Launch — limited slots
WebApp Pentest
$1,299 $3,499
Max 100 endpoints, 2 RBAC roles. AI scan + human review.
- ✗ HIPAA / PCI-DSS / ISO 27001 / SOC 2
- → Standard scoping
Penetration Testing
Test what you've built — before someone else does.
Manual + AI engagements, transparent pricing, compliance-grade reports. Built for businesses that don't have a security team.
Pricing
Pick the engagement that fits.
AI Pentest
$2,499
Full AI scope across web + API + cloud surface. Human-reviewed.
- ✗ HIPAA / PCI-DSS / ISO 27001 / SOC 2
- → Standard scoping
Recommended
Manual Pentest
$4,999
Full manual engagement + 1 free re-test included.
- ✓ HIPAA / PCI-DSS / ISO 27001 / SOC 2
- → Standard scoping
Annual Coverage
Custom
4 Manual + 8 AI / yr. Limited Clients — application required.
- ✓ HIPAA / PCI-DSS / ISO 27001 / SOC 2
- → Limited Slots — application required
Real tools. Real findings. Reviewed by a human.
AI Pentest vs Manual Pentest
| Feature | AI Pentest | ● Manual Pentest |
|---|---|---|
| Price (from) | $2,499 | $4,999 |
| Tooling | Custom Pentest Agent (Anthropic Cyber Verification Program) — real-world offensive tools | Hands-on by Edoardo (CPENT / LPT Master / OSCP) |
| Human review | ✓ | ✓ |
| Pentester-signed report | ✗ | ✓ |
| Valid for HIPAA / PCI-DSS / ISO 27001 / SOC 2 | ✗ | ✓ |
| Typical turnaround | 24–48 hours | 72 hours |
| Re-test included | — | 1× free re-test |
| Best for | Continuous testing, dev cycles, internal hygiene | Annual audit cycles, regulated workloads |
Indicative scope: the WebApp Pentest launch promo covers a single web application of up to ~100 endpoints and 2 RBAC roles. AI and Manual engagements scale to your environment — additional apps, APIs, cloud accounts, and user roles increase scope. Final scope, price, and turnaround are confirmed in your Rules of Engagement before any testing begins.
Real tools. Real findings. Reviewed by a human.
How the AI Pentest actually works.
Solid Cyber's AI Pentest is powered by a custom-built Penetration Testing Agent, leveraging the Anthropic Cyber Verification Program. Unlike vulnerability scanners that pattern-match CVEs, our agent operates the same offensive tools a human pentester would — reasoning across them in real time, chaining findings, and verifying exploitability. Edoardo personally reviews every report before delivery.
-
Step 01
Scope
We confirm targets, in/out-of-scope assets, allow-listed origins, and any compliance-driven constraints.
-
Step 02
Recon + Mapping
AI agent enumerates the surface in parallel; human review prunes false positives early.
-
Step 03
Exploit + Verify
Real-world tools chain findings to confirm exploitability — not pattern-matched CVEs.
-
Step 04
Report + Re-test
Findings ranked by business impact with remediation. Manual includes 1 free re-test.
Meet your pentester
Edoardo
Founder & Lead Pentester · CPENT · LPT Master · OSCP
My background spans the full IT stack — from 3rd-line hardware and network troubleshooting to high-level cloud security and compliance. This “ground-up” experience lets me understand not just the vulnerability, but the operational impact it has on your business.
— Edoardo, Lead Pentester
Client
A recent engagement.
Penetration Testing
“Exceptional work, Ed guided me through the whole process and made it as seamless as possible.”
Paul P.
Operations Manager
Annual Coverage — Limited Roster
We work with a small roster
— by design.
Annual Coverage is application-only. We protect quality by capping the number of accounts we maintain. If you're scoping continuous offensive testing across the year, start an application.
Penetration Testing FAQ
Is the AI Pentest valid for HIPAA, PCI-DSS, ISO 27001, or SOC 2? +
No. Compliance frameworks require a pentester-signed report as audit evidence, and the AI Pentest report is not signed by a certified pentester. For compliance-grade evidence, choose the Manual Pentest — a signed report reviewed by Edoardo (CPENT, LPT Master, OSCP).
What is the difference between the AI Pentest and a vulnerability scan? +
Vulnerability scanners pattern-match CVEs against known software versions and don't prove exploitability. Our AI Pentest agent runs real offensive tools, chains findings across your attack surface, and verifies exploitability to show realistic attacker paths — far closer to what a human pentester does.
How long does a penetration test take? +
A Manual Pentest typically runs 2–3 weeks from kickoff call to delivered report, plus one free re-test once you've completed remediation. The AI Pentest is faster — most engagements finish within 5–7 business days. Larger or multi-cloud environments take longer.
What size company is this for? +
SMEs — typically 10 to 500 employees, 1 to 50 apps, single or multi-cloud. The WebApp Pentest launch promo specifically caps at 100 endpoints and 2 RBAC roles.
What information do I need to provide before we start? +
We collect your in-scope IP ranges, domains, application URLs, and any credentials for authenticated testing. Everything is formalized in a signed Rules of Engagement that defines scope, authorization, testing windows, and escalation contacts — agreed before any testing begins.
What certifications does your pentester hold? +
Every engagement is led by Edoardo Ciccarelli, who holds CPENT (Certified Penetration Testing Professional), LPT Master (Licensed Penetration Tester Master), and OSCP (Offensive Security Certified Professional). He reviews every report before delivery — no junior analyst working from a checklist.
Can you test cloud environments — AWS, Azure, or GCP? +
Yes — both the AI and Manual Pentest cover cloud attack surfaces: external-facing assets, misconfigured storage, IAM privilege-escalation paths, and exposed APIs. Before testing, we confirm your provider's pentest notification policy and capture those boundaries in the Rules of Engagement.
What happens after the report is delivered? +
The Manual Pentest includes one free re-test after you complete remediation, so you can confirm fixes worked before presenting results to auditors or customers. We stay available for clarification on any finding, and Annual Coverage clients get ongoing re-testing throughout the year.
Next step
Ready to scope a pentest?
Five minutes. Four questions. No sales call.