18-Phase Methodology

Every engagement follows a structured 18-phase offensive security assessment built on OWASP Testing Guide v4.2 and PTES. Every finding is scored with CVSS v4.0 and mapped to the compliance frameworks your auditors require.

OWASP Testing Guide v4.2PTESNIST CSF 2.0CVSS v4.0
Assessment Phases

18-Phase Offensive Methodology

Engagement Deliverables

9 Core Deliverables

01

Pentest Plan

Both

Scope, methodology, and approach documentation

02

Executive Summary

C-Level

Risk overview and business impact for stakeholders

03

Technical Findings Report

Developers

Detailed findings with PoCs and reproduction steps

04

Remediation Priority Matrix

Both

Severity × effort with recommended fix order

05

Remediation Code

Developers

Copy-paste fixes in your language and framework

06

Audit Log

Both

Complete record of everything tested

07

Finding Index

Both

Summary table of all findings organized by severity

08

Attestation Letter

Compliance

Formal verification of assessment completion

09

Pricing Recommendation

Client

Post-fix retainer and follow-up pricing

Additional Documentation

System Architecture Documentation

Full infrastructure mapping built during reconnaissance and refined throughout the engagement

Gap Analysis

Documents what wasn't tested and why — scoping decisions, out-of-scope items, and recommendations for future assessments

Compliance Mapping

Standards & Compliance

Every finding includes:

CVSS v4.0 score with full vector string

CWE classification

OWASP Top 10 2025 mapping

OWASP API Top 10 2023 mapping (where applicable)

NIST CSF 2.0 category

SOC 2 Trust Services Criteria

Supported Compliance Frameworks
SOC 2PCI DSS 4.0HIPAADORAGDPR / CCPANIST CSF 2.0

Ready to Start?

Get a full 18-phase security audit with compliance-mapped findings and remediation code in your stack. Money-back guarantee if we find nothing actionable.

Book an AuditFree Scan
Join the Pro Waitlist