Skip to content
Offensive Security

Manual, exploit-driven
Network Pen Tests

Most UAE clients ask "I need pen testing for compliance" without knowing scope. That's fine — scoping is our job, not yours. Our 8-stage PTES-aligned process figures out exactly what your audit, client, or threat model actually needs.

Talk to us about scope

OSCP · CPTS · CEH practitioners Free retest of critical / high findings Written quote in 48 hours

0 PTES Stages
0 Flagship Services
0d Free Retest Window
0% Manual Testing
Methodology PTES OWASP WSTG OWASP MASTG OWASP API Top 10 NIST SP 800-115 MITRE ATT&CK
Methodology

Our 8-stage penetration testing process

Based on PTES (Penetration Testing Execution Standard), OWASP methodology guides, and NIST SP 800-115. The engineering discipline most "VAPT" providers skip.

  1. 01

    Pre-Engagement You're involved

    NDA, scoping workshop, rules of engagement, timeline, deliverable lock. We educate, you choose scope.

  2. 02

    Information Gathering

    Passive + active reconnaissance. OSINT, enumeration, technology fingerprinting, attack-surface mapping.

  3. 03

    Vulnerability Assessment

    Automated + manual analysis. Known CVE sweep, configuration review, version analysis, attack-vector hypothesis.

  4. 04

    Exploitation

    Controlled execution of attack paths. Every exploit documented, every action reversible.

  5. 05

    Post-Exploitation

    Privilege escalation, impact demonstration, pillaging for sensitive data. We show what an attacker would actually get.

  6. 06

    Lateral Movement

    If in scope — pivot through the environment, chain access, demonstrate breach spread. Internal network engagements only.

  7. 07

    Proof-of-Concept

    Reproducible evidence for every finding. Screenshots, scripts, step-by-step. No unverifiable claims.

  8. 08

    Post-Engagement You're involved

    Executive summary, technical report, live walkthrough, clean-up evidence, free 30-day retest of critical/high fixes.

Pricing — Four tiers

Pick your scope, lock the fee

From single-asset SME engagements to full-scope multi-environment assurance. Every tier includes manual testing led by an OSCP holder.

Starter

AED 9,000

Ideal for: Sub-30-employee UAE companies needing first-time external security validation.

  • Single web app OR small external network up to 20 IPs
  • Automated + targeted manual testing
  • Executive summary + technical findings report
  • 60-min remediation walkthrough call
  • Retest after fixes
  • Internal network or AD

Designed for UAE SMEs under 30 employees. One-time engagement, no retest included.

Get a quote

Essentials

AED 12,000

Ideal for: Growing companies with one customer-facing asset to validate.

  • Single web app OR external network up to 50 IPs
  • Manual testing of OWASP Top 10 / authenticated flows
  • Detailed PoC evidence per finding
  • 30-day free retest of critical/high
  • Live remediation walkthrough
  • Internal lateral movement
  • Cloud configuration review
Get a quote

Enterprise

AED 50,000–75,000

Ideal for: Multi-site or regulated organisations needing full-scope assurance.

  • Full scope: web + network + AD + cloud configuration
  • Lateral movement and privilege-escalation chains
  • Custom attack scenarios mapped to your threat model
  • Quarterly retest of critical/high for 12 months
  • Executive board-readout + technical workshop
  • Physical security testing (separate quote)
  • OT/ICS environments (separate quote)
Get a quote

Not sure which tier fits?

Book a 20-min scoping call
Services

Flagship services — available now

Led by Nelson Durairaj (OSCP, eJPT, CEH), supervised by Manoj Prabhakaran (CPTS, CDSA). No juniors running scanners, no anonymous teams.

Audit Mapping

Compliance mapping — which scope your framework needs

Tell us the framework, we'll scope to match. Our reports are audit-grade: CVSS-scored findings, control-mapped, walkthrough-delivered.

Framework Required Recommended additions
ISO 27001 (Annex A 8.8) VA + annual pen test External network + primary web app
UAE IA V2 (T3.6.1) External + internal pen test + phishing simulation + wireless
ADHICS v2 (Healthcare UAE) Annual pen test + mobile app (if patient-facing) + PHI systems
PCI DSS 11.3 Internal + external pen test + segmentation testing + web app (if CDE)
SOC 2 (CC7.1) Annual pen test External network + web app + API
Pricing

Transparent pricing

We're a new UAE firm. We publish prices to earn your first case study — not to hide behind enterprise-sales opacity.

Founding-client offer — the first three UAE clients per service line get 25% off in exchange for a named testimonial and case study rights.
Scope Starting at (AED) Typical duration
VA only (up to 50 IPs)5,0003 days
External network pentest (small)20,0005 – 7 days
Internal network pentest (AD, lateral)35,0008 – 12 days
Web application (1 app, authenticated)15,0007 – 14 days
Mobile app (1 platform, iOS or Android)18,0007 – 10 days
Mobile app (both iOS + Android)30,00010 – 14 days
API pentest (standalone)15,0005 – 10 days
Phishing simulation (up to 200 users)8,0002 weeks campaign
Network + Web App32,0002 – 3 weeks
Full-stack: Network + Web + Mobile55,0004 – 5 weeks

All engagements include: scoping workshop, rules-of-engagement document, CVSS-scored findings report, executive summary, 90-min remediation walkthrough, and one free retest of critical/high findings within 30 days. VAT extra. Written quote within 48 hours of scoping call.

