project black logo
broken padlock representing penetration testing activities

Penetration Testing.

Project Black's penetration testing services are designed to simulate real-world attacks on your organisation's IT systems, applications, and networks. Identify your gaps before the bad guys do with our dedicated team of consultants located in Australia, ready to assist you nationwide from Sydney and Melbourne.

Get a Quote Today

Our Core Offerings.

Web Application/API Testing

Web application testing scrutinises your application's code to identify security flaws, helping to prevent attackers from exploiting them. Identify complex flaws like business logic, injection, or privilege escalation vectors.

Internal Network Testing

Internal network testing probes for weaknesses from within your organisation, mirroring insider threats. Assume breach and ensure that even if perimeter defences fail, your internal safeguards are robust enough to protect your critical assets.

External Network Testing

External network testing simulates cyber attacks on your network from outside your company to uncover vulnerabilities before hackers can exploit them, ensuring your defences hold strong against real-world threats.

Wireless Testing

Wireless testing identifies security issues in your Wi-Fi networks, preventing unauthorised users from sneaking onto your internal network. Make sure your neighbours aren't snooping on you.

Mobile Application Testing

Mobile application testing prioritises data privacy by identifying potential vulnerabilities that could expose sensitive user information. Ensure data is handled and protected against unauthorised access.

Social Engineering

People form an important part of every organisation's security posture. Social engineering exploits human trust to gain access to sensitive information or systems. Assess your team's awareness.

Our Approach.

We pride ourselves on the quality of our output. While we leverage tools where necessary, our focus is on comprehensive manual testing, which forms the core of our engagements.

  • Reconnaissance
  • Automated Enumeration
  • Manual Assessment
  • Vulnerability Exploitation
  • Reporting

Why Project Black?

Unmatched Value Proposition

The services we provide are not just about cost, but about value. Our services offer an unmatched value proposition, combining top-tier expertise with competitive pricing. This is in line with our mission to make cybersecurity accessible to every Australian business.

CREST Accredited

Project Black is a CREST accredited penetration testing firm. Our CREST accreditation reflects our commitment to excellence in penetration testing. By working with certified experts who follow ethical, best-practice frameworks, you can be confident in the quality and integrity of our security assessments.

Certified Testers

Project Black consultants hold industry-recognised penetration testing certifications like the CREST CRT, Offsec's OSCP, and OSCE, so you and your customers can rest assured that testing is being performed to a high standard.

CREST logo
OffSec logo

Aussie Local

Penetration testing is performed by consultants based in Australia. Your data stays down under, and you get to work with a team that gets the Aussie way of doing business, quick and smart. We're right here whenever you need us.

Proven Methodology, Proven Results

A pentest isn't a scan! Our penetration testing methodology is firmly rooted in industry best practices, including references to the Open Web Application Security Project (OWASP) Top 10, the SANS CWE Top 25, and the NIST SP 800-115. You can read more about our web app methodology here or our network infrastructure methodology here.

Commitment to Innovation

Attacker methodologies continuously evolve, staying ahead of the curve is paramount. Project Black invests significantly in research and development. This commitment to continuous learning and innovation ensures that the techniques and tools remain cutting edge. Check out our latest blogs.

Research Blog

FAQs.

  • How much does a penetration test cost?

    Most of the penetration tests we perform fall within the range of $6,000-$10,000 depending on scope. Reach out for your quote today!

  • How do you quote for a penetration test?

    We try to size up your scope! For web applications the biggest factor for sizing is the number of dynamic pages/API endpoints. For infrastructure testing, the biggest factor for sizing is the number of active hosts.

  • When can you start?

    This is a bit hard to answer on a static website! Generally we can start immediately upon approval of our proposal, give us a call to check.

  • How is a penetration test different from a scan?

    Penetration tests are more comprehensive than automated scans. Human testers also have the ability to chain together a series of vulnerabilities to achieve greater impact.

  • Should I do a black, grey, or white box test?

    It depends on your goals. White box testing will simulate an insider threat, you provide all information (e.g. source code) so time isn't wasted on enumeration. Black box is the most realistic but may result in less vulnerability findings for same money. Grey box testing balances realism and cost effectiveness.

  • Can you perform a test for my ISO 27001/PCI DSS audit?

    Yes. Our testing protocols surpass the guidelines recommended by the PCI Standards Council and ISO/IEC.

  • Can penetration testing guarantee network security?

    Penetration testing forms an important part of a comprehensive security strategy but does not guarantee security, arguably nothing can guarantee 100% security.

  • What is the expected outcome of a penetration test?

    We uncover your unknown unknowns! This is typically in the form of a detailed report that contains discovered vulnerabilities, their potential risks, and remediation recommendations.

Ready for a Pentest Quote?

Simply fill out and submit the form, and we'll provide you with a quote within hours - unless you fill it in at 3am!

Contact Us:

  • Privacy Policy (November 2023)
  • This policy outlines how we collect, use, and safeguard your personal information.
  • Information We Collect & How We Use It
  • Contact Form: When you use our contact form, we collect your name, email, and phone number. This is used to respond to your inquiries
  • Microsoft Clarity, Google & Bing Analytics: We use Microsoft Clarity together with Google & Bing Analytics to collect data such as your page views, and visitor behavior on our site. This helps us understand how our website is used to help us improve our site.
  • We do not share your personal data with any third parties, except as necessary for Microsoft Clarity, Google & Bing Analytics analysis, see their privacy policies for more information.
  • Data Security
  • Contact form information is sent via formspree.io as this is a 100% static site to a shared mailbox in Office 365. Access to this mailbox is restricted to specific individuals within our company to ensure the security of your information.
  • formspree.io helps us archive a copy of the form submission where it is retained for 30 days. If you prefer to contact us directly, you can email us at [email protected] for the same purpose.
  • Your Rights
  • You have the right to access, amend, or request the deletion of your personal data. If you have any privacy-related concerns, questions, or requests regarding your personal information, please contact us at [email protected].
  • Changes to Privacy Policy
  • Our privacy policy may be updated periodically. Any changes will be posted here and communicated to individuals who have previously submitted forms.
  • Jurisdiction
  • This privacy policy adheres to the Australian Privacy Principles.