Find more bugs

Find more bugs

CyStack's Pentest solution integrates Crowdsourced Security with the WhiteHub Community of Security Experts, providing 7 times more security than traditional methods. On average 5 critical vulnerabilities were found after 14 days.

Cost effective

Cost effective

CyStack uses a pentest model where pen-testers are rewarded based on vulnerabilities instead of working hours. Customers can see transparent value to be paid for each vulnerability at different levels of danger. This saves cost and ROI-optimized.

Crowdsourced Penetration Testing Service

In the digital era, enterprise information systems are becoming more and more complex, ranging from website to mobile, from IoT devices to CRM/ERP systems, and also network infrastructure. All these components are exposed to the internet, they inadvertently increase the risk of businesses being attacked by cyber criminals. Besides passive security measures such as using software or firewalls, Penetration testing is an effective method to combat attacks on enterprise systems.

With 8 years of experience in conducting Pen-test projects for large and small companies, the cybersecurity engineers at CyStack understand the importance of Pen-test, as well as the inadequacies of this solution. Thereby, launching Penetration Testing service to thoroughly solve the security needs of web, mobile, IoT, API, ... of domestic and foreign customers. With CyStack's Pentest service, customers will get the best value.

Introducing a new solution for security testing

Pentest's biggest challenge these days is that businesses cannot measure the effectiveness of Pentester's work, nor can they measure the success of a Pentest campaign. From there, it is not possible to determine whether the return on investment (ROI) is worth it. Understanding those difficulties, CyStack has researched and launched a new Pen-test solution, which can help businesses get the best results with optimal costs.

With the goal of increasing pen-test efficiency, CyStack cooperates with a community of 3000+ security experts, selecting the best pen-testers to implement pen-test projects for customers. We apply a community security model, helping businesses optimize security costs through a bug bounty program.

Hiệu quả của CyStack Pentest

Traditional Penetration Testing


CyStack Crowdsourced Pentest

Time of testing

A certain amount of working days, no weekends.

Time of testing

Flexible. All weekdays.


1-3 pen-testers


100 pen-testers and more

Pricing model

Paid by working hours

Pricing model

Paid by each vulnerability

Work hours

20 - 40 hours per week

Work hours

100+ hours per week


One single report at the end of pen-testing project


Real-time report. PoC right away when a vulnerability is found.

Comprehensive Protection

Black Box testing

Black Box testing

Pen-testers conduct penetration testing of customers' applications with little or no knowledge of the target (security policy, network infrastructure, software, existing security measures). Blackbox Pentest helps businesses detect risks in the real world that hackers can attack. This is the most common form of Penetration Testing trusted by CyStack's customers.

Gray Box testing

Gray Box testing

Gray Box Pen-testing occurs when pen-testers are exposed to partial information about the target (user login information, system architecture, or network overview). Unlike the blackbox pen-test that simulates a normal hacker's perspective, the Graybox pen-test provides the perspective of a hacker who has partially infiltrated the system and knows some sensitive information that is not public.

White Box testing

White Box testing

Pen-testers look for risks in the system under administrator privileges, with access to databases, source code, disclosures of encryption methods, or product structure description documents. Whitebox pen-test helps detect the risk when hackers have the deepest access to the system.

"CyStack helps businesses achieve their security goals and comply with the strict security standards. With the innovative Pen-test Blackbox methodology, CyStack is confident to bring the best value to every customer using our Pen-test service."

Learn more about the process



  • Customer and CyStack discuss pen-test's object and scope of work.
  • CyStack makes a proposal including a plan of conducting test.



  • CyStack professional pen-testers start testing on objects.
  • After round one, a community of researchers start testing the objects to find as many vulnerabilities as possible.
  • PoC for each vulnerability is sent to the customer right away for early remediation.



  • CyStack sends customers detailed reports and instructions on how to fix the bugs.
  • Pen-tester team starts retesting to ensure all vulnerabilities are fixed.

*Report includes detailed descriptions on how vulnerabilities affect business.

Triển khai

Meet the Pen-testers

CyStack Expert

The Pen-tester team at CyStack is led by Nguyen Huu Trung - an expert who has 8 years of pen-testing experience for domestic and foreign organizations. Besides remarkable achievements such as discovering dangerous Zero-day vulnerabilities in famous technology products, or being honored at the Hall of Fame of leading corporations (Microsoft, Dell, HP, Deloitte). ...), CyStack experts are also guest speakers of the world's largest security conferences: BlackHat USA, BlackHat Asia, T2 Conference, XCon - XFocus.

Cystack experts

Community expert

With the goal of constantly improving the efficiency of Pentest projects for customers, CyStack cooperates with the best individuals in the community of 3000+ WhiteHub security experts. Help find the most vulnerabilities, in the shortest time, at the most appropriate cost. All experts involved in the Pentest project work closely with CyStack and have signed NDA information security contracts.

Community experts

Get a Quote

"Experts at CyStack have very in-depth knowledge, even discovered the vulnerability of a high-ranking VNtrip partner. We now have peace of mind on security, and can have our resources fully focusing on developing the VNtrip app."

Mr. Nguyen Hong Thai

CTO, VNtrip

Mr. Nguyen Hong ThaiMr. Vu Hoang Duy


Do you deliver Blackbox, Graybox, or Whitebox pen-test service?

Do you help with remediation?

How long does a pen-test project last?