Deliverables

What you actually get

Every engagement, every scope. Audit-grade deliverables designed for UAE compliance contexts.

  • 01

    Executive summary

    1 – 2 pages, board-consumable. Business impact, risk posture, remediation priority.

  • 02

    Technical findings report

    CVSS-scored findings with reproduction steps, screenshots, and remediation guidance. Typically 20 – 50 pages.

  • 03

    PoC evidence pack

    Scripts, payloads, Frida hooks — everything your dev team needs to reproduce locally.

  • 04

    Compliance mapping

    Findings cross-referenced to ISO 27001 Annex A, UAE IA, ADHICS, PCI DSS controls as relevant.

  • 05

    Live walkthrough

    90-minute session with your engineers — every critical and high finding demonstrated live.

  • 06

    Free 30-day retest

    Validate your fixes on critical and high findings within 30 days of remediation. Separate retest report issued.

Roadmap

Year 2 — 2027 roadmap

Planned additions. Join a waitlist and we'll email you 30 days before launch.

2027

Third-Party / Vendor Risk Assessment

Assess the cybersecurity posture of your suppliers and vendors. UAE IA V2 and ISO 27001 both require it — we deliver it via a scalable questionnaire framework.

2027

Managed Vulnerability Management

Continuous scanning, prioritisation, and remediation tracking — delivered as a monthly retainer with your named engineer.

Roadmap

Year 3 — 2028 roadmap

Advanced and managed services. The roadmap is real; the certs and hires to deliver them follow in Year 2 – 3.

2028

Red Team Exercises

Full-scope adversary simulation across people, process, and technology. Physical, digital, social engineering. Requires senior CRTO / OSEP hire.

2028

SOC-as-a-Service / MDR

24/7 monitoring, threat detection, and response. MSSP partnership bridge in Year 2 before own build in Year 3.

2028

Digital Forensics & Incident Response (DFIR)

Breach investigation, forensic reporting, legal-grade evidence handling. Licensed tools + GCFE / GCFA certified analysts.

2028

Cyber Threat Intelligence (CTI)

Sector-specific threat intel, dark-web brand monitoring, quarterly executive briefings.

2028

OT / ICS Security (IEC 62443)

Operational technology security for utilities, energy, manufacturing. Specialist hire required; anchor-client driven.

UAE Market

Why this matters for UAE

Scanners find patterns. Pen tests find paths.

Every UAE enterprise onboarding process — banks, tender committees, enterprise procurement — asks for penetration-test evidence before contract. Most UAE mid-market companies respond with a vulnerability scan PDF. That's not what auditors and procurement teams are asking for, and it's not what keeps you safe.

We deliver the real thing: manual, methodical, exploit-driven testing by named OSCP, CPTS, and CEH practitioners, following PTES, OWASP, and NIST methodology. Scanners and automation are part of the toolkit — but tools don't write the report or decide what to exploit next. Our testers do.

Every engagement ends with a live walkthrough of findings and a free retest of critical and high findings within 30 days of remediation.

Questions, answered

Penetration testing in the UAE — FAQ

How much does penetration testing cost in the UAE?

Underwings publishes fixed pricing: engagements start at AED 9,000 (Starter — a single web app or external network up to 20 IPs), AED 12,000 for Essentials (manual OWASP Top 10 / authenticated testing with a 30-day free retest), and AED 25,000–45,000 for Professional multi-asset scopes. You receive a written, fixed-scope quote in AED within 48 hours of a scoping call.

What's the difference between a vulnerability assessment and a penetration test?

A vulnerability assessment scans and prioritises known weaknesses — useful as a compliance box-check and triage step. A penetration test is manual: a certified tester actively exploits and chains weaknesses the way a real attacker would, including business-logic flaws scanners can't find. Underwings delivers manual testing aligned to PTES and OWASP, not scanner PDFs.

How long does a penetration test take?

A single web application or small external network is typically 2–3 weeks end-to-end (scoping, testing, reporting, walkthrough). Larger or API-heavy scopes extend to 3–4 weeks. Expedited delivery is available.

Will your penetration test report satisfy ISO 27001, SOC 2, PCI DSS or NESA audits?

Yes. Reports include scope, methodology, dates, named tester credentials, CVSS-scored findings, reproduction steps, remediation guidance, and retest validation — usable as audit evidence for ISO 27001, SOC 2, PCI DSS, HIPAA, NESA, and ADHICS.

Who performs the testing, and what certifications do they hold?

Every engagement is delivered by named, certified practitioners — OSCP, CPTS, CDSA, CEH — with the tester named in the report. No anonymous juniors and no outsourcing.

Is a retest included after we fix the findings?

Yes. One free retest of critical and high findings within 30 days of the final report is included on Essentials and above, with a separate report confirming remediation.

Ready when you are

Enterprise client asked for a pen test report?
Audit coming up? Mobile app shipping soon?

Book a free 30-minute scoping call. We'll scope your engagement against your actual compliance or commercial need, and send a written quote within 48 hours.

Discuss your scope
NDA-first No sales pressure Written quote in 48 hours Free retest of critical / high