Launch Secure
Project-based web and API pentest
A focused, exploitation-led security test scoped to your web application and API. Designed for teams who want a complete picture of their current attack surface — with evidence they can act on and share.
Starting from
$2,500
Fixed price based on scope — quoted after scoping call
What's included
- Scoped web application and API pentest
- Manual exploitation-led testing (not scanner-only)
- Authenticated and unauthenticated surface coverage
- Business logic testing relevant to your application
- Executive Summary Report (2–3 pages, procurement-ready)
- Technical Findings Report (full detail, developer-ready)
- Remediation guidance per finding — not generic CWE descriptions
- One retest round included (verify fixes within 30 days of delivery)
- Kickoff call + scoping document
- Optional findings walkthrough call
What's not included
- Infrastructure / cloud configuration review (separate engagement)
- Mobile application testing (separate engagement)
- Social engineering or phishing
- Continuous coverage after delivery (see Release Guard)
Typical scope areas
Authentication and session management
Authorization and access control
API endpoint security
Business logic vulnerabilities
Input handling and injection
Sensitive data exposure
SSRF and server-side attacks
OAuth / SSO flows
File upload and processing
Rate limiting and abuse prevention
Good fit for Launch Secure if…
- • First pentest for the application or first pentest with this level of rigor
- • Preparing for a specific event: funding round, audit, enterprise deal
- • Need a clean, credible report to share with a customer or auditor
- • Want to validate a specific new feature or auth redesign before launch