🎯 Free Website Audit. Get Yours →
Optimum Web
Multi-FrameworkISO 27001NIS2CR-CROSS-07

Penetration Test — External Infrastructure & Cloud

External infrastructure + cloud pentest. CREST/OSCP tester. Up to 20 hosts + one cloud env. Executive + technical report. Retest included. €699 fixed. 8 days.

Penetration Test — External Infrastructure & Cloud by Optimum Web is a fixed-price compliance service covering GDPR Art. 32 + ISO 27001 A.8.8 + NIS2 Art. 21 + DORA basic testing. It costs €699 with 8 business days delivery by senior security engineers. Executive summary for leadership (risk overview, business impact). 14-day warranty included.

Covers: GDPR Art. 32 + ISO 27001 A.8.8 + NIS2 Art. 21 + DORA basic testing

4 clients served this month
4.8·172 clients·25 yrs

"Senior engineers who actually deliver what they promise. Rare."

Thomas K., IT Manager · Austria

€699
Fixed price, VAT excluded
8 business daysSenior only
Executive summary for leadership (risk overview, business impact)
Technical report with PoC screenshots and CVSS 3.1 severity scoring
Prioritised remediation roadmap with effort estimates
One free retest of critical and high findings within 30 days
🛡️
14-Day Money-Back Guarantee
Issue recurs? We fix it free or refund in full. No questions asked.

Secured by PayPal · 256-bit SSL encryption

or order without payment
+373 22 843569
PayPal · SSL
👨‍💻 Senior only
14-day warranty
🆔 CR-CROSS-07

This Service Covers

GDPRArticle 32 — Regular testing of technical measures
ISO 27001A.8.8 — Management of technical vulnerabilities; A.8.29 — Security testing in development
NIS2Article 21 — Cybersecurity risk-management measures

What You Get

Full penetration test of your external-facing infrastructure. Scope: up to 20 external IPs/hosts, one cloud environment (AWS/Azure/GCP) configuration review, IAM misconfigurations, perimeter services (mail, DNS, VPN). Deliverables: executive summary, detailed technical report with PoC screenshots, CVSS 3.1 severity scoring, prioritised remediation plan, one retest of critical findings. Performed by CREST or OSCP certified tester.

Who Needs This

  • Companies that handle EU personal data and need GDPR Art. 32 evidence
  • Organisations pursuing or maintaining ISO 27001 / SOC 2
  • NIS2 essential/important entities ahead of audit deadline
  • Businesses serving enterprise EU clients that require pentest reports
  • Anyone whose last external pentest is more than 12 months old

ONGOING COMPLIANCE

Don't Want to Think About Compliance Every Quarter?

Compliance-as-a-Service: €729/month. We handle reviews, scans, documentation, security questionnaires. Your outsourced compliance officer.

Start CaaS — €729/month

Ready to Start?

€699 · 8 business days · 14-day warranty

+373 22 843569

Secured by PayPal · 256-bit SSL encryption

or order without payment

Want ongoing compliance? Compliance-as-a-Service — €729/month

Learn more
CLIENT REVIEWS

What Our Clients Say

4.8 / 5·172 clients · 25+ years

"Senior engineers who actually deliver what they promise. Fixed price, fixed timeline, thorough documentation. Rare combination."

T
Thomas K.
IT Manager · Manufacturing company · Austria

"Worked with 4 agencies before finding Optimum Web. First team that delivered exactly what the scope said, on time."

S
Sophie V.
Operations Manager · Logistics company · Belgium

"The 14-day warranty is real. Had a small follow-up question and it was handled same day, no extra charge."

M
Mikael B.
CTO · B2B SaaS · Germany
Read all reviews on Clutch →

Frequently Asked Questions

Why annual pentest specifically?+
GDPR Art. 32 requires regular testing of technical measures; ISO 27001 auditors expect annual evidence; cyber insurance increasingly requires it.
What's the difference between vulnerability scan and pentest?+
A scan finds known CVEs automatically. A pentest manually exploits findings, chains them, and tests business logic. Auditors and regulators distinguish between the two.
Do you test production or staging?+
Production by default — that's where real risk lives. We coordinate testing windows to minimise impact. Staging-only testing is possible but reduces coverage.
What if you find a critical vulnerability mid-test?+
We notify you within 1 hour and pause that vector. You can remediate immediately and we retest.
Is the retest really included?+
Yes, one retest of critical and high-severity findings within 30 days, at no extra cost.
Can the report be shared with our clients?+
Yes — we provide a redacted 'external' version safe to share for procurement and audit purposes.

Also Relevant

Multi-Framework

Penetration Test — Web Application

€539 · 7–10 business days
Multi-Framework

Penetration Test — Internal Network & Active Directory

€729 · 10 business days
Multi-Framework

Penetration Test — REST & GraphQL API

€539 · 7 business days
NIS2

Vulnerability Management Program Setup

€359 · 5–7 business days
+373 22 843569

Secured by PayPal · 256-bit SSL encryption

or order without payment
📞Call Us💬Get Free Quote