Welcome to Your Dashboard

Here's a quick summary of your account activity.

Welcome to your dashboard! Here, you can access everything you need to manage your security and account. You’ll find all your vulnerability reports in one place, making it easy to stay on top of potential risks. You can also view and manage your invoices, make quick and secure payments, and update your account settings whenever needed.

Total Vulnerabilities

0

Total Invoices

0

Our process is designed to give you full control and transparency in managing your security audit. First, please review the Pricing section. If you feel that the pricing does not fully capture the unique aspects of your business, you may request a pricing revision by clicking the revision button.

Once you are comfortable with the pricing, proceed to define your scope. This involves specifying your primary domain, any subdomains or wildcards you want included, areas or functionalities that should not be tested, and any extra details necessary for a tailored audit.

Next, please confirm your understanding and acceptance by reviewing the Agreement section. Only after these steps are completed will we begin our process of identifying potential vulnerabilities.

As we search for vulnerabilities, our system will continuously update the status in your dashboard. If a vulnerability is found, a detailed report will be generated and placed in your Vulnerability Reports section for your review. Should you agree with the findings and severity rating, an invoice will then be issued.

Keep in mind that at Ackledge, we take the privacy and security of confidential data very seriously. In the event that our testing efforts uncover vulnerabilities—such as Remote Code Execution (RCE), SQL Injection (SQLi), or any other exploit that could potentially allow access to confidential information—our team will adhere to strict ethical guidelines. We will only access and utilize the minimal amount of data necessary to verify and demonstrate the existence of the vulnerability, and under no circumstances will we read, store, share, or otherwise misuse any sensitive information. Our sole objective is to provide actionable, secure evidence that facilitates prompt remediation, ensuring both the protection of your data and the integrity of your systems.

Once you press the 'Begin Service' button, our team will be notified, and we will initiate the process of identifying vulnerabilities in your application. Whenever a vulnerability is discovered, you will receive a comprehensive report detailing all aspects of the issue. The report will be accessible through your dashboard, and you will also be notified via email. Please ensure that [email protected] is added to your trusted contacts to prevent our messages from being filtered as spam.

Throughout the audit, you can choose to terminate the service at any time via the Settings section.

Invoices

No invoices yet

No invoices yet. Once you get an invoice, it will appear here!

Vulnerability Reports

No reports yet

Great news – no vulnerabilities have been found yet!

Select a report to view

How Our Pricing Works

Our security audit service is provided at no upfront cost. We perform a comprehensive audit of your systems or website and issue an invoice only for confirmed vulnerabilities along with any requested remediation or consulting services.

1. Security Audit Services Overview

We conduct a detailed vulnerability analysis and prepare an audit report. Invoices are generated only after you have reviewed and accepted the vulnerability details and corresponding risk scores.

2. Calculating the Final Severity Score

Each identified vulnerability is evaluated using two independent scoring methods:

  • Technical Severity (CVSS 4.0): A standardized score ranging from 0.0 to 10.0 based on specific technical criteria. The severity levels are defined as: Low (0.1–3.9), Medium (4.0–6.9), High (7.0–8.9), and Critical (9.0–10.0).
  • Business Impact Score (BIS): A score on a scale from 1 to 10 that reflects the real-world impact on your business. It is determined by factors such as potential financial loss, reputational damage, operational disruption, and legal or regulatory risk. The default calculation takes the highest individual factor score.

The final severity rating is the higher of the CVSS 4.0 score (normalized to a 1–10 scale) or the Business Impact Score.

3. Mapping Final Severity to Pricing

Based on the final severity rating, our base pricing follows the scale below:

Final Severity Rating Severity Level Base Price Range (USD) Description
1–3 Low $200 – $500 Minor vulnerabilities with minimal impact
4–6 Medium $500 – $1,500 Issues with moderate impact that require timely remediation
7–8 High $1,500 – $3,000 Significant vulnerabilities presenting notable business risks
9–10 Critical $3,000 – $6,000 Severe vulnerabilities with the potential for catastrophic impact

4. Customization & Negotiation

Your business environment is unique. If you believe that the default scoring does not fully capture your specific risks – whether due to regulatory factors, proprietary data value, or other considerations – you may request a pricing revision directly through our dashboard. Every invoice provides a detailed breakdown of the CVSS score, BIS, and the final severity rating to ensure full transparency.

Additionally, if you implement a fix for a reported vulnerability and would like a retest to ensure that there is no potential bypass or that the remediation is effective, a retest fee of $200 will be applied. This fee covers the time and resources required for a thorough re-evaluation of the fix. To ask for a retest, you can email us at [email protected]

For any questions or to discuss adjustments to the pricing model, you can directly contact us at [email protected] or use the button below.

Scope

Define the boundaries of your security audit below. Please provide your primary domain, any subdomains or wildcards you want included, areas or functionalities you wish to exclude, and any extra information that will help us tailor your audit.

Enter the main domain(s) you wish to have audited. For example: example.com

Specify any subdomains or use wildcards if applicable. For example: *.example.com

List any areas or functionalities you do NOT want to be audited (e.g., payment gateway, third-party login).

Provide any additional instructions or details that will help us better understand your scope requirements.

Agreement

Settings

Manage your account settings and preferences.

Change Password

Service Control

To start the service, you must choose "BEGIN" and have accepted the agreement.