(+84) 247 109 9656
CyStack and Cookies
Pentest's biggest challenge these days is that businesses cannot measure the effectiveness of Pentester's work, nor can they measure the success of a Pentest campaign. From there, it is not possible to determine whether the return on investment (ROI) is worth it. Understanding those difficulties, CyStack has researched and launched a new Pen-test solution, which can help businesses get the best results with optimal costs.
With the goal of increasing pen-test efficiency, CyStack cooperates with a community of 3000+ security experts, selecting the best pen-testers to implement pen-test projects for customers. We apply a community security model, helping businesses optimize security costs through a bug bounty program.
Traditional Penetration Testing
CyStack Crowdsourced Pentest
Time of testing
A certain amount of working days, no weekends.
Time of testing
Flexible. All weekdays.
100 pen-testers and more
Paid by working hours
Paid by each vulnerability
20 - 40 hours per week
100+ hours per week
One single report at the end of pen-testing project
Real-time report. PoC right away when a vulnerability is found.
Pen-testers conduct penetration testing of customers' applications with little or no knowledge of the target (security policy, network infrastructure, software, existing security measures). Blackbox Pentest helps businesses detect risks in the real world that hackers can attack. This is the most common form of Penetration Testing trusted by CyStack's customers.
Gray Box Pen-testing occurs when pen-testers are exposed to partial information about the target (user login information, system architecture, or network overview). Unlike the blackbox pen-test that simulates a normal hacker's perspective, the Graybox pen-test provides the perspective of a hacker who has partially infiltrated the system and knows some sensitive information that is not public.
Pen-testers look for risks in the system under administrator privileges, with access to databases, source code, disclosures of encryption methods, or product structure description documents. Whitebox pen-test helps detect the risk when hackers have the deepest access to the system.
*Report includes detailed descriptions on how vulnerabilities affect business.
The Pen-tester team at CyStack is led by Nguyen Huu Trung - an expert who has 8 years of pen-testing experience for domestic and foreign organizations. Besides remarkable achievements such as discovering dangerous Zero-day vulnerabilities in famous technology products, or being honored at the Hall of Fame of leading corporations (Microsoft, Dell, HP, Deloitte). ...), CyStack experts are also guest speakers of the world's largest security conferences: BlackHat USA, BlackHat Asia, T2 Conference, XCon - XFocus.
With the goal of constantly improving the efficiency of Pentest projects for customers, CyStack cooperates with the best individuals in the community of 3000+ WhiteHub security experts. Help find the most vulnerabilities, in the shortest time, at the most appropriate cost. All experts involved in the Pentest project work closely with CyStack and have signed NDA information security contracts.
Get a Quote
"Experts at CyStack have very in-depth knowledge, even discovered the vulnerability of a high-ranking VNtrip partner. We now have peace of mind on security, and can have our resources fully focusing on developing the VNtrip app."
Mr. Nguyen Hong Thai
Do you deliver Blackbox, Graybox, or Whitebox pen-test service?
We do offer whitebox, graybox, and blackbox pen-test. In order to leverage the crowdsource, most of our customers choose blackbox pen-test for their projects. However, you can choose whitebox pen-test if it’s suit your need. We do also offer infrastructure advisory service for early stage projects.
Do you help with remediation?
Yes. We commit to help customers to address 100% security issues found. We do retest to make sure all the vulnerabilities are patched.
How long does a pen-test project last?
Pen-test projects often last 14 working days. Sometimes it lasts up to 30 or 45 days depending on system sizes. But don’t worry, with our pen-test service, you receive a PoC right when we found each vulnerability. This ensures maximum protection for your softwares and applications.
Choose a product or service