• Client Login
  • IT Services

    $995 Penetration Test

    Superior Consulting has been engaged in the performance of IT review and security testing services for the banking industry since 2003. Our experienced personnel have worked with hundreds of financial institutions in the evaluation of their network security and internal control systems. Beginning in 2013, we began offering our IT security testing services to other industries, in part through our fixed price, non-exploitative $995 Penetration Testing service. Learn more about this great service offering below.
    Key Features
    $995 Fixed Price
    TEST UP TO 25 INDIVIDUAL IP ADDRESSES
    EXTENSIVE FORMAL THREAT REPORT
    #NOGIMMICKS GUARANTEE

    Why should you consider this service?

    Identify Security Vulnerabilities
    Assess the condition of your external network interface and monitor for patching issues, configuration errors, or other vulnerabilities.
    Satisfy Legal and Regulatory Requirements
    Let us assist in meeting your legal and regulatory obligations under GLBA, HIPAA, PCI-DSS, and consumer protection laws and regulations.
    Safeguard Corporate Reputation and Data
    Let us help maintain your reputation as cybersecurity, legal, or regulatory incidents have increasingly large reputational costs in addition to other penalties.
    Improve Oversight of IT Functions
    External consultants like Superior can help you provide greater accountability for both internal staff and outsourcing partners like managed service providers.
    Increase Business Continuity
    Technical security breaches are costly affairs and may not only expose sensitive data, but can also result in downtime for key systems.
    Monitor Security Strategy and Investment
    Our services provide a window of feedback to monitor the effectiveness of efforts to manage and remediate cybersecurity, compliance, and other risks.

    What are the deliverables from this service?

    Formal Report of Review, including:
    • Scope of Work Report
    • Technical Report of findings from our testing
    • Appendices detailing results for all designated IPs or URLs
    • Access to vendor knowledgebase for support for identified vulnerabilities

    Common Questions

    In order to clarify any questions you may have regarding this service, we have provided a series of common questions below. Also, Please be sure to read the Terms & Conditions of this advertisement for further information.
    Testing Process
    What does the penetration test cover and how will it be performed?
    This service is an off-site, non-exploitative test of up to 25 individual Internet Protocol (IP) addresses or URLs owned or controlled by your organization. To perform this service, you must designate the IP addresses you wish to be tested, and we will perform testing using our toolkit of automated testing solutions.
    The IT security industry has not yet developed consistent or standardized terms for describing the specific characteristics of penetration tests or vulnerability assessments. In many settings, the terms ‘penetration test’ and ‘external vulnerability assessment’ may be used interchangeably, while in other settings a ‘penetration test’ may refer to more in-depth testing that seeks to actively exploit detected vulnerabilities in order to compromise (or demonstrate the ability to compromise) specific systems or assets. When we describe our testing as non-exploitative, we are referring to the fact that we will report on detected vulnerabilities or weaknesses but we will not attempt to actively exploit these findings. Within the context of this service, the terms penetration test and external vulnerability assessment are generally synonymous. We consistently use the term ‘penetration test’ to describe this service because this is the label most familiar to our clients.
    Our toolkit is constantly reviewed to ensure we are able to meet the challenges presented by a continuously evolving security environment. Representative tools we have used include Nessus, Nexpose, Metasploit, & Retina. The tool(s) selected for your engagement may vary based on our perception of the appropriate tool necessary to properly assess your environment. As a rule, we only utilize subscription-based tools in order to ensure we are using tools with updated definition files to facilitate testing for recently emerged exploits or vulnerabilities.

    We’re a professional service firm that was founded in 2003 and has worked extensively in the banking industry in the midwestern United States. We value our reputation for competence and honesty and we’ll do everything in our power to deliver on our commitments to you. As a former senior FDIC IT examiner, our CEO understands the obligations we have to our clients and that our reputation is our most valuable currency.

