Yes, we are. The good ones.
Good hackers like us are called ‘white hats’ or ‘ethical hackers’. Just as the bad guys, we’re looking for the vulnerabilities, but only to report them to the owners of the vulnerable web assets.
We never access files with sensitive information (even when we can), nor do we collect any non-public data. Our job is to identify the vulnerability, report it discreetly and make sure that the company or individual is aware of the issue. We never exploit the issues we find.
No.
You don’t. Usually, in cases like this, good people reward us with a bounty as a sign of their appreciation of our effort and to support our cause. But whether the reward should be paid or not, is totally up to you. The amount of the reward is also determined by the company or the individual whom we reported the vulnerability to.
For a number of reasons.
First of all, we sincerely believe that our work makes the Internet a safer place for everyone. It’s really important for us to realize that we’re doing the right thing every day.
Secondly, this is our way to say hello and get acquainted with you. Unlike most companies, here at WebSafety Ninja we prefer to invest into bringing value to our (potential) customers right from the first encounter, rather than wasting time and money on creating empty marketing slogans or advertising all over the internet.
And yeah, there’s money. A lot of companies and individuals consider our cause a noble one, and reward our effort with a bounty (*tips hat* many thanks to y'all for doing so).
Pretty much. We have a legal entity in the Netherlands (see footer).
We pay taxes.
We play by the rules.
We hate pizza with pineapples.
Sure we are. You can check out our LinkedIn profiles.
Feel free to contact any of us via LinkedIn or set up a call with us if you have any questions or just want to say hi (we’ll turn our web cameras on so that you can see us).
Alternatively, you can meet the founder in person, if you’re somewhere near the Netherlands.
Just don’t forget to let him know beforehand.
Our legal entity is registered in the Netherlands, where the founder of the company resides.
We don’t have a physical office, though — we’re distributed all over Europe and work remotely.
The people on our team are from the Netherlands, Belgium, Ukraine and Russia.
Apart from researching the vulnerabilities to report and taking part in bug bounty programs we provide a number of cybersecurity services.
Security audit. When someone wants to ensure the security of their assets, they hire us to revise said assets. We discuss the scope, the client grants us access to all necessary parts of the infrastructure, and we do our magic. As a result, the client receives a comprehensive report with all the issues that we find, remediation instructions, general recommendations and business summary.
Penetration testing. Very similar to the security audit, yet a bit different. After discussing the scope, the client grants us permission to simulate an attack on their assets. In this case we try to break in, just like real criminals would. This type of service may include not only looking for exploitable technical issues in order to get into the system (or shut it down), but also social engineering, etc. — everything the bad guys would try. Just like in the previous case, in the end our client receives a comprehensive report with all the issues that we find, remediation instructions, general recommendations and business summary.
Security consulting. Speaks for itself. We’re the superheroes that people call when they need external security expertise.
See our proposal here.
We charge €100 per hour (excluding VAT for EU).
It’s impossible to estimate before learning the details of your infrastructure, the scope of the task, the requirements, etc. Usually we discuss the budget with the client before signing the contract.
Sometimes we finish the work within less time than our customer granted us budget for. In these cases we charge only for the time we actually spent working on the task.
Of course, we can always start with a small budget (e.g. 10 hours), so that you can see our deliverables. If we realize that we need more time, we will include this into our recommendations.
If you want to discuss your project with us, please set up a call using this link. Don’t worry, this is free of charge.
Any cybersecurity expert knows that it’s impossible to be 100% safe and secure.
Even if you have the best experts working for you, there are vulnerabilities that are a lot easier to discover with a fresh glance from beyond.
As you are reading this, your expert missed one.
And we’re providing you a chance to learn from that.