PentestSA is a specialist offensive security consultancy delivering expert penetration testing, adversary simulation, and security assessment services. Our team of certified professionals brings deep expertise in identifying vulnerabilities that matter - the ones real attackers exploit.
We operate with transparency in our methodology and tradecraft, empowering your teams to understand not just what we found, but how we found it. Every engagement delivers actionable intelligence and remediation guidance that directly improves your security posture.
Our mission is simple: help organisations understand their true security exposure through the lens of a sophisticated adversary, then provide the expertise to close those gaps.
Offensive Security Services
Expert-Led Security Assessments
Our services go beyond checkbox compliance. We deliver comprehensive, adversary-focused assessments that expose real vulnerabilities and provide actionable remediation guidance tailored to your organisation's risk profile.
Web Application Testing
Third-party expert assessment of web applications against sophisticated attack techniques. Our manual, deep-dive methodology uncovers business logic flaws, authentication bypasses, and injection vulnerabilities that automated scanners miss.
Mobile Application Testing
Comprehensive security evaluation of iOS and Android applications. We assess client-side vulnerabilities, API security, data storage practices, and runtime manipulation risks across your mobile ecosystem.
Infrastructure Penetration Testing
Systematic assessment of your network infrastructure against advanced adversaries. We evaluate internal and external attack vectors, identify lateral movement paths, and map privilege escalation routes to critical assets.
Red Team Operations
Adversary simulation exercises that test your organisation's detection and response capabilities. Our multi-vector approach targets people, technology, and physical security simultaneously, providing realistic training scenarios for your defence teams.
Configuration & Build Reviews
Expert evaluation of server configurations, cloud deployments, and infrastructure builds against industry security standards. We identify misconfigurations, hardening gaps, and compliance deviations before they become attack vectors.
Active Directory Security Assessment
Comprehensive analysis of your Active Directory environment to identify attack paths, privilege escalation vectors, and credential vulnerabilities. Includes domain password audits and Kerberos security evaluation.
API Security Assessment
In-depth manual analysis of REST, GraphQL, and SOAP APIs. We evaluate authentication mechanisms, authorisation controls, input validation, and business logic to secure your data exchange endpoints.
Wireless Security Assessment
Evaluation of enterprise wireless infrastructure including WPA/WPA2/WPA3 implementations, rogue access point detection, client isolation, and network segmentation to secure your wireless attack surface.
Social Engineering & Phishing
Targeted campaigns that assess your organisation's human attack surface. We simulate real-world phishing, vishing, and pretexting attacks to measure security awareness and identify training opportunities.
Cloud Security Assessment
Comprehensive evaluation of your cloud environment across AWS, Azure, and GCP. We assess network segmentation, identity and access management, storage configurations, and security controls to identify misconfigurations and accidental exposures before attackers do.
Request a Quote
Get a Customized Quote for Your Penetration Testing Needs
Fill out the form below and we'll get back to you within 24 hours
Project Scoping Assessment
Help Us Understand Your Security Testing Requirements
Complete the scoping form and we'll provide a customized proposal within 24 hours
Expertise and Skills
Our Certifications
Just some of our industry leading certifications
OSCP
Offensive Security Certified Professional
OSEP
Offensive Security Experienced Penetration Tester
OSWP
Offensive Security Wireless Professional
eWPTXv2
eLearnSecurity Web Application Penetration Tester eXtreme
CRTP
Certified Red Team Professional
CARTP
Red Team Professional for Azure
CRTE
Certified Red Team Expert
Volume Discounts on Bundle Days
Choose the ideal plan for what you need. We work with affordable prices for all types of pocket.
Essential Plan
R13,895
1-20 days Discount rate @ 0% Used For ANY service requirement
MOST POPULAR
Standard Plan
R13,050
21-40 days Discount rate @ 6% Used For ANY service requirement
Premium Plan
R12,505
41-60 days + Discount rate @ 10% Used For ANY service requirement
Secure Client Portal
Try Our Interactive Demo!