    One of the characteristics that set us apart from the competition is the manner in which we structure our IT audit teams. Many firms utilize individuals with a traditional audit background to perform testing services. Although these individuals may possess credentials such as the CISA or CEH, many do not have practical work experience as a network administrator, which diminishes their ability to understand the mechanics or results of a penetration test since they haven’t worked directly with the technologies or systems being audited. Instead of this approach, we have been fortunate to maintain blended teams that include personnel with experience in the administration of complex network environments and personnel with more traditional IT audit experience, as they generally have a better knowledge of internal control systems and audit practices. In practical terms, this approach yields more in-depth, technical IT assessments while ensuring that we fulfill all necessary audit functions and provide a comprehensive evaluation of your environment.

    For our penetration testing services, you will work with one of our experienced technical IT auditors, which provides our firm with the ability to discuss – in detail – the findings of our review with your internal IT personnel or 3rd party network services providers or vendors. We actively attempt to filter false positives or errors generated by our automated tools before providing you with a report and our auditors are available to discuss your findings in detail after the conclusion of our testing.
    Your test will be performed by direct employees of Superior Consulting, LLC. At present, all of our employees are based in the United States, subject to extensive criminal and civil background checks, and have confidentiality agreements with our firm. We will not utilize 3rd party contractors to perform any of our testing without providing prior notice to you and, unless otherwise stated, all testing will be performed by our direct employees. We do not outsource any testing or assurance activities outside of the United States.
    Absolutely. We frequently performing testing services on systems hosted by Amazon Web Services, Microsoft Azure, and other cloud providers. Please note: these providers commonly require YOU to request and obtain permission from them prior to the start of any testing. It is your responsibility to obtain this permission and provide documentation to this effect to our personnel prior to the commencement of any testing.
    Timing & Cost
    When can the testing be performed?
    Performance of testing requires an executed engagement letter between Superior and your company. Once we have the appropriate contracts in place, testing can ordinarily be scheduled to commence within the next 48 – 72 hours; however, expedited testing may be available upon request.
    Our $995 service fee provides for the performance of a single test at a time of your choosing. We also offer more frequent testing intervals, which may or may not be further discounted depending on size and frequency. Many organizations perform testing on a predefined schedule, such as monthly, quarterly, or semi-annually. As a best practice, we strongly encourage all organizations to perform a penetration test after any changes to your firewall configurations or installation of new, externally-facing hardware. An external penetration test is the only way to effectively validate that these changes did not result in the creation of new vulnerabilities. Periodic penetration testing is also an excellent mechanism for demonstrating the effectiveness of your overall monitoring program to regulatory authorities, customers, and internal users.

    This is the easiest question we receive – the answer is simple: value and transparency. In an effort to simplify the morass of different terms and highly variable – often excessive – pricing for this service, we decided to develop a competitive, value-based, fixed priced offering based on the needs of our clients. We believe our fixed $995 pricing represents a clear and equitable price for this service. By the way, when we say $995, we mean it! As stated above and below, the $995 test covers 25 external IP addresses and includes a formal report written by our personnel (not just a canned automated report). This price does not cover re-testing, more than 25 IP addresses, multiple testing reports, or services rendered outside the normal course of the engagement (e.g. depositions, regulatory responses, extensive post-engagement consultation). We’re happy to offer those services as well, but in order to deliver on our fixed $995 price, those are necessarily outside of the scope of our engagement.

