OSI Security - Penetration Testing & Web Application Security Consultants
  • Home
  • Try
  • Pricing
  • Services
    • Managed Monthly Penetration Testing Service
    • Managed Quarterly Penetration Testing Service
    • Email Security Review
    • Request a quote for Penetration Testing
    • Bug Bounty Penetration Test
    • Remote Support
  • Solutions
  • Company
    • Advisories
    • Customers
    • News and Press Releases
    • Blog
    • Contact
    • Careers
  • Home
  • Try
  • Pricing
  • Services
    • Managed Monthly Penetration Testing Service
    • Managed Quarterly Penetration Testing Service
    • Email Security Review
    • Request a quote for Penetration Testing
    • Bug Bounty Penetration Test
    • Remote Support
  • Solutions
  • Company
    • Advisories
    • Customers
    • News and Press Releases
    • Blog
    • Contact
    • Careers

Free* Penetration Testing

Only pay for valid vulnerabilities. If we don't find anything, it is completely free.

Since 2011, OSI Security has been providing free penetration testing services...

A Result based Penetration Test is suitable for;
  • Small businesses which cannot afford a traditional Time-costed penetration test.
  • Businesses which have never had a penetration test before.
  • Enterprise and corporations which have conducted costly penetration tests in the past, with minimal risks identified.

​How it works...

We charge a fee per vulnerability discovered, relevant to its class of vulnerability.

Pricing...

  • We conduct both automated scanning and manual human penetration testing at no cost. Our experts have over 15 years commercial experience in penetration testing and exploit development. 
  • We will issue a report including IP addresses, DNS records and URLs with the issue explained and solution at no cost.
  • However, we charge for successfully identifying vulnerabilities and risks:
    • Informational issues are completely free (such as weak SSL encryption or test pages, spelling mistakes in production).
    • Low risk vulnerabilities, such as Cross-site scripting (XSS) or default passwords are billed at $300 ex GST per issue.
    • Medium risk vulnerabilities, such as SQL injection or information leaks are billed at $1500 ex GST per issue.
    • High and critical vulnerabilities, such as system compromise or code execution are billed at $3000 ex GST per issue.
  • Note: In some circumstances, risks may change depending on client environment. For example, a Cross-site scripting vulnerability (XSS) may be low risk in a SMB client where no website authentication is required. The same vulnerability within an online e-commerce, credit union or banking system would normally be critically high risk due to the potential impact of the client - which may change the fee.

​Terms & Conditions

  • Application is restricted to Australian entities only. Corporate, government, charity, not for profit and sole traders, trust, or partnerships. 
  • ​Vulnerability risk, and therefore, "Fee", may change depending on risk to client - see note above.
  • Any dispute in relation to the vulnerability type or risk will be mediated with a reputable third party or accepted security standards.
  • OSI Security will notify the client as-and-when a vulnerability is found, as to the nature of the vulnerability and the fee for the class of bug discovered.
  • When applying for a Result based Penetration Test, OSI Security will ask the client to establish a Maximum amount they wish to spend. Assuming we find enough vulnerabilities to reach this limit, the Result based Penetration Test will end and we will contact the Client representative for further instruction.
  • Upon completion of the Penetration Test / Vulnerability Audit, a Report document will be issued to the client in the form of an encrypted PDF document (or other file format as agreed).
  • Any intellectual property developed by OSI Security during the Result based Penetration Test vests in OSI Security and the Client is granted a non-exclusive, perpetual license.
  • OSI Security reserves the right to refuse to provide a Result based Penetration Test for any reason, including but not limited to; where the Client application appears to be fraudulent, technical resources are not available, or for any other reason.
  • Penetration Testing may constitute an Offence under Australian law and local jurisdictions. A signed legal contact is required prior to commencement of the Results based Penetration Test.

    Apply now!

    Business email only. Free email addresses will be ignored, sorry.
Apply now!
NSW Government ICT Services (SCM0020) approved supplier
OSI Security is an approved supplier to the Victorian Government
OSI Security is an approved supplier to the Queensland Government
OSI Security is an approved supplier to the New Zealand Government
Picture
External Penetration Testing
Managed Security Services
​Source Code Review
Web Application Security Testing
Firewall Configuration and Rulesets
WiFi Access Point and Client Auditing
Forensics and Data Recovery
System Hardening and Configuration
Metasploit Pro
Tenable Nessus
Acunetix Web Scanner
Nexpose Vulnerability
Secunia Software Inspection
Elcomsoft Password Cracking
PortSwigger BurpSuite
HP Fortify
 
Contact
Clients
Advisories
Privacy policy
​
Ethics Statement
Disclosure Policy
OSI SECURITY ACN 144 579 751 © 2010 - 2025.
​ALL RIGHTS RESERVED. SYDNEY, AUSTRALIA.
Join newsletter

Picture

OSI Security is proud to support a number of recognised charities, development projects and industry groups...

The Australian Computer Museum Society Incorporated
Hackers Helping Hackers
sqlmap.org
Metasploit Framework
2600-AU Australia