For agencies & MSPs

Pentests your clients will trust, delivered under your brand

OWASP-aligned manual testing. Co-branded reports. Within two weeks from kick-off. Your client never sees us unless you want them to.

Become a partner See a sample report
OWASP WSTG aligned Adelaide-based Independent practice
How it works

What white-label means in practice

You sell. We test. They see your brand.

Your client engages you for a penetration test. You subcontract the technical work to us. They never see our name on anything — the final report carries your logo, your contact details, and your branding.

You handle the sales conversation, scope agreement, invoicing, and ongoing client relationship. We deliver the testing, the findings, and the report you put in front of them.

You can decide how visible we are. Fully arms-length is the default. If a client wants a technical conversation with the tester directly, we can join — introduced as part of your team, not as a separate vendor.

What's included in every engagement

  • Co-branded PDF reportYour logo, your colours, your contact details, your remediation roadmap.
  • Manual testing aligned to OWASP WSTGNot just an automated scan with a wrapper.
  • External attack-surface scan as Appendix ABundled at no extra cost in every report.
  • Within two weeksFrom kick-off to final report, depending on scope.
  • One retest includedAfter your client implements fixes, scheduled when they're ready.
  • Mutual NDA on requestStandard practice for partner relationships.
The partnership promise

We don't poach your clients. Ever.

This is the question every agency asks before signing a subcontractor agreement, and it's the right question to ask. Our answer is simple: we do not approach, market to, or solicit work from any client we deliver for through a partner. Not during the engagement, not after, not ever.

If your client somehow finds us independently and asks to work with us directly, we'll redirect them back to you. Our business model is built on long-term agency partnerships, not one-off poaching that would burn the relationship.

Pricing

Flat wholesale rates, no hidden costs

Predictable wholesale pricing so you can quote your client with confidence. The number you see is the number you pay — no surprise add-ons, no scope-creep invoices, no per-finding charges.

Engagement Wholesale to you Typical retail to client Your margin
Standard web app pentest
Up to 3 user roles, ~40 endpoints		 $3,200 $5,000 – $6,000 $1,800 – $2,800
Larger or custom scope
Multi-app, complex auth, API-heavy		 Quoted per project Per your pricing 30 – 50% typical

All prices in AUD, exclusive of GST. Volume partners delivering three or more engagements per quarter — get in touch about preferred rates.

Engagement timeline

From brief to final report in two weeks

Standard engagement timeline. Tight client deadlines? Tell us upfront and we'll commit to what we can realistically deliver.

Day 0
You send us a brief
Target URL, intended scope, your client's timeline. Email or shared doc — whatever's easy.
Day 1
Scope confirmed, kick-off
We confirm scope and price within 24 hours. Mutual NDA signed if required. Testing credentials and any safe-list IPs handed over.
Days 2 – 10
Active testing
Manual OWASP WSTG-aligned testing across the agreed scope. Critical findings reported as we identify them, not held until the end.
Days 10 – 12
Co-branded draft delivered
PDF draft with your branding for your review. You decide what (if anything) needs adjusting before going to the client.
Day 14
Final report
Ready for you to deliver to your client.
Later
Retest (included)
After your client implements fixes, we verify and update the report. Scheduled at their pace.

See exactly what your client would receive

The full deliverable, redacted from a real engagement. Same structure, same depth, same quality.

Download a sample report (PDF)

FAQ

What if my client wants to talk to the tester directly?

That's fine. We'll join the call introduced as part of your team — not as a separate vendor. Your client gets the technical conversation, your brand stays intact. We never offer business cards, contracts, or quotes during a partner engagement.

What if scope changes mid-engagement?

Tell us as soon as it becomes clear. We'll reassess the engagement, give you a revised quote within 24 hours, and you decide whether to absorb it, pass it to your client, or pause until you've had the conversation. No mid-engagement surprise invoices.

Can the report exactly match my brand?

Yes. Send us your logo (PNG), brand colours (hex codes), and the contact details you want at the bottom of the report. The PDF is regenerated with your branding throughout — cover page, headers, footers, and remediation contact section.

Do you sign an NDA with us?

Standard practice, yes — we sign mutual NDAs covering both your engagement details and your client's information. Send yours or use ours.

What if your testing causes an issue with my client's site?

External web application pentesting is non-destructive by design. We don't run automated scanners against production, we don't fuzz at high volumes, we don't attempt denial-of-service. If there's any test that carries any meaningful risk, we ask before running it. In a worst-case scenario, we carry professional indemnity insurance.

What's the minimum commitment to become a partner?

None. No minimum monthly engagement, no annual contract, no upfront fees. Each engagement is a standalone fixed-price project. Partner with us once, or fifty times — it's your call.

Ready to talk

Become a partner

Send us a message describing your agency, the kind of clients you work with, and what a typical engagement might look like. We'll get back to you within one business day.

Get in touch