    Unfortunately, we can’t control what other firms charge, but we can control our own prices and quality of work. Superior Consulting has been working with financial institutions throughout the Midwest since 2003. During that time, we have developed an excellent reputation as one of the leading providers of consulting services to banks and data centers in this region. We can certainly provide a list of bank or other industry references to you upon request. Our audit personnel are consummate professionals and have over 80 years of combined experience in the banking and IT industries.
    Reporting
    How are test results reported?
    We issue a formal report for all of our review services. This report will include an overview of the findings from our test (management report), as well as any recommendations regarding remediation. A copy of the full automated testing results will be included as an appendix to our report. To reiterate the above, the management report is written directly by our personnel and the results of any scanning are added as an addendum, with our goal being that the final deliverable from our engagement will be polished and understandable.
    We issue all of our reports in electronic format (PDF) via our proprietary secure website or via secure e-mail. Report turnaround time generally requires one to two weeks in order to process the report through our internal quality control function; however, expedited issuance of reports is available upon advance request.
    Absolutely, please Contact Us if you would like to obtain a sample external penetration testing report.
    Re-testing & What if?
    I have over 25 IP addresses to test – can Superior provide testing services for my organization?
    Certainly. Please Contact Us in order to receive a customized proposal specific to your environment and the volume of addresses you require to be tested. We regularly provide testing for organizations with more than 25 distinct external IP addresses; however, we find that most organizations have less than 25 addresses that require testing, which is why we’ve set our pricing threshold at this level.
    Can you provide a rough estimate of the additional cost for IP addresses in excess of 25?
    Sure. As a rule, our pricing works on a block basis, so each additional block of up to 25 IP addresses will result in an additional $995; however, we occasionally offer discounts in order to ensure our pricing is equitable. Please Contact Us to discuss the specifics of your situation.
    Is re-testing included in the $995 price and, if not, do you offer this service?
    Re-testing is not included in the $995 price. Our goal with the $995 price is to deliver a fair value to all our clients regardless of whether or not a given client requires re-testing services. In consequence, our service offering is not padded with additional time or margins that may or may not be justified depending on your decision to request re-testing. If re-testing is required, we do offer this service at a reasonable additional fixed fee of $595 for a single re-test including the issuance of another formal report OR a discounted fee of $295 for a re-test without an additional formal report.
    Can you issue multiple reports for your $995 Penetration Test? I have several wholly-owned subsidiaries in other countries that require separate formal reports, even though all IPs are owned by our parent company.
    Yes, we are able to issue additional formal reports that separate the results of our testing, but an additional cost may be incurred. As stated above, our $995 pricing is a fixed price for delivery of a very inclusive yet specific service offering. We don’t pad our pricing to cover deviations from the norm, so changes of this nature may result in an additional charge. We always commit to keep any additional costs fair and commensurate to the cost of the underlying engagement.
    I’m looking for a red team/blue team, blackbox, double blind, exploitative penetration test. Does your $995 test satisfy this requirement?
    No! We strongly encourage you to read our statements and responses above and our Terms & Conditions below. Our $995 test is, as referenced, a non-exploitative assessment principally utilizing automated vulnerability scanning tools. If you have specific needs that are not encompassed by the scope of this offering, please Contact Us as we’re happy to help you evaluate them; however, please understand this service is not designed to replace an intensive, multi-week, and technically complex testing service.
    Terms & Conditions

    This advertisement represents an ‘invitation to treat’ and any acceptance of the advertised terms will not be considered a binding contract, which requires the written execution of an engagement letter with Superior Consulting, LLC. This engagement letter includes additional restrictions and limitations regarding the advertised service and must be executed before the commencement of these services. The terms stated above, as well as through any mailings, brochures, or electronic advertisements, may be amended, or this advertisement may be revoked or cancelled, at any time by Superior Consulting, LLC, with or without notice.

    As advertised above, the stated service fee will cover the performance of off-site, non-exploitative testing services for up to 25 individual external Internet Protocol (IP) addresses or URLs specified by the client. This testing will be conducted using automated tools of our choice and we will rely upon information provided to us by the client in the performance of this test. At the conclusion of our testing, we will issue a report to the client in electronic format via secure e-mail or our secure website. The terms advertised above are only available to formally organized business or non-profit entities located in the United States. Entities located outside the United States should contact us for further information regarding these services.

    Let’s work together. Become a Reseller of our IT Services.

    Augment your service offerings with our suite of fixed price IT security services and deliver the value your customers deserve.
    Branded Reports
    Communication
    Dedicated Expert
    Consistent Quality
    Learn More or Ask a question
    Our Services
    Services

    Thank you! Your message has been sent successfully.

    We’re here for you. Say hi.

    Request a call back
    Please complete the contact form to request a call from our sales team. We always try to return your call back requests within one business day, but if you need immediate assistance, please don't hesitate to call us at:
    Please Note, our office hours are:
    Monday-Friday: 8:00 AM to 5:00 PM CST
    (Excluding federal banking holidays)

    Thank you! Your message has been sent successfully.

    (including callback preferences)
    Request a report sample
    Please complete this form to receive a sample report via e-mail.

    TThanks for your request! You should be receiving an e-mail with an attached sample report soon.

    (including a report preferences)