Experience our enterprise-grade client portal with multi-factor authentication
Demo Mode Active
Use any email and password to login - perfect for testing and presentations
Multi-Factor Authentication
Enter any 6-digit code to experience our MFA security layer
Real-Time Dashboard
View your security assessments, reports, and vulnerabilities
Enterprise Security
Built with the same security standards we use for our clients
Demo Credentials: demo@pentestsa.com / demo123 Other Logins: admin@pentestsa.com or analyst@pentestsa.com
Application Penetration Testing Scoping
The scoping of a penetration test is crucial and can greatly impact its success. It is essential to establish clear and well-defined scopes for engagements in order to maintain granularity, cost-effectiveness, and focus.
Focused Application Testing
A focused application penetration test is a time-limited test that is tailored to the complexity of the application.
Please note that these time estimates are approximate and can vary depending on various factors such as the size and intricacy of the application, the testing methodology employed, and the available resources.
Size
Scope
Price Range
Small
Small, single purpose application. Up to five pages of dynamic content.
R35,000 - R55,000
Average
Average application, multiple roles, up to 25 pages of dynamic content.
R75,000 - R95,000
Large
Large application, multiple roles, up to 50 pages of dynamic content.
R115,000 - R135,000
Enterprise
Enterprise or flagship application, any number of roles and pages of dynamic content.
R155,000+
Ready for an Estimate?
Choose the best way to engage with us. Our consultation is completely free and comes with no obligations.
We'll get back to you within 24 hours with a detailed quote tailored to your specific needs.
About PentestSA
Our Approach to Offensive Security
We approach every engagement from an adversary's perspective. Our methodology combines manual expert analysis with deep understanding of attacker tradecraft to uncover the vulnerabilities that pose genuine risk to your organisation.
We don't run automated scans and call it a pentest. Every assessment is hands-on, expert-led, and focused on finding what matters. If we're not the right fit for your needs, we'll tell you upfront.
./methodology
Adversary-driven, manual testing focused on real-world attack paths - not checkbox compliance scans
./transparency
Knowledge transfer, not vendor lock-in. We detail how we found it, empowering your teams to detect and defend
./outcomes
Clear, prioritised findings with actionable remediation guidance focused on genuine business impact
./partnership
Ongoing retesting, advisory support, and continuous assessment programmes that mature your security posture
./reporting
Detailed technical reports, executive summaries, and compliance mapping tailored to your audience
./improve
We help you track remediation progress and measure security posture improvement over time
Latest Insights
Stay updated with the latest cybersecurity trends, penetration testing techniques, and industry best practices
8-Part SeriesTutorials
The Hacker's Arsenal: Beginner's Guide to Web Security
January 2025 • By PentestSA Team
A comprehensive 8-part series taking you from zero to hacker. Learn XSS, SQL Injection, authentication attacks, session hijacking, CSRF, and more with hands-on labs. No experience required.
IDOR vulnerabilities, privilege escalation, and the Optus breach case study. Learn how broken access control became the most critical web vulnerability...
Our consultants are experienced offensive security professionals with proven track records in real-world engagements. Every team member brings deep technical expertise across multiple domains - from web application security to Active Directory attack paths to cloud infrastructure.
We maintain rigorous hiring standards: comprehensive technical assessments, background verification, and a minimum of 5-10 years hands-on experience. Only the top candidates join our team.
Every consultant holds OSCP certification at minimum, with many holding advanced certifications including OSEP, CRTP, and CARTP. But certifications are just the baseline - it's the real-world experience that matters.
./break
We find vulnerabilities that others miss through manual, expert-led testing
./analyse
We understand attack paths and business impact, not just technical findings
./advise
We deliver actionable guidance that improves your security posture
Don't wait until after a Compromise!
Contact us today to secure your organization
×
Request a Quote
Get a customized quote for your penetration testing needs
✓
Thank You!
Your quote request has been submitted successfully. We'll get back to you within 24 hours.
×
Project Scoping Assessment
Help us understand your security testing requirements
✓
Scoping Form Submitted!
Thank you for providing detailed information. Our team will review and contact you within 24 hours with a customized proposal.
