Web VA & PT
What?
Identify and exploit security weaknesses in web applications
Where?
Input validation, authentication flaws, session management, SQL injection, XSS, CSRF, file upload vulnerabilities.
Outcome
A report with risk-ranked findings and remediation guidance to secure the web app
- Re - Test
- API VA & PT
- Mobile VA & PT
- Cyber services retainer
Recommended Ads-On
Single service unit / Working times
- 1 Web App
- 10 Web pages
- 1 Role
- 3 – 6 days
Mobile VA & PT
What?
Assess security of Android/iOS mobile apps and their communication with backend systems
Where?
Insecure data storage, insecure communication (e.g., API traffic), code vulnerabilities, improper platform usage
Outcome
Ensures mobile apps meet security standards and protect user data from threats.
Recommended Ads-On
- Re - Test
- API VA & PT
- Web VA & PT
- Cyber services retainer
Single service unit / Working times
- 1 Mobile App
- 10 pages
- 10 Functions
- 3 – 5 days
API VA & PT
What?
Evaluate the security of RESTful or SOAP APIs that connect front-end apps to backend services
Where?
Authentication/authorization flaws, input/output validation, rate limiting, data exposure, access control.
Outcome
Validates that APIs securely handle requests and data, preventing misuse or data leakage.
Recommended Ads-On
- Re - Test
- Web VA & PT
- Mobile VA & PT
- Cyber services retainer
Single service unit / Working times
- 20 Endpoints
- 1 Authentication method
- 1 Role
- 3 – 5 days
Internal VA & PT
What?
Simulate insider threats or lateral movement within the internal IT infrastructure
Where?
Workstations, servers, Active Directory, internal applications, weak credentials, network segmentation.
Outcome
Highlights weaknesses inside the organization that could be exploited by malicious insiders or malware.
Recommended Ads-On
- Re - Test
- Cyber services retainer
Single service unit / Working times
- 25 IP address
- 1 Site
- 5 – 7 days
NCA Compliance Assessment
What?
Evaluate an organization’s alignment with the National Cybersecurity Authority (NCA) Essential Cybersecurity Controls (ECC) in Saudi Arabia.
Where?
Governance, asset management, access control, threat management, business continuity, third-party security
Outcome
Identifies compliance gaps and provides a roadmap to meet national cybersecurity regulatory requirements
Recommended Adds-On
- Asset inventory & Classification
- Cyber services retainer
Single service unit / Working times
- 1 Organization unit
- 2 physical environment
- 2 Cloud environment
- 5 – 7 days
ISO Compliance Assessment
What?
Assess readiness and alignment with international standards such as ISO/IEC 27001 for information security management
Where?
Risk management, policies, asset protection, incident response, audit processes, continual improvement
Outcome
Enables organizations to achieve or maintain ISO certification and improve overall information security governance
Recommended Ads-On
- Asset inventory & Classification
- Cyber services retainer
Single service unit / Working times
- 1 Organization unit
- 3 department-functions
- 2 environments (on-prem, cloud-based)
- 5 – 7 days
SAMA Compliance Assessment
What?
Ensure compliance with the SAMA Cybersecurity Framework, mandatory for financial institutions regulated by the Saudi Central Bank
Where?
Cybersecurity governance, operations, risk management, compliance, third-party management, and cyber resilience.
Outcome
Supports financial entities in meeting regulatory requirements and strengthening security in line with SAMA expectations
Recommended Ads-On
- Asset inventory & Classification
- Cyber services retainer
Single service unit / Working times
- 1 Regulated entity
- 2 departments
- 5 – 7 days
PDPL Compliance Assessment
What?
Evaluate data privacy controls against the Saudi Personal Data Protection Law (PDPL) to protect individual data rights
Where?
Data collection, consent management, processing, sharing, data subject rights, and cross-border data transfer
Outcome
Helps organizations identify privacy gaps and prepare for PDPL enforcement with clear compliance actions
Recommended Ads-On
- Asset inventory & Classification
- Cyber services retainer
Single service unit / Working times
- 1 Business Unit
- 1 Internal System
- 1 external-facing channel
- 5 – 7 days
Risk Assessment
What?
Identify, evaluate, and prioritize cybersecurity risks based on the organization's environment and threat landscape
Where?
Threat identification, asset classification, impact analysis, likelihood estimation, risk treatment planning
Outcome
Delivers a clear risk register and mitigation strategy to support informed decision-making and resource allocation
Recommended Ads-On
- Asset inventory & Classification
- Cyber services retainer
Single service unit / Working times
- 20 information assets
- 1 site or cloud
- 6 – 8 days
Incident Response (IR) Retainer
What?
Ensure immediate access to cybersecurity experts during cyberattacks or security incidents
Where?
Rapid detection, containment, investigation (digital forensics), recovery, and root cause analysis
Outcome
Minimizes downtime, data loss, and reputational damage through fast and structured response.
Recommended Ads-On
- Cyber services retainer
- Advisory & compliance retainer
Single service unit / Working times
- 50 Hours
Testing retainer
What?
Continuously strengthen security posture by identifying and addressing risks before incidents occur
Where?
Regular vulnerability assessments, threat hunting, tabletop exercises
Outcome
Reduces the likelihood and impact of cyber threats through preventive actions and risk mitigation
Recommended Ads-On
- Cyber services retainer
- Advisory & compliance retainer
Single service unit / Working times
- 50 Hours
Advisory & compliance retainer
What?
Provide strategic cybersecurity guidance and help organizations meet regulatory or industry standards
Where?
Risk assessments, policy and procedure development, gap analysis, audit readiness, CISO support
Outcome
Builds a strong governance framework and ensures compliance with standards like ISO 27001, NCA, SAMA, PDPL
Recommended Ads-On
- Cyber services retainer
- Testing retainer
Single service unit / Working times
- 50 Hours
Cybersecurity services retainer
What?
Assist in deploying and configuring cybersecurity technologies and controls across the organization
Where?
Firewall, endpoint, SIEM, IAM, MFA, DLP, encryption, secure configurations, and architecture reviews
Outcome
Ensures correct and efficient implementation of security solutions to close control gaps and improve defense
Recommended Ads-On
- Cyber services retainer
- Advisory & compliance retainer
Single service unit / Working times
- 50 Hours
