Nitish Shah
Penetration Testing
Manual pentesting for startups & SaaS companies

Web & API Pentesting with clear reporting and real impact.






Request a Quote View Pricing
Manual testing + validated findings OWASP-aligned API coverage Executive-ready report included Typical timeline: 2–3 weeks

Typical engagement duration: 2–3 weeks depending on scope and access.
Pricing starts from $1000.

What you get Manual testing + verified findings
Non-destructive testing Proof of Concept Business impact Fix guidance
Testing approach OWASP-aligned coverage
OWASP Top 10 Auth & access control Data exposure
Deliverables Executive-ready report + technical details
Executive summary Severity ratings Reproduction steps

Designed for customer security reviews, procurement, and SOC 2/ISO vendor requirements.

Includes a professional pentest report you can use for Vendor Risk Assessment Questionnaires (security questionnaires, vendor onboarding, and customer due diligence).

Services

Clear scope, manual testing, and reporting built for engineering teams and leadership. Every finding is validated and documented with actionable remediation steps.

Full-Scope Web + API Pentest Engagement

Manual testing of your web application and API endpoints focused on exploitable vulnerabilities, real business impact, and practical remediation guidance your engineers can act on immediately.

What you get

  • Web + API coverage (auth, access control, input validation, business logic, data exposure)
  • OWASP-aligned testing (OWASP Top 10 + OWASP API Security Top risks)

Deliverables

  • Verified findings with evidence + reproduction steps (no scanner-only output)
  • Executive-ready report + technical details for engineers
What’s included by default
  • Rules of engagement + scope confirmation before testing starts
  • Severity ratings, business impact mapping, and prioritized fix plan
  • Non-destructive testing methodology with safe validation
  • Optional walkthrough call for findings and remediation clarification
Coverage areas (typical)
  • Authentication & session handling (JWT, cookies, refresh tokens, API keys)
  • Authorization issues (IDOR/BOLA, role bypass, privilege escalation)
  • Data exposure, misconfigurations, and sensitive information leakage
  • Business logic abuse scenarios relevant to your product workflows

How it works

1 Scope & Access Define targets, endpoints, accounts, and rules of engagement.
2 Testing (2–3 weeks) Manual testing + smart scanning for validation (no scanner-only output).
3 Report Delivery Executive summary + detailed findings with proof and remediation.
4 Support Clarifications and remediation discussion as needed.
Full engagement Request scope →

Pricing

Fixed-scope packages designed for startups and SaaS products. Pricing is shown in EUR. USD pricing is +20% due to currency handling and billing overhead.

WordPress / Small Website Pentest

€1000 fixed scope
USD price: $1200
See what’s included
  • Manual testing of login, sessions, access control, and common web attack paths
  • WordPress core + theme + plugin review (versions, exposure, and known risk validation)
  • Sensitive data exposure checks (backup files, logs, open directories, misconfigured storage)
  • Input validation testing (XSS, SQLi patterns, file upload risks, open redirects)
  • Admin-level risk review (weak configurations, exposed admin endpoints, hardening gaps)
  • Verified findings with evidence + clear reproduction steps (no copy-pasted scanner output)
  • Professional report with severity ratings, business impact, and fix recommendations

Retesting: €40/hour

SaaS Web + API Pentest

€2500–€5000
USD price: $3000–$6000
See what’s included
  • €2500 — up to 25 API endpoints (small SaaS scope)
  • €5000 — up to 60 API endpoints (expanded scope)
  • Web app testing for auth flows, session handling, and critical business workflows
  • API authorization testing (BOLA/IDOR, role bypass, privilege escalation, tenant isolation)
  • Authentication review (JWT, refresh tokens, API keys, session cookies, password reset flows)
  • Input validation testing (XSS, SQLi patterns, SSRF, file upload risks, template injection)
  • Data exposure checks (PII leakage, excessive data in responses, insecure direct object access)
  • Rate-limit and abuse testing (safe validation of brute-force, enumeration, and bypass risks)
  • Findings include evidence, reproduction steps, impact, and fix guidance for engineers
  • Executive-ready report for leadership + customer/vendor security reviews

Additional endpoints: €80+ per endpoint (beyond 60) · USD: $96+
Retesting: €40/hour

Report (Included)

Executive-ready + engineering-friendly. Evidence, impact, and fix guidance — not scanner output.

