Frequently asked questions

The price includes agreed scope analysis, manual security assessment, finding validation, a technical report and remediation guidance. Final pricing depends on the number of applications, API endpoints, user roles, IP addresses and functionality.

Vulnerability scanning automatically finds known issues. Penetration testing includes manual validation, access control, business logic, API authorization and exploitable-risk analysis.

A small review can take 1-3 days. A typical web/API penetration test often takes 5-10 business days, while larger network or source code reviews are scoped separately.

Yes, if testing boundaries, timing, accounts and prohibited actions are agreed in advance. If a staging environment exists, it is often a good starting point.

Yes. Retesting can be included in the proposal or scheduled separately after remediation.

We analyze how data enters the system, how it is processed and where security risk can appear. We assess risk paths in the code, important business logic areas and provide clear recommendations on what to fix first.

Externally, we assess what can be reached and observed from the internet. Internally, we check how access, network segments and the risk of movement from one compromised device are controlled.

The report includes scope, methodology, findings summary, risks, PoC, impact, remediation and retest status. If a specific format is required, mention it before the project.

Yes. We can start with a limited scope, one application, one API segment or the free 1-day source code review if it fits your situation.

It is for teams that want to quickly understand whether the code shows early security risk signals. It is a limited initial assessment, not a full audit.

A one-off pentest assesses one moment in time. Continuous security review is aligned with your release cycle and helps find risks when they appear.

Yes. Communication, reports and walkthroughs can be delivered in English or Lithuanian.