Engagements
Scoped to Your Environment
Penetration testing isn't a product with a fixed price tag. Every organization has a different attack surface, risk tolerance, and timeline. All ChainLenk engagements begin with a scoping call to define the right assessment for your situation.
Engagement Types
Whether you need a focused application assessment or a full-scope red team engagement, ChainLenk can scope the right test for your environment.
Focused Assessment
Single-target assessments for a specific application, service, or network segment. Ideal for pre-launch security reviews, compliance-driven testing, or validating a specific concern.
Standard Engagement
Full-scope penetration test across a defined environment — web apps, internal network, or Active Directory. Typical for annual security assessments and compliance requirements.
Comprehensive Assessment
Multi-scope engagement covering multiple attack surfaces, extended testing timelines, and full attack chain documentation from initial recon to post-exploitation.
Every Engagement Includes
Regardless of scope, every ChainLenk engagement is documented to the same professional standard.
Pre-Engagement Scoping Call
A detailed kickoff to define objectives, rules of engagement, testing windows, and what success looks like.
Executive Summary
A clear, non-technical overview of findings and overall risk posture, suitable for leadership and stakeholders.
Full Technical Report
Detailed documentation of every finding with CVSS scores, reproduction steps, and supporting evidence.
Remediation Guidance
Prioritized, actionable remediation steps for every finding — no generic "patch your software" recommendations.
MITRE ATT&CK Mapping
Findings mapped to the ATT&CK framework for threat modeling, detection tuning, and security program alignment.
Post-Report Support
Direct access to your tester for follow-up questions, clarification on findings, and guidance during remediation.
Common Questions
Why isn't there a published price?
Penetration testing scope varies significantly by environment size, complexity, and objectives. A price that works for a three-page marketing site is completely different from a large enterprise Active Directory engagement. We scope every engagement individually to ensure you're paying for the right level of effort — not a one-size-fits-all package.
How long does a typical engagement take?
Focused assessments typically run 3–5 business days. Standard engagements are usually 1–2 weeks. Comprehensive multi-scope assessments may run 2–4 weeks depending on environment size. Timeline is always confirmed during scoping.
What do I need to provide before testing starts?
At minimum: a signed statement of work, defined scope (URLs, IP ranges, or AD domain), testing credentials if applicable, and a point of contact for the engagement. We handle the rest.
Do you offer retesting after remediation?
Yes. Remediation validation retesting is available for all engagements. We retest the specific findings from the original report to confirm they've been resolved and that no new issues were introduced.
What types of organizations do you work with?
ChainLenk works with organizations across a range of sizes and industries — from growing startups needing their first serious security assessment to established companies with compliance-driven testing requirements. If manual penetration testing would help your security program, we can scope something appropriate.
How do I get a sample report before committing?
Submit the contact form and we'll send over a sample penetration test report so you can evaluate the quality and format of our deliverables before starting an engagement.
Get a Custom Quote
Tell us what you need tested and we'll put together a scoping proposal within one business day.