Penetration testing by certified ethical hackers

We find security issues before the bad guys do

to prevent any negative business impact.

Everything you need to have a good security posture

Web-application penetration testing

Web application penetration testing is a critical service designed to identify and simulate real-world attacks on your web applications, revealing vulnerabilities before they can be exploited by malicious actors.

Infrastructure penetration testing

Infrastructure penetration testing delves deep into your network and system infrastructure to uncover hidden vulnerabilities and potential points of entry for cyber attackers.

API penetration testing

API penetration testing is a specialized service designed to uncover vulnerabilities in your application programming interfaces (APIs), which are critical gateways to your business logic and data.

Simple and fast process

How we work?

We follow a simple process during the engagement.

Intro call & Scoping
We discuss your needs and the details of your application during a short call so we can assess how much time should we spend testing the application.
Based on the information from the scoping process, we present a quote for you.
Penetration test
We carry out the actual test. This is a manual process, not an automated scan, although we use tools to speed up some of processes.
Report delivery
We deliver a report with the findings, and recommended mitigations.
Once you have addressed the issues we identified, we will conduct a re-test to verify the corrections.
Letter of attestation
You receive a Letter of Attestation to present to your auditors or customers, should you need it.


“I worked with Greg to go through all my sites and apps and make sure they are safe. I love being a scriptkiddie hacking together and shipping fast but security is nothing to be fast about because you hold user's data and have to keep that safe. Having Greg pentest everything, audit my code and follow his recommendations helps me sleep a bit better at night.”

Pieter Levels

“When I was planning on making Keygen open source, getting a penetration test and security audit was a major prerequisite. I knew Greg was a great choice, with his deep understanding of Ruby and of Rails. Greg completed the security audit according to schedule, and with his help and recommendations, I was able to successfully patch the issues he found. When it comes to security, I highly recommend Greg and Spektr.”

Zeke Gabrielse
Founder of Keygen

“Tens of thousands of students and many universities rely on our software each semester to provide course content, assessments and grades. It is critical that we provide a service that is secure and reliable to each stakeholder involved. For a small team without specific security expertise, we knew (and were strongly encouraged by our partners) we needed to get a reliable security audit and penetration test to make sure all of our systems were as secure as possible. Greg's expertise was evident from our first meeting. He meticulously audited our systems, identifying vulnerabilities with precision. His insightful recommendations were invaluable, allowing us to fortify our digital infrastructure effectively. Greg's thorough approach to security has not only enhanced our systems but also given me and all of our partners a peace of mind. For anyone seeking top-notch security solutions, I wholeheartedly recommend Greg and Spektr.”

Jess Brown
Co Owner,

Certifications we hold

Our team holds a few cyber security certifications.

Penetration testing

OffSec Certified Professional

OSCP is considered to be more technical than other ethical hacking certifications and is one of the few that requires evidence of practical penetration testing skills.

Security Operations

Blue Team Level 1

Earners of the Blue Team Level 1 Certification have showcased their practical ability to defend networks and systems from cyber threats through technical and hands-on defensive cybersecurity training. They have knowledge and ability across 5 security operations domains which include Phishing Analysis, Digital Forensics, Threat Intelligence, SIEM, and Incident Response.

Penetration testing vs vulnerability scanning

Penetration testing and vulnerability scanning are both critical components of a comprehensive cybersecurity strategy, but they serve different purposes and are conducted in distinct manners. Penetration testing, often referred to as pen testing or ethical hacking, is a proactive and in-depth approach to identify, exploit, and test the resilience of a system's defenses. It simulates a real-world attack scenario to discover potential vulnerabilities that could be exploited by malicious attackers. Pen testers use a variety of techniques and tools to mimic the actions of potential attackers, which includes not only identifying vulnerabilities but also attempting to exploit them to understand the real-world impact of a breach. This method provides a hands-on understanding of the system's security posture, offering insights into how an attacker could gain unauthorized access, escalate privileges, or exfiltrate data.

Vulnerability scanning is a more automated and broad approach that involves the use of software tools to scan systems, networks, or applications for known vulnerabilities. These tools typically rely on databases of known vulnerabilities, such as the Common Vulnerabilities and Exposures (CVE) list, to identify potential security issues. Vulnerability scans are generally less intrusive than penetration tests and can be conducted more frequently. They are designed to quickly and efficiently identify and categorize vulnerabilities within an environment, providing organizations with a list of identified weaknesses that need to be addressed. However, unlike penetration testing, vulnerability scanning does not typically involve the exploitation of vulnerabilities to understand the depth or impact of the weakness, making it a useful but less comprehensive assessment tool compared to penetration testing.

Methodologies and frameworks we rely on

Our team holds a few cyber security certifications.

Web application penetration testing

OWASP Web Security Testing Guide

The WSTG is a thorough manual for examining the security of web applications and web services. Crafted through the collective contributions of cybersecurity experts and committed volunteers, it furnishes a structured set of optimal methodologies relied upon by penetration testers and corporations globally.
During a web application penetration testing, we use a custom methodology based on this guide.

NIST SP 800-115

We rely on NIST's "Technical Guide to Information Security Testing and Assessment" during out engagements.

Contact us

We're here to help

If you are looking for a penetration test, a security audit, help with ISO 27001, SOC2, HIPAA or another compliance, or just want to have a chat about your security challenges, reach out and we can discuss how we can help.