🎯 Free Website Audit. Get Yours →
Optimum Web
Risk Management & Incident Response

Vulnerability Management

Scanning, penetration testing, phishing simulation.

8 services · Fixed price · 14-day warranty · Senior engineers only

Vulnerability Management Pro… (€359)Penetration Test — Web Appli… (€539)Security Awareness Phishing … (€229)Penetration Test — External … (€699)Penetration Test — Internal … (€729)Penetration Test — REST & Gr… (€539)Penetration Test — Mobile Ap… (€729)Secure Coding Training for D… (€449)
NIS2CR-NIS2-08

Vulnerability Management Program Setup

Complete vulnerability management program: automated scanning, CVSS prioritization, remediation SLAs, patch management. Covers NIS2, ISO, SOC 2, PCI DSS. €359.

€359 5–7 business days
14-day warranty
Multi-FrameworkCR-CROSS-02

Penetration Test — Web Application

Manual web application pen test by senior engineer. OWASP Top 10 + business logic + API testing. Proof-of-concept for findings. Covers 5 compliance frameworks. €539.

€539 7–10 business days
14-day warranty
Multi-FrameworkCR-CROSS-06

Security Awareness Phishing Simulation

Controlled phishing simulation: 3 waves of escalating difficulty, real-time tracking, department analytics, awareness training. Covers NIS2, ISO, SOC, PCI. €229.

€229 5–7 business days
14-day warranty
Multi-FrameworkCR-CROSS-07

Penetration Test — External Infrastructure & Cloud

External infrastructure + cloud pentest. CREST/OSCP tester. Up to 20 hosts + one cloud env. Executive + technical report. Retest included. €699 fixed. 8 days.

€699 8 business days
14-day warranty
Multi-FrameworkCR-CROSS-08

Penetration Test — Internal Network & Active Directory

Assumed-breach internal pentest. Active Directory attack path mapping, lateral movement, privilege escalation. CREST/OSCP tester. Retest included. €729. 10 days.

€729 10 business days
14-day warranty
Multi-FrameworkCR-CROSS-09

Penetration Test — REST & GraphQL API

OWASP API Top 10 manual test. Up to 50 endpoints, REST or GraphQL. Auth flow review. Retest included. SOC 2 / ISO 27001 ready. €539 fixed. 7-day delivery.

€539 7 business days
14-day warranty
Multi-FrameworkCR-CROSS-10

Penetration Test — Mobile Application (iOS or Android)

OWASP MASVS mobile pentest for iOS or Android. Static + dynamic analysis, keychain inspection, jailbreak bypass testing. Retest included. €729. 10 days.

€729 10 business days
14-day warranty
Multi-FrameworkCR-CROSS-11

Secure Coding Training for Developers

Live 4-hour secure coding workshop for up to 15 developers. OWASP Top 10 + your tech stack. Attendance certificates for ISO/NIS2 audit evidence. Recording included. €449.

€449 5 business days
14-day warranty

Compare Services

ServicePrice
NIS2
Vulnerability Management Program Setup		€359Details →
Multi-Framework
Penetration Test — Web Application		€539Details →
Multi-Framework
Security Awareness Phishing Simulation		€229Details →
Multi-Framework
Penetration Test — External Infrastructure & Cloud		€699Details →
Multi-Framework
Penetration Test — Internal Network & Active Directory		€729Details →
Multi-Framework
Penetration Test — REST & GraphQL API		€539Details →
Multi-Framework
Penetration Test — Mobile Application (iOS or Android)		€729Details →
Multi-Framework
Secure Coding Training for Developers		€449Details →

Frequently Asked Questions

Which vulnerability scanner do you use?+
OpenVAS (open source, no licensing cost) for most clients. Nessus or Qualys if you have existing licenses. Cloud-native scanners (AWS Inspector, GCP Security Command Center) for cloud-only environments.
Will scanning affect our production systems?+
Vulnerability scans are non-intrusive by default. We schedule internal scans during maintenance windows. External scans are throttled to avoid triggering WAF or rate limits. Production impact is negligible.
What are the remediation SLAs?+
Industry standard: Critical (CVSS 9.0+) within 24 hours, High (7.0-8.9) within 7 days, Medium (4.0-6.9) within 30 days, Low (0.1-3.9) within 90 days. We customize based on your risk appetite.
Does this satisfy PCI DSS quarterly scanning requirement?+
Yes. PCI DSS Requirement 11.3 requires quarterly external ASV scans and internal scans. Our program exceeds this with weekly external and monthly internal scanning.
How does this differ from a penetration test?+
Vulnerability scanning is automated, broad, and frequent. Penetration testing is manual, deep, and targeted. Scanning finds known vulnerabilities; pen testing finds complex attack paths. You need both.

Also in Risk Management & Incident Response

Risk Assessment

Risk registers, treatment plans, information security policies.

3 services

Incident Response

Response plans, reporting workflows, 24-hour NIS2 alerts.

4 services

Business Continuity

BCP/DRP, disaster recovery, digital resilience testing.

3 services

Security Monitoring (SIEM)

Centralized logs, anomaly detection, alerting dashboards.

2 services
€5

Not Sure Where to Start?

Our IT Health Check finds every compliance gap in your infrastructure. 1 business day. You get a prioritized list of what to fix.

IT Health Check — €5

Not sure which service you need?

Free Consultation ← Back to Risk Management & Incident Response
📞Call Us💬Get Free Quote