Penetration Testing

We have developed a proces to be much more productive. Most of the time we do not care about the time spend we only care about the end result, which must meet our quality criteria. Difference is that we do not use a consultancy approach were every hour must be paid by the customer. Our delivery is a report. That makes us unique


We are nerds and like a challenge. Group of extremely well trained  people who love to break things are attacking your environment this can be a web application, infrastructure or whatever you need. This type of research goes beyond the borders of delivering proof, we actually take it one step further and execute.

Compliance testing

  • Yearly returning audit/compliance check
  • DigiD compliant
  • Large-scale testing site sometimes up to 500+
  • Extremely suited for audit firms who also need penetration testing reports for instance DiGID assessments


  • Monthly recurring check on infra and web
  • Can be combined with fully manual penetration test
  • Automation powered by Ethical hackers
  • Increase the frequency of tests and extend their coverage
  • Maximize the value of manual penetration testing
  • Price based on scoping
  • Always fixed pricing
  • 1.800,00 1+
  • 1.500,00 10+
  • 1.200,00 50+
  • 1.000,00 100+
  • 350,00 1+
  • 325,00 5+
  • 300,00 10+
  • 290,00 15+

What do we deliver?

Penetration Testing allows you to identify where the weak-points in your security are. It is considered best practice by numerous ISO standards and as a requirement of business by PCI-DSS, FCA and other regulatory bodies to have a Penetration Test carried out at least annually by a competent, and independent external third party.Conducting Penetration Testing against your people, processes and technology will gain you an insight into how well security operates throughout your business and how well they are able to withstand an attack.


Starting point depends on your wishes and creativity! Also depends on the information provided, hence white-, grey-, black-hat kind of testing. Testing can be fully customized or plain and simple, just a website as entry-point.

What do we deliver?

We truly deliver web application penetration testing for fixed prices and there is no catch. Quality is equal or even better than a scoped test calculated against hourly rate. We don't sell hours, we sell a product. That is the big difference.We are specialized in large-scale testing. Our processes, people and tools are optimized and strictly controlled to maximize our efforts to get the best results.Start thinking differently and approach problems differently. By combining people and technology and shifting the focus, we have the solution. Worldclass technology and AI combined with skilled human-driven analysis against real-world threats.We are the most optimized security testing company.


How is it possible that we can do a test for these low prices although a test may take 40-hours? Easy we don't measure time we sell you a quality product if it takes 40 hours to completion, so be it! Often ethical hackers had to stop testing because it was time. Next test a junior tester found a critical vulnerability!As a company we need scalability and mass to make this work. If you believe in changing the strategy from billing by the hour to buying a product we have a match.Every person at our company is dedicated to this strategy.How uch money have you lost when expensive consultant go out for a smoke? Guess is that this is at least 1 hour a day.

What do we deliver?

Subscription based testing is a hybrid form of security research on web applications with an emphasis on automated. The difference with fixed is that the emphasis is on the human factor. Means limited interaction and therefore limited hours but enough to reduce false positives and to generate a qualitative final report.Your application is tested for 1000+ known weaknesses by using the best tooling available on the market.Subscription-based security research is ideal for deployment during the development process and at various stages. The goal is to put a secure application into production. In addition, it is very suitable for small to medium-sized companies to do a monthly check against the latest weaknesses.intended for web development during development


The process is very easy. Signup below, we get in-touch and discuss your needs. Followed we can almost directly start testing. So, no long queues or waiting. We constant extend our testing environment to meet the growing demand!


  • Manual 80% vs Automation 20%
  • Audit and Compliance testing
  • OWASP top 10 + code review
  • Extended infrastructure testing
  • Suited for highly critical apps
  • Exploitation of findings
  • Extended reporting incl. proof and demo


  • Manual 60% vs Automation 40%
  • Audit and Compliance testing
  • Focus OWASP top 10
  • Basic Infrastructure testing
  • Yearly recurring test
  • Proof but no exploitation
  • No quantity limit
  • Not suited for highly critical banking apps
  • Audit proof reporting


  • Manual 20% vs Automation 80%
  • Great for testing during development
  • Focus OWASP top 10
  • No infrastructure testing
  • Pre-scan for next step
  • No exploitation
  • Limited to 20 test per customer
  • Issue based reporting
Cyber attack begin with spear-fishing email 71%
Increase targeted breaches 33%
Increase cyber crime cost 27%
increase in reported system vulnerabilities 13%
Just some statistics

Cybersecurity issues are becoming a day-to-day struggle for businesses. Trends show a huge increase in hacked and breached data from sources that are increasingly common in the workplace, like mobile and IoT devices.Additionally, recent research suggests that most companies have unprotected data and poor cybersecurity practices in place, making them vulnerable to data loss.We’ve extracted some cybersecurity statistics to give you a better idea of the current state of overall security.


We’re people, not academics with the right attitude and defiations of the norm. At our headquarters in Amsterdam we’ve assembled a team that combines the best practical expertise in testing security. Whatever their role or heritage, each COUNTERHACK combines an uncompromising mindset with an extreme focus on executing in service of the mission.

We use worldclass technology and combine this with human-driven analysis against real-world threats.We are focused on creating the world’s best customer experience for working with a security company, a system that allows you to solve complex problems without having to fully master the subject or hire specialized people.

Everything we do, believe in, contributes in making cyberspace a better more secure place.We believe in thinking differently, approaching challenges differently and solving problems differently. By augmenting human capacity with the best tools we can be more productive and concentrate on the tasks that matter for our customers. Delivering easy to understand, manageable solutions and services at a better price.Everybody gains.Current problems that threaten us are the resources on the labor market, large deficits that will constantly grow. Fighting for the best resources has been going on for some time but not everyone wants to pay too much.That is why we have to start thinking differently and approach problems differently. By combining people and technology and shifting the focus, we have the solution.We saw a need for a different kind of approach, and we knew it would take a different kind of company to build it. That’s why we founded COUNTERHACK.




FIXED tests






Office 1

Bickerswerf 6
1013 KX Amsterdam

Visit Us

nog even geheim ...volgt snel......