Our penetration testing services are designed to simulate real-world attacks on your organisation's IT systems, applications, and networks. We are an Australian CREST accredited consultancy with a team of certified penetration testers spread across the east coast of Australia.
Project Black is 1 of only 4 active CVE Numbering Authorities (CNAs) in Australia that conducts security research on third party software. We publish around 10 zero-day vulnerabilities per year.
We pride ourselves on the quality of our output. We develop and maintain our own tools alongside leveraging automation, but comprehensive manual testing remains at the core of every engagement. We validate findings and uncover risks that automated scans miss.
INCLUDED WITH EVERY ENGAGEMENT
Throughout the engagement, you get access to our testing portal where vulnerabilities are published as they are discovered. This gives you advance notice of high and critical risk findings so your team can begin remediation before the final report is delivered.
Upon completion, you can request a penetration testing certificate you can share with customers or other third parties. It provides a simple way to communicate that a CREST certified test was conducted without disclosing the details of the report.
At the end of every engagement, we walk you through the findings in a debrief call. This gives your team the opportunity to ask questions, understand the each vulnerability, and discuss options for remediation.
On request, we can produce a redacted version of the report with sensitive technical details removed. This is useful for customers who might need more assurance than the certificate provides.
Once you have remediated findings, a retest can optionally be undertaken to verify that vulnerabilities have been correctly fixed. This gives you confidence before go-live or before sharing results with customers and auditors.
We understand the challenges faced by small and medium-sized enterprises (SMEs). Our pricing is designed to be SME-friendly, ensuring that high-quality cybersecurity services are accessible and affordable for every Australian business, without compromising on expertise or results.
Project Black is a CREST accredited penetration testing firm. Our CREST accreditation reflects our commitment to excellence in penetration testing. By working with certified experts who follow ethical, best-practice frameworks, you can be confident in the quality and integrity of our security assessments.
Project Black consultants hold industry-recognised penetration testing certifications like the CREST CRT, Offsec’s OSCP, and OSCE, so you and your customers can rest assured that testing is being performed to a high standard.
Penetration testing is performed by consultants based in Australia. Your data stays down under, and we’re right here whenever you need us. Our consultants are spread nationwide in Sydney, Melbourne, and Brisbane.
A pentest isn’t a scan! Our penetration testing methodology is firmly rooted in industry best practices, including references to the Open Web Application Security Project (OWASP) Top 10, the SANS CWE Top 25, and the NIST SP 800-115. You can read more about our web app methodology here or our network infrastructure methodology here.
Attacker methodologies continuously evolve, staying ahead of the curve is paramount. Project Black invests significantly in research and development. Each year we find approximately 10 zero day vulnerabilities which result in a CVE being assigned. Check out our latest blogs.
"Project Black would have to be one of the best I have dealt with to date. I have since recommended Project Black to others in the industry."
"After working with a much larger agency, we were amazed by the immediate improvement in professionalism, efficiency, and thoroughness that Project Black brought to the table."
Most of the penetration tests we perform fall within the range of $6,000-$10,000 (AUD) depending on scope, our smallest projects start from ~$3,600. Reach out for your quote today!
We try to size up your scope! For web applications the biggest factor for sizing is the number of dynamic pages/API endpoints. For infrastructure testing, the biggest factor for sizing is the number of active hosts.
This is a bit hard to answer on a static website! Generally we can start within 2 weeks of signing the engagement, give us a call to check.
It depends on the scope of the test, but generally it takes 1-3 weeks to complete including reporting.
Yes. We can share a sample report with you, reach out to us for a copy.
Yes. Our penetration testing is performed by consultants based in Australia, we do not offshore or outsource unlike some other providers.
Penetration tests are more comprehensive than automated scans. Human testers also have the ability to chain together a series of vulnerabilities to achieve greater impact.
It depends on your goals. White box testing will simulate an insider threat, you provide all information (e.g. source code) so time isn’t wasted on enumeration. Black box is the most realistic but may result in less vulnerability findings for same money. Grey box testing balances realism and cost effectiveness.
Yes. Our testing protocols surpass the guidelines recommended by the PCI Standards Council and ISO/IEC.
We uncover your unknown unknowns! This is typically in the form of a detailed report that contains discovered vulnerabilities, their potential risks, and remediation recommendations.
Most likely! Project Black has worked with companies in many industries, including finance, healthcare, government, and more.
Simply fill out and submit the form, and we'll provide you with a quote within hours - unless you fill it in at 3am!