typical Duration

3-5 days (scope-dependent). Reporting takes roughly 30-50% of the test time on top.

Typical Price

from 7,000 €

The final price depends on the scope of the project and the maturity level of your IT security. It is calculated individually based on the required effort.

Deliverables

Every engagement includes:

  • Written findings report with all misconfigurations, prioritized by severity, with remediation steps
  • Management summary tailored to your audience (technical or executive)
  • Live debriefing to walk through findings and answer questions
  • Retesting after remediation available on request

See example reports for what a VidraSec report looks like.

Compliance

Directly relevant for NIS2, ISO 27001, and TISAX. Identity and access management is a core control domain in all major security frameworks.

Frequently asked questions

What is Entra ID?

Entra ID (formerly Azure AD) is Microsoft’s cloud-based identity and access management system. It underpins single sign-on and access control in Microsoft 365 and is separate from Microsoft’s on-premises Active Directory. An Entra ID Security Audit reviews this cloud identity environment for misconfigurations and privilege escalation paths.

What is the difference between Entra ID and Active Directory?

Active Directory is Microsoft’s on-premises identity system; Entra ID (formerly Azure AD) is the cloud identity platform behind Microsoft 365 and single sign-on. They are separate systems and are covered by separate audits, though VidraSec also reviews how the two are connected.

Does the Entra ID Audit cover Conditional Access and MFA?

Yes. Conditional Access policies, MFA enforcement, and common MFA bypass and social engineering risks are a core focus of the audit, alongside privileged role assignments and app registration permissions.

How long does an Entra ID Audit take?

Typically 3 to 5 days depending on tenant complexity, plus roughly 30 to 50 percent of that time for reporting.

How much does an Entra ID Audit cost?

From 7,000 euros. The final price depends on scope and the maturity level of your environment and is calculated individually.

External IT Infrastructure Penetration Test

External penetration test, test external IT infrastructure and attack surface

An External IT Infrastructure Penetration Test assesses your internet-facing systems (servers, VPNs, mail, remote access) for exploitable vulnerabilities and exposure that an attacker could use to gain a foothold.

If your system is exposed to the internet, it could potentially be hacked by anyone. Okay, I exaggerate a bit, but I think you understand. Vulnerabilities in your external infrastructure can lead to very bad press and threaten your customers’ personal information. Regular external infrastructure penetration testing keeps that attack surface in check.

Scope

This test can focus on a range of externally accessible IPs. Another approach is to collect information about your external attack surface, meaning what information can an attacker find out about your company and which services are exposed (that you might not even know about). These are the main focus points of the test:

  • Detection of vulnerabilities in your external infrastructure. VPN gateways, mail servers, RDP/Citrix gateways, and other remote access solutions are common entry points
  • Identification of outdated software and used libraries, including known CVEs in internet-facing appliances
  • Check for missing hardening measures that can protect you in case there is a vulnerability
  • Publicly exposed sensitive information, e.g. in cloud storage, code repositories, or misconfigured file shares
  • Insecure configuration of services

Internet-facing appliances are a recurring source of critical findings industry wide. See Exploiting a CheckPoint VPN Gateway with One Simple Command for a concrete example of the kind of vulnerability class this test is designed to catch.

As an optional add-on, this test can be combined with OSINT (Open Source Intelligence): researching what an attacker could learn about your company, infrastructure, and employees from public sources (leaked credentials, exposed subdomains, metadata, code repositories) before ever sending a packet. This is not part of the standard scope and is agreed separately during scoping.

Why

  • Do you even know all the services that are exposed to the internet?
  • Are you sure you are not unintentionally leaking sensitive data?
  • Did you apply all the additional security measures that can prevent attacks?
  • Are all your services configured according to best practices?

Why VidraSec 🦦

I have worked in penetration testing and red teaming since 2017. In this time, I have seen many different systems and found a lot of vulnerabilities. Fun fact: in all this time, there have been worse and better systems, but there has never been a system without any vulnerabilities. Let’s improve your security together!

Typical Duration

2+ days of testing (heavily scope-dependent, depends on the number of IPs and services in scope). Reporting takes roughly 30 to 50% of the test time on top.

Typical Price

from 4,200 €

The final price depends on the scope of the project and the maturity level of your IT security. It is calculated individually based on the required effort.

Deliverables

Every engagement includes:

  • Written findings report with all vulnerabilities, prioritized by severity, with remediation steps
  • Management summary tailored to your audience (technical or executive)
  • Live debriefing to walk through findings and answer questions
  • Retesting after remediation available on request

See example reports for what a VidraSec report looks like.

Compliance

Directly relevant for NIS2 (Article 21), ISO 27001, and GDPR: exposure of internet-facing services can directly risk customer personal data.

Frequently asked questions

What is the difference between an external and an internal penetration test?

An external penetration test attacks your perimeter from the internet, the way an outside attacker would. An internal penetration test simulates an attacker who already has a foothold inside the network. Many organizations combine both to cover the full attack chain.

