About us


si-fi like data drive Security Project
  • tick sign Manual Pentests
  • tick sign Extended reports
  • tick sign Presentation results
  • tick sign WebSec Certificate
  • tick sign PCI, NEN, ISO and