What you receive

Executive Summary Validated Findings Fix Guidance
Proof + reproduction steps

Requests/responses, screenshots, and clear steps your team can verify fast.

Business impact

Prioritized by real risk so leadership and engineers focus on what matters.

Remediation guidance

Practical fixes aligned with your architecture and API patterns.

Full report table of contents
  1. Confidentiality Statement
  2. Disclaimer
  3. Contact Information
  4. Assessment Overview
  5. Assessment Components (Web + API)
  6. Severity Ratings
  7. Risk Factors (Likelihood + Impact)
  8. Scope (In-scope + Exclusions)
  9. Executive Summary
  10. Key Strengths & Weaknesses
  11. Vulnerability Distribution
  12. Detailed Findings (WPT-XXX / API-XXX)
Need a customer-facing report version?
Yes. If required, I can provide a sanitized version suitable for external sharing during vendor reviews.

Security, Confidentiality & Engagement Terms

Clear engagement rules, predictable communication, and responsible handling of evidence and sensitive data.

Engagement Terms (Simple + Clear)

Written authorization, safe testing, and clean evidence handling.

NDA Supported DPA (GDPR) Available Encrypted Evidence 60-Day Retention
Confidentiality & evidence handling
Evidence is stored on an encrypted local device. Default retention is 60 days. Faster deletion is available on request.
Communication & escalation
Weekly status update every Monday. Critical findings can be shared immediately so remediation starts early.
Legal & invoicing
NDA/contract supported (yours or mine). Invoice issued via PayPal Invoicing.

Testing is performed only with explicit written authorization and defined Rules of Engagement.

Quick summary

Safe testing

Non-destructive validation. No downtime or stress testing unless agreed.

Built for vendor reviews

Report format works for SOC 2 / ISO onboarding and customer security questionnaires.

Clear scope upfront

In-scope assets, exclusions, and rules of engagement are confirmed before testing begins.

Retesting support

Fix validation and retesting available to confirm remediation and reduce re-opened findings.

Scope & Methodology

Black-box testing focused on real-world exploitation paths, validated findings, and practical remediation. This engagement is designed for internet-facing applications and APIs (not internal network testing).

Black-box Web Application + API Pentest

Testing your application from an attacker perspective using only the access you provide (URLs, accounts, and approved scope). The focus is on exploitable vulnerabilities, business logic abuse, and authorization flaws that can lead to account takeover, data exposure, or privilege escalation.

Web Application API Testing OWASP-aligned Non-destructive

Environment & Access

Testing can be performed on Staging or Production (based on your preference). If authenticated workflows are required, you may need to provide test accounts/credentials.

What’s covered

Authentication & Session Handling

Login flows, session handling, password reset, token security (JWT/refresh tokens), and common bypass paths.

Authorization & Access Control

IDOR/BOLA, role bypass, privilege escalation, and tenant isolation issues in both web and API endpoints.

Data Exposure & Business Logic

Sensitive information leakage, misconfigurations, and workflow abuse scenarios relevant to your product.

Out of scope (by default)

To keep testing safe and predictable, the following areas are not included unless explicitly agreed.

  • DoS / stress testing
  • Social engineering / phishing
  • Physical security testing
  • Internal network pentesting (LAN/VPN)

If your requirements include internal network testing, I can discuss a separate scope.

Scope-defined testing Discuss scope →

Request a Scope & Quote

Share a few details about your application and timeline. I will respond with a recommended scope, estimated effort, and a fixed-price quote.

Email (Primary) security@hackerwalablog.in
LinkedIn https://www.linkedin.com/in/iamnitishshah/
Engagement Model Remote · Fixed scope · Report included · Typical timeline: 2–3 weeks
Response Time Replies within 24 hours (Mon–Fri)

To help me scope accurately, include: target URL(s), environment type (prod/staging), authentication type, estimated number of API endpoints, and any compliance requirements (SOC 2, ISO 27001, etc.).

Note: Testing is performed only with explicit written authorization and a defined Rules of Engagement.