A data breach costs an average of €4.5 million. I find your vulnerabilities before attackers do. Everything manual, by the same specialist, and the report is ready for your team the next day.
Average cost of a data breach in Europe, including fines, reputational damage, customer loss and remediation costs.
IBM Cost of a Data Breach Report 2024Average time before an organisation realises it has been breached. Months during which an attacker roams freely.
IBM Security 2024Of all cyber attacks target SMEs and the public sector. Less IT capacity means a higher chance of success for an attacker.
Verizon Data Breach Investigations Report 2024I attack your web application the way an attacker would. I test for OWASP Top 10, logic flaws and access control issues. The report describes per finding how it can be exploited and what your development team can do to fix it.
↳ Clarity on which vulnerabilities are genuinely exploitableYour servers, networks and API endpoints are just as vulnerable as the application itself. I look for misconfigurations, exposed services and privilege escalation — things an IT administrator rarely encounters because they only become visible when thinking like an attacker.
↳ Overview of your full external attack surfacePatching without verification is guesswork. After fixes are applied, I retest to confirm the vulnerabilities are actually resolved. You receive written confirmation you can use with regulators or management.
↳ Official proof of remediation, in writingNot ready for a full pentest yet, but want to know where you stand? Or unsure about the architecture of a new application? I review and give honest advice — including if the advice is that you don't need a test yet.
↳ Clear advice without having to buy a test immediatelyOne-day session from €1,000 · multi-day engagements lower per day · retest included
Resync deliberately has no account managers or junior staff. You work with the same person from start to finish. I don't outsource and don't involve anyone else.
I have worked with municipalities, healthcare organisations and educational institutions and understand what is at stake: personal data, legal obligations and continuity of service. That requires a different approach than a typical startup.
OSCP, eWPTxv2 and a Master's in Cyber Security are not just credentials. I can penetrate systems in ways that a scanner will never find — which is precisely what manual testing is about.
Citizen portals, internal applications and chain systems. Municipalities are legally required to demonstrably have their security in order under the Cybersecurity Act.
EHR systems, patient portals and medical devices on the network. NEN 7510 requires demonstrable information security — a pentest is the standard form of evidence.
Student registration systems and portals at schools and universities. IBP frameworks require demonstrable security for personal data.
Extremely sensitive files, limited IT capacity. Large agency prices are beyond reach for small firms — Resync offers a fixed-price alternative.
Scale-ups pursuing SOC 2 or ISO 27001 won't pass the audit process without a pentest report. I ensure the report aligns with the requirements.
Apps built with Cursor, Bolt or Lovable contain predictable vulnerabilities: IDOR, exposed API keys, missing endpoint authorisation. Scanners rarely catch them — manual testing does. Dedicated offer →
Free discovery call. What is in scope, what do you need to know, what is off-limits — everything on paper before we agree to anything.
You know the cost and deliverables upfront. No hourly billing, no hidden overruns.
Fully manual execution. Not an automated scanner you could run yourself.
Executive summary and technical findings with reproduction steps. Useful for both the CISO and the board.
After patching, I verify that findings are genuinely resolved. Only then do I close the engagement.
No obligations · Response within 1 business day
All quotes at Resync are fixed prices. You know exactly what you pay upfront, no surprises. A single-day focused session starts around €1,000. A full web app pentest of 3–5 days is cheaper per day the more scope you include. Send a request via the contact form and you'll hear within one business day what to expect.
A web application penetration test takes an average of 3 to 5 working days. Infrastructure tests vary based on scope. After intake you receive an exact schedule. Total turnaround from intake to final report is typically 1 to 3 weeks.
Small and medium organisations are a popular target because attackers know there is less security capacity. NIS2 also requires an increasing number of organisations — including SMEs and public sector entities — to demonstrably have their security in order.
A pentest is relevant for any organisation that handles confidential data or is legally required to demonstrate it takes security seriously.
Then you have written proof that your systems withstood a manual attack by a certified tester. That is also a valuable result — for regulators, clients or your own board.
All findings, system documentation and communications are subject to strict confidentiality. A standard NDA is signed for every project. Your data is never shared or stored outside the project.
Yes. Your IT partner manages your systems, but doesn't think like an attacker. Most vulnerabilities I find are not visible to routine IT management because they are discovered by creatively misusing logic and configurations in ways that never arise during normal operations.
One conversation is enough to clarify whether and how I can help. Free, no obligation and a response within one business day.
Tell me in a few sentences about your application or question. I respond within one business day and won't send a quote unless you want one.