Cholds

Penetration testing

Attack yourselves before someone else does.

Expert-led penetration tests of your applications, perimeter, and cloud — with findings published to your portal as testing progresses, not weeks later in a PDF.

Engagement · Web applicationTesting
  • IDOR on invoice exportHigh
  • Session fixation on SSO callbackMedium
  • Verbose stack traces on 500sLow

3 findings published · testing continues · day 4 of 10

What we test

Three engagement types, one standard of depth.

Web application

Apps · APIs · Auth flows

Authenticated and unauthenticated testing of your web apps and APIs against the OWASP Top 10 and beyond — access control, injection, session handling, business logic.

External network

Perimeter · DNS · Exposed services

Your internet-facing perimeter, the way an attacker sees it: exposed services, stale DNS, weak TLS, leaked credentials, and the paths between them.

Cloud configuration review

IAM · Network · Storage · Logging

A configuration-level review of your AWS, Azure, or GCP estate — IAM policies, network boundaries, storage exposure, logging gaps — mapped to hardening baselines.

Something else in mind — mobile app, internal network, bespoke scope? Tell us what you need.

Methodology

Scope → Test → Report → Retest.

Every engagement runs through the same four stages, tracked in your portal from the day scoping starts to the day the last fix is verified.

01

Scope

We agree targets, test windows, credentials, and rules of engagement together — so testing is thorough where it matters and safe everywhere else.

02

Test

Cholds testers work the scope manually, tool-assisted where it helps. Findings are published to your portal as they're confirmed — no waiting weeks for a PDF to learn about a critical.

03

Report

A full report lands in your portal: executive summary for leadership, and per-finding detail — severity, affected assets, reproduction steps, remediation guidance — for your engineers.

04

Retest

Fix, then request a retest per finding from the portal. We verify the fix, update the finding's status, and issue a retest letter you can hand to customers and auditors.

Deliverables

A report your engineers act on — and your customers accept.

Everything lives in the same portal Cholds compliance customers already use: findings from the moment they’re confirmed, the final report, and the retest record.

Get started

Request an engagement.

Tell us what you’d like tested and we’ll come back within one business day to scope it. Already a Cholds customer? Request a pentest from your portal.