Choosing Vaadata is choosing to work with a small, hyper-specialized team.
Why a small team?
Because the decision circuits are shorter. Because collaboration is closer. Because it increases our motivation and allows us to do a good job!
Because offensive security requires skills and a state of mind that are different from defensive security. Because we cannot know everything. Because mastering the pentester’s job requires a lot of time.
Internal team or outsourcing?
Working with Vaadata also means entrusting a security audit to a company that does not subcontract and does not use independent workers. This is the essential condition for ensuring the standard of quality we have set for ourselves.
How many pentesters for each security audit?
A pentest involves work by between one and three pentesters, according to the duration and the complexity of the planned pentests. For recurrent pentests, it is possible to change the team from one test session to another, in order to benefit from different viewpoints, while keeping one same project manager who can advise you on the change of scope of the tests, thanks to the knowledge of your business context.
Vaadata is a certified CREST company in the pentest category.
Our processes, our methodology and the security of our data have been subjected to rigorous examination. Obtaining certification demonstrates our ability to provide a reliable assessment of our clients' level of security.
Vaadata is the first French company to obtain CREST certification. This corresponds to a commitment made to our customers, to reassure them concerning their choice to trust us and to help them to show their partners the value our collaboration.
Our choice of obtaining the most internationally recognized certification for the pentest activity corresponds to the demand of our customers, who are located everywhere, particularly in EMEA [Europe, the Middle East and Africa] and in America.
Our mission is to make security widely available for companies, including start-ups and SMEs.
Our observation is simple: It is better to do little than to do nothing at all. This reasoning applies to both security and other fields.
It is not always easy to embark on a security audit, for reasons of budget, priority, or the time required to spend on it.
In addition, not all companies face the same level of risk: a young start-up and a large bank do not need to apply the same range of security resources and measures.
This is why Vaadata offers security auditing solutions adapted to each type of company.
We offer different security audit packs to adapt to all budgets. The price of a pentest varies between €550 and €25,000.
For some pentests, it is also possible to choose “success fees” pricing: price according to the flaws identified by our team of pentesters.Rates
We position ourselves as a partner capable of assisting you in the long term, as your business develops and your security challenges change.
After a first pentest, we are able to make specific recommendations on the next security steps to consider, with proposals tailored to your budget.
We can set up recurring pentest sessions, with a single contact person in charge of analyzing the changes in your needs and the priorities from one session to the next.
This corresponds to a subscription system, which can be adjusted at any time to take your needs into account.
A security audit makes it possible to transfer security skills to the teams of the client company.
There are various scenarios: a Web platform audit will increase the skills of developers and system administrators, while a social engineering audit will increase the skills of all people working in the company.
Depending on the results of the security audit, it is possible to complement the pentest with training to maximize the transfer of skills.
It is also possible to strengthen the transfer of skills through consultancy work with the team concerned.
Vaadata works with numerous start-ups based in Europe and the USA.
They include early stage start-ups and big start-ups, whose issues are not the same.
Vaadata proposes young start-ups an introductory offer with a competitive price: €550 for a first security audit.
Vaadata then proposes different packages to gradually increase the scope covered by the pentest or the depth level of the pentest.
The typical path of a start-up follows a number of stages, from the development of a first version to the position of leader in its market: first pentest (start-up offer), light audit, standard audit, recurring audits, social engineering audit, etc.
This can of course be adjusted according to the start-up’s business sector, its level of maturity in security, and external requirements of its customers and investors.
Vaadata is an adaptable company, favouring close collaboration with its customers, and is independent, with 100% of its capital owned by its operational directors.
Our size and our way of organization allow us to give priority to dynamism and adaptability in our relationships with our clients.
We are able to adapt to most of your requests: fast start date, specific reporting requirements, last minute requests, etc.
In the sometimes anxious world of cybersecurity, we attach particular importance to friendliness in exchanges and empathy towards our clients.
We are free to establish our course, goals and values. Our main objective is to work in a profession that is our passion, and to continuously develop our skills to offer an exceptional level of quality to our clients.
We give preference to organic growth and a robust company, rather than an objective of short-term profitability. This allows us to build long-term relationships with our clients, and to assist them at their own pace.
We are neutral with respect to all market solutions. We are not resellers of any security solution or any pentest tool. We focus on expertise and on the result of the audit, rather than using one tool at the expense of another.
We are not judge and judged regarding the security audits we perform. We do not develop solutions for our clients: we only provide our view of the security aspect.
We are neutral with regard to industrial and tertiary companies. We have no vested interest in or conflict of interest with the companies whose security level we assess.