Due to the nature of the application, DarkHorse is not optimized for mobile devices. Please view it on a desktop or tablet for the best experience.
Penetration Testing
Painless, Affordable, & Scalable Pentesting
Effortlessly purchase, setup, launch, and manage pentest engagements within minutes. From completely customizable fractional engagements, to in-depth, comprehensive pentests, to high-level assessments, DarkHorse has you covered. Start experiencing a better, more affordable experience today (options start as low as $500); schedule a zero-risk call, try our out pentestimator below (to get an accurate estimation of pricing for your use case), or read on to learn more.
DarkHorse offers a wide range of penetration testing options that can fit nearly any need, and as with our other offerings, we can offer it at a significantly lower cost than alternatives in the space, as a function of improved platform-supported management (which helps eliminate unnecessary overhead). Here are some of the high level advantages to a platform-based approach to penetration testing:
Additionally, we offer multiple levels and types of testing, since we know that not everyone has the same goals or needs; to cover them briefly:
As with our VDP and Bug Bounty offerings, we hold strong to our mission of democratizing crowdsourced and offensive security, and our belief that it should be affordable and accessible to all.
For this reason, we not only offer our base prices for the above offerings, but we also offer two additional layers for the cost-conscious (available on all product lines):
© 2024 DarkHorse Security, LLC. DarkHorse: Let's Ride. All rights reserved. CURRENTLY IN OPEN BETA | Need Help?
Advantages of DarkHorse PTaaS (penetration testing as a service):
- A platform, not a PDF.
- While many consultancies are still performing a test and sending you a PDF, we provide you with a living platform that allows you to (1) see the results in realtime; (2) communicate with the tester; and (3) view and access the information how you want to view and access the information. Of course, if you need a PDF for your auditor, etc, we offer that as well. PDFs are so 2005; a platform is the future.
- Simplicity, as it should be.
- Ever get tired of lengthy sales cycles to buy from a vendor? Six sales calls and half the team on the phone to ask and answer questions… Not here, not now, not never. We took the knowledge from running hundreds-to-thousands of pentests, and programmatized it to cut out all the noise. A few simple questions and a credit card, and you could be on your way. We want to make this simple and painless, the way it should be.
- Speed, when you need it.
- Additionally, as a function of having a programmatic approach to everything we do, as well as having a flexible bench via the crowd, we’re able to get your test off the ground extremely quickly, and not just quickly, but also with the right person for the right job - instead of whatever warm body is available and billable. Note that this ‘crowd’ is not just anyone off the internet; to be part of the pentesting sub-group of the crowd, individuals are required to undergo a criminal background check, as well as individual vetting around their experience and technical abilities.
- Unmatched flexibility.
- As the only platform to offer fractional pentesting, it's never been easier or more afforable to gain access to cybersecurity talent. You can learn more about fractional pentesting here.
Variations:
- The Standard.
- The Standard is the standard. When you think of a modern penetration test, this is it. Built off gold-standard methodologies (e.g. OWASP Testing Guide, etc), it’s the same trusted test as always, but this time with the backing of a robust platform to make it easier and simpler than ever.
- The Essentials.
- Sometimes you don’t want or need a full-on pentest, such as The Standard. You want something quick, but also something human - to catch what scanners and automation cannot. This is where The Essentials comes in. In general, The Essentials will pick up 60-80% of the findings of a full pentest in approximately 20% of the time. It won’t cover everything in-depth, but it will give you peace of mind knowing that a security professional tested the application, with a focus on finding that which automation and scanners cannot (logic vulnerabilities, etc). The Essentials is a great way to maximize value as quickly as possible. And while it’s not intended as a replacement for a full pentest, there’s no question that it’s often the perfect fit for situations where time or budget are tight, but you want to make sure there’s some degree of human inspection.
- The Hunt.
- Sometimes you want or need (1) a specific item or objective to be tested; or (2) want to see just how far someone could go. Both of these scenarios are what The Hunt is for. The Hunt is for any objective-based testing - whether that objective is infiltrating your network, or just testing a small piece of functionality that just got released. When there’s a very specific goal and/or objective in play, that’s what The Hunt is for.
- An extension of this is our Fractional Pentesting offering - where one can define exactly how much time / effort they want the tester to invest, and then get rapid access to talent for the desired amount of time.
