How is this different from the $199 Snapshot?
The Snapshot reviews fixed public website, email, domain, DNS, and account-risk signals. The penetration test performs active, authorized testing of one agreed custom application and its primary APIs under signed scope and Rules of Engagement.
Is every website a good penetration-test candidate?
No. A brochure site or ordinary managed WordPress site usually belongs on the Snapshot and Cleanup path. This service is for custom applications, portals, SaaS products, e-commerce applications, and meaningful authenticated workflows.
Do you test production systems?
Staging or a production-like environment is preferred. Production testing is considered only when explicitly approved in signed scope and Rules of Engagement, with agreed constraints and stop procedures.
What authorization is required?
Before testing, CyberBit requires an executed agreement, verified scope, written authorization from an entity able to grant it, and agreed Rules of Engagement. Third-party assets require separately verified permission.
Do you need passwords?
Not in the public form or ordinary email. If approved test accounts are needed after contracting, CyberBit arranges an agreed secure transfer method.
What happens if a critical issue is identified?
CyberBit follows the agreed communication and stop procedures, limits exposure, and notifies the authorized contact according to the Rules of Engagement.
Does the report prove the application is secure?
No. It is a point-in-time assessment of the agreed scope. It cannot prove every vulnerability was found or represent the company's complete security posture.
Can CyberBit fix the findings?
Remediation is optional and separately scoped. The report and findings review do not require the client to purchase implementation work from CyberBit.
Can another provider perform remediation?
Yes. The client may use its internal team, existing developer or IT provider, or another qualified security provider.
What does the retest include?
One focused retest may verify original findings requested within 30 days. It excludes a new assessment, new functionality, new assets, expanded roles or APIs, and certification.
Why does pricing start at $4,500?
Application size, workflows, authentication, roles, APIs, tenant boundaries, integrations, sensitivity, environment constraints, reporting, and retest scope affect the work. Exact scope and price are confirmed before payment.
Does this provide a compliance certification?
No. It provides authorized technical testing and an actionable report. It is not legal advice, independent certification, a compliance guarantee, or approval from an insurer, customer, or regulator.