< 1CYBER />

We hack your business — so criminals can't_

Penetration testing for your websites, apps and servers. Detailed report with proof-of-concept for every vulnerability.

> What we find in companies like yours

Customer data leaks

Names, phone numbers, payment details — accessible to anyone without a password. This means fines and loss of customer trust.

Payment system keys exposed

Secret keys for Kaspi, Stripe or other payment systems found in open access. Attackers can make transactions on your behalf.

Full server access

Weak passwords or open databases let attackers take complete control — read, modify, or delete all your data.

Source code exposed

Your application code is publicly accessible. Attackers study it to find every weak point and exploit them.

Unauthorized actions

Anyone can create orders, change prices, modify accounts — without logging in. Real cases we find regularly.

Legal violations

Personal data stored or transmitted insecurely. Under Kazakhstan and international law, this means significant fines.

> What we test

🌐

Websites & web apps

Online stores, CRM systems, customer portals, corporate websites — any web service your business runs

📱

Mobile applications

Android & iOS app analysis: how data is stored, network traffic security, API vulnerabilities, tamper protection

🖥️

Servers & cloud

Servers, databases, cloud infrastructure — everything accessible from the internet that attackers can target

> How it works

Sign documents

Day 0

We sign NDA + Authorization to Test. This protects both sides legally. No work begins without your written permission.

Security testing

7 days

Our team tests your systems exactly like real attackers would — but safely and within the agreed scope.

Report with proof

Day 7

You receive a detailed report. Every vulnerability comes with a working proof-of-concept (PoC) and specific remediation guidance.

You verify everything

14 days

Your team checks each PoC. You confirm which findings are valid. We sign an acceptance act together.

Payment

30 days

Payment within 30 days after the acceptance act. Fixed price per agreement — no surprises.

Ongoing protection

Optional

Subscribe to annual monitoring — we check every month that new code changes haven't introduced new vulnerabilities.

> Pricing

Prices in USD. We accept payment in AED, KZT and RUB at the current exchange rate. Final price depends on scope.

PENTEST

One-time

from $20,000

Single engagement

Full penetration test of your systems. Detailed report with working proof-of-concept for every vulnerability.

-Full black-box pentest under NDA
-Detailed report with PoC for each finding
-Severity rated by international CVSS 3.1 standard
-Remediation guidance included
-14 days to verify findings
-10% discount for a public testimonial or case study

SECURITY PARTNER

Annual subscription

from $10,000/mo

12-month contract

We help you keep security under control. Initial pentest + continuous monthly monitoring of new code and changes.

-Initial full pentest included
-Monthly security checks of new code & changes
-Remediation verification after fixes
-Monthly security status report
-Priority support & 24h response for critical issues
-Re-test after each major release

> Which plan is right for you?

AYou need a one-time check and want to know your current security level

BYou want continuous protection — we check every month that your developers haven't introduced new vulnerabilities

Agreement →

> Our work

We follow responsible disclosure — like Google Project Zero. After finding vulnerabilities through bug bounty programs (HackerOne, Bugcrowd), we publish detailed case studies after a 90-day disclosure period.

{ }

Case studies coming soon

Our first reports are currently in the 90-day disclosure period. Detailed write-ups with technical analysis will be published here.