For this reason, we not only offer our base prices for the above offerings, but we also offer two additional layers for the cost-conscious (available on all product lines):
- Economy.
- Economy offers all of the same testing as our base product, but strips out even more from the process to make it as affordable as possible. For instance, with our Economy offering there is no option to designate the testing location or hours of testing. This allows us to find a lower cost resource to help pass those savings on to you, and so on. For organizations who don’t need some of the extra niceties (such as launching extremely quickly, etc), this is a great way to get access to pentesting for an affordable rate.
- At-Cost.
- True to our mission, for those who are significantly cost-constrained, but want access to pentesting, we don’t want to turn anyone away, and will perform the work at-cost. This is delivered as the same offering as the Economy option, but at an even further reduced price. This isn’t for everyone, but we do believe that human-intelligence driven security should be available to everyone, and so in that vein, we want to do everything we can to make it accessible and affordable to all. Note that the decision as to who qualifies for At-Cost is at the discretion of DarkHorse.
FAQs
(if you have other questions, feel free to reach out at anytime to info[at]darkhorse.sh)
You use “the crowd”. Can I trust the crowd?
In short: yes.
Longer form: absolutely yes. For the sake of clarification, it’s important to be aware that while the persons used for pentesting are part of the larger crowd, the larger crowd is not eligible to participate on pentests. Of the larger crowd, only a small subset are invited to pentests, and those individuals are (1) background checked; and (2) individually vetted to ensure their skills and abilities. Most of the pentesting crowd are full-time penetration testers or bug hunters in their day jobs, and do this freelance.
Longer form: absolutely yes. For the sake of clarification, it’s important to be aware that while the persons used for pentesting are part of the larger crowd, the larger crowd is not eligible to participate on pentests. Of the larger crowd, only a small subset are invited to pentests, and those individuals are (1) background checked; and (2) individually vetted to ensure their skills and abilities. Most of the pentesting crowd are full-time penetration testers or bug hunters in their day jobs, and do this freelance.
Why DarkHorse vs. anyone else? (consultancies, other PTaaS offerings)
There are a lot of factors that play into any given decision-making process - and depending on what your criteria are, we may or may not be the best fit. If we’re not a good fit, we’ll be happy to say so - our goal isn’t to take every pentest on the planet, but to move the needle forward in terms of creating a world where getting and setting up a pentest isn’t all that awful. If you’re looking for a low cost, platform-first option, we’re probably your best bet. However, if you want or need a large amount of support or hand-holding, we’re probably not the best fit. Our platform is designed to have as little human overhead in the setup as possible - so that we can (1) focus on getting humans to do the most important part: the pentest; and (2) so that we can pass those cost savings along to you.
Fundamentally, our mission statement (to make crowdsourced and offensive security accessible and affordable to all) precludes the idea of 'competition' in the traditional sense. So long as people have access to services that we think are essential for improving their security posture, we have no quarrel around who they use or how they do it. Full stop.
So again, based on your decision criteria, we may or may not be a good fit. We’re happy to talk through your needs and give our recommendation, but we won’t try to take on work that’s not a good fit. Our goal is to make pentests better - not to perpetuate bad pentests and bad pentest selling.
That said, it's your decision around your perceived ROI for the services and software that you're paying for. Some people may want all the bells and whistles of a more services-oriented organization, and again, our goal is not and will not be to compete with them. Our goal is to democratize crowdsourced and offensive security, making it accessible and affordable for everyone. We personally think our solution will meet the needs of a great many, many organizations, and that DarkHorse provides the highest amount of ROI for the lowest cost - allowing you to save cash that can then be re-deployed within your security organization to the areas that need it the most - but again, we're not trying build a giant services org, cater to the high end, or maximize for profit, we're trying to make this accessible for everyone.
Fundamentally, our mission statement (to make crowdsourced and offensive security accessible and affordable to all) precludes the idea of 'competition' in the traditional sense. So long as people have access to services that we think are essential for improving their security posture, we have no quarrel around who they use or how they do it. Full stop.
So again, based on your decision criteria, we may or may not be a good fit. We’re happy to talk through your needs and give our recommendation, but we won’t try to take on work that’s not a good fit. Our goal is to make pentests better - not to perpetuate bad pentests and bad pentest selling.