Will the test affect our live systems?

Testing is conducted carefully to avoid disruption. Potentially intrusive checks are coordinated with you in advance, and a contact is kept available during testing so anything unexpected can be paused immediately.

How long does an external penetration test take?

From around 2 days, heavily dependent on the number of IPs and services in scope, plus roughly 30 to 50 percent of that time for reporting.

How much does an external penetration test cost?

From 4,200 euros. The final price depends on the number of systems in scope and is calculated individually based on the required effort.

Microsoft 365 Audit

Microsoft 365 Audit, M365 security review, Exchange Online, Teams, SharePoint, Defender

A Microsoft 365 Audit is a read-only, white-box review of your M365 tenant (Exchange Online, Teams, SharePoint, Defender, and admin roles) that finds misconfigurations enabling phishing, data theft, or account takeover.

Microsoft 365 is the productivity backbone of most modern organizations, Exchange Online handles email, Teams drives collaboration, SharePoint stores documents, and Entra ID manages identities. A misconfiguration in any of these components can expose sensitive data, enable phishing attacks, or allow unauthorized access to company resources.

This audit reviews the security configuration of your Microsoft 365 tenant using a read-only account. It is typically performed as a white-box engagement and scoped in a kick-off call. It is a natural complement to an Entra ID Audit, which focuses specifically on identity and access management.

Scope

The following areas are reviewed as part of a Microsoft 365 Audit:

  • Exchange Online: anti-phishing policies, SPF/DKIM/DMARC configuration, mail transport rules, connector security, external email warnings
  • Teams and SharePoint: external sharing settings, guest access policies, document permission review
  • Microsoft Defender for Office 365: policy configuration, Safe Links, Safe Attachments, threat protection settings
  • Admin roles and MFA: review of global admins and privileged roles, MFA enforcement for admin accounts
  • Microsoft Secure Score: review of current score and highest-impact recommendations
  • Conditional Access: review of policies protecting M365 applications

Why

  • Microsoft 365 environments are a prime target for attackers, phishing, business email compromise (BEC), and data theft typically exploit misconfigurations rather than software vulnerabilities
  • Default Microsoft 365 settings are not hardened, many organizations run significant gaps without knowing it
  • A compromised M365 tenant can expose all company email, files, and credentials

Why VidraSec 🦦

My focus on Windows, Active Directory, and the Microsoft identity stack extends naturally into Microsoft 365. The Entra ID and M365 layers are tightly integrated, understanding one requires understanding the other. This audit is often combined with an Entra ID Audit for a complete picture of the Microsoft identity and productivity environment.

Typical Duration

3-5 days (reporting included; scope-dependent)

Typical Price

from 7,000 €

The final price depends on the scope of the project and the maturity level of your IT security. It is calculated individually based on the required effort.

Deliverables

Every engagement includes:

  • Written findings report with all identified misconfigurations, prioritized by risk
  • Management summary tailored to your audience (technical or executive)
  • Live debriefing to walk through findings and answer questions
  • Retesting after remediation available on request

See example reports to get a sense of what a VidraSec report looks like.

Compliance

Relevant for organizations working towards NIS2, ISO 27001, or TISAX compliance. Microsoft 365 security configuration is increasingly audited as part of information security management reviews.

Frequently asked questions

What is the difference between a Microsoft 365 Audit and an Entra ID Audit?

A Microsoft 365 Audit reviews the productivity services such as Exchange Online, Teams, SharePoint, and Defender. An Entra ID Audit focuses specifically on identity and access management. The two layers are tightly integrated and are often audited together for a complete picture.

Does the audit require access to our tenant?

Yes, a read-only account is sufficient. The audit is performed white-box, which lets VidraSec review configuration and security settings efficiently without making changes to your tenant.

How long does a Microsoft 365 Audit take?

Typically 3 to 5 days including reporting, depending on tenant size and the services in use.

How much does a Microsoft 365 Audit cost?

From 7,000 euros. The final price depends on scope and the maturity level of your environment and is calculated individually.

Security Awareness Training

Security Awareness Training, staff training phishing, social engineering, passwords

Security Awareness Training teaches your staff to recognize and resist the attacks that cause most breaches: phishing, social engineering, and weak passwords, delivered by a pentester who actually runs these attacks.

Most cyber attacks begin with a human error. Someone has set a weak password or opened the wrong email attachment. Therefore, it is essential that all employees are trained on how to behave correctly.

The exact scope and duration of this training can be individually determined. Typical training contents include:

  1. Introduction to the threat situation
  2. Phishing and Social Engineering
  3. Internet fraud
  4. Password security
  5. Outdated recommendations
  6. Social Media Security

The training can be conducted remotely or on-site.

Why VidraSec 🦦

Most security awareness training is delivered by someone who read about the attacks, not someone who has actually run them. I’ve conducted phishing campaigns against companies, bypassed MFA, stolen credentials, and moved through internal networks undetected. That direct attack experience shapes how the training is delivered: the examples are real, the techniques are current, and the explanations land differently when they come from someone who has actually done this.

For non-technical audiences, a live cyber attack demonstration is available as part of or alongside the training. Watching a real attack unfold is more persuasive than any slide deck: seeing how a phishing email bypasses filters, how credentials are stolen, how one compromised account escalates to full network access. I’ve presented at international security conferences including Troopers, IT-SECX, and Hacktivity, and that speaking experience translates directly into engaging sessions for your team or event.

See Trainings & Presentations for details on the live demo format.

Format

Sessions should not exceed 1 hour per session, shorter, focused blocks work better than long lectures. For groups larger than 15-20 people, splitting into smaller sessions is recommended to keep engagement high.

Typical Price

200 € per hour of training

The final price depends on the desired content, as the training may have to be adapted to your specific environment and industry.

Deliverables

Every engagement includes a tailored training session and post-training Q&A. No written pentest report, the deliverable is knowledge transferred to your team.

Compliance

Directly relevant for NIS2 (Article 21, organizations must ensure staff receive regular security training) and ISO 27001 (Annex A control A.6.3, information security awareness, education and training).

Frequently asked questions

What topics does the training cover?

Typical content includes the current threat landscape, phishing and social engineering, internet fraud, password security, outdated recommendations to unlearn, and social media security. The exact scope is tailored to your industry and audience.

Can the training be delivered remotely?

Yes. The training can be conducted remotely or on-site. For non-technical audiences a live cyber attack demonstration is also available, where a real attack is shown unfolding step by step.

How much does Security Awareness Training cost?

200 euros per hour of training. The final price depends on the desired content, since the material may need to be adapted to your specific environment and industry.

Web Application Penetration Test

Web Application Penetration Test, test web apps for vulnerabilities, OWASP

A Web Application Penetration Test is a manual security assessment of a web application and its APIs, focused on the OWASP Top 10: broken access control, injection, authentication flaws, and business logic vulnerabilities.

Vulnerabilities in web applications can be very problematic. In the worst case, the entire web server is taken over or confidential customer data is stolen. Therefore, it is especially important to thoroughly test these applications.

Scope

Web applications are tested against the most critical vulnerability classes, with a focus on the OWASP Top 10. This includes:

  • Access control testing: broken access control, privilege escalation, IDOR (accessing other users’ data by changing an ID in a request)
  • Authentication and session flaws: weak password reset flows, session fixation, JWT misconfiguration
  • Injection attacks: SQL injection, command injection, SSTI
  • Server-side request forgery (SSRF) and insecure deserialization
  • Business logic vulnerabilities: flaws in the application’s workflow that automated scanners cannot detect, such as skipping a payment or approval step
  • Misconfigurations: security headers, TLS settings, error disclosure
  • Review of third-party components: outdated libraries, known CVEs
  • Implementation of Defense-in-Depth measures

Android mobile app testing is also available on request.

The specific test procedure and tested components will be discussed in a Scoping meeting.

Why

  • Automated scanners catch the obvious issues; access control and business logic flaws (the ones that actually lead to data breaches) require a human tester
  • A single IDOR or broken access control bug can expose your entire customer database
  • Web applications change constantly. A test is a snapshot of security at a point in time, and regular testing catches regressions introduced by new features

Why VidraSec 🦦

I have worked in penetration testing and red teaming since 2017, and web applications are one of the most common entry points I test. Manual testing means I actually understand the application’s logic instead of relying on scanner signatures, and that’s where the vulnerabilities that matter are usually found.

Typical Duration

3 to 5 days of testing (depends on the size and complexity of the application). Reporting takes roughly 30 to 50% of the test time on top.

Typical Price

from 7,000 €

The final price depends on the scope of the project and the maturity level of your IT security. It is calculated individually based on the required effort.

Deliverables

Every engagement includes:

  • Written findings report with all vulnerabilities, prioritized by severity, with remediation steps
  • Management summary tailored to your audience (technical or executive)
  • Live debriefing to walk through findings and answer questions
  • Retesting after remediation available on request

See example reports for what a VidraSec report looks like.

Compliance

Relevant for GDPR (protection of customer data processed by the application) and ISO 27001.

Frequently asked questions

Is the test manual or automated?

It is primarily manual. Automated scanning supports the work, but the depth, and especially access control and business logic vulnerabilities, comes from manual testing by an experienced tester. Reports do not include automated scanner noise.

Do you test APIs and mobile apps as well?

Yes. REST and GraphQL APIs are in scope, and Android mobile app testing is available on request. The exact components are agreed in the scoping meeting.

Does the test require credentials or source code?

Most engagements are greybox, using valid user accounts to reach the parts of the application where the interesting vulnerabilities live. Source code is not required, though it can be included for a deeper review.

How much does a web application penetration test cost?

From 7,000 euros. The final price depends on the size and complexity of the application and is calculated individually based on the required effort.