That said, it's your decision around your perceived ROI for the services and software that you're paying for. Some people may want all the bells and whistles of a more services-oriented organization, and again, our goal is not and will not be to compete with them. Our goal is to democratize crowdsourced and offensive security, making it accessible and affordable for everyone. We personally think our solution will meet the needs of a great many, many organizations, and that DarkHorse provides the highest amount of ROI for the lowest cost - allowing you to save cash that can then be re-deployed within your security organization to the areas that need it the most - but again, we're not trying build a giant services org, cater to the high end, or maximize for profit, we're trying to make this accessible for everyone.
There are other, cheaper “pentests”.
It’s very possible and probable. That said, there are a LOT of very loose interpretations around what a pentest is and isn’t. At some companies you may find them running a scanner and calling it a pentest, while at others, they may perform the equivalent of our Essentials, while telling you they’re giving you The Standard. Personally, we insist on the use of human testing for all our products - we could probably sell a cheaper service if we had some sort of AI or automation - but AI, automation, and all those other bells and whistles be damned. We still believe that the best intelligence is human, and if you want the best outcomes to find the best vulnerabilities, then you’ve got to use human intelligence driving human testing. There’s simply no replacement.
How is this different from a VDP?
We’re glad you asked! The main difference is that a bug bounty offers some (any) type of incentive. As soon as there’s an incentive for people to test, it’s a bug bounty. If it’s people responsibly reporting issues without any expectation of payment or dispensation, then it’s a VDP.
The best way to think about this is that a VDP is passive (like insurance - it’s only triggered when it’s being used), while a bug bounty is active - encouraging people to actively look for risks and report them. It goes without saying, but the active approach will always net more findings and value.
The best way to think about this is that a VDP is passive (like insurance - it’s only triggered when it’s being used), while a bug bounty is active - encouraging people to actively look for risks and report them. It goes without saying, but the active approach will always net more findings and value.
What is self-managed vs. managed vs. platform-managed?
A self-managed program is one where you manage all the aspects of the program by yourself. This could be as extensive as not using a platform at all, or even using a platform, but not getting any support in terms of how the program should be managed. You kind of just have to figure it out for yourself. There is one platform where this is pretty common.
A managed program is one where the services teams at the platform provider add an additional layer of human-based guidance and support throughout the sales, onboarding, triage, support, and day-to-day operations. However, quality and consistency can be lacking, since you have a wide range of individuals touching the account. Additionally, all of these persons and the services they provide are wrapped up into a much higher average cost, even if they provide little-to-no value.
A platform-managed program is one that takes all that the best humans know about running a program successfully, and then makes it programmatic. Instead of having to pay for the costs of (and this is not hyperbole) an Account Executive, Sales Engineer, Business Development Representative, Account Manager, Technical Customer Success Manager, Onboarding Engineer, Solutions Architect, Support Engineer, Triage Engineer, and more… and then of course there’s all their bosses, and so on. Instead of having all those costs rolled up into your bill, what if 90% of those roles were automated to provide consistency and scale, while also allowing you to pick and choose where you want and need support along the way? Then pass those savings along to you. That’s platform-management, and that’s what we’re building here at DarkHorse.
A managed program is one where the services teams at the platform provider add an additional layer of human-based guidance and support throughout the sales, onboarding, triage, support, and day-to-day operations. However, quality and consistency can be lacking, since you have a wide range of individuals touching the account. Additionally, all of these persons and the services they provide are wrapped up into a much higher average cost, even if they provide little-to-no value.
A platform-managed program is one that takes all that the best humans know about running a program successfully, and then makes it programmatic. Instead of having to pay for the costs of (and this is not hyperbole) an Account Executive, Sales Engineer, Business Development Representative, Account Manager, Technical Customer Success Manager, Onboarding Engineer, Solutions Architect, Support Engineer, Triage Engineer, and more… and then of course there’s all their bosses, and so on. Instead of having all those costs rolled up into your bill, what if 90% of those roles were automated to provide consistency and scale, while also allowing you to pick and choose where you want and need support along the way? Then pass those savings along to you. That’s platform-management, and that’s what we’re building here at DarkHorse.
Do you have a video walkthrough for setting up a pentest?
Sure! Here ya go!
© 2024 DarkHorse Security, LLC. DarkHorse: Let's Ride. All rights reserved. CURRENTLY IN OPEN BETA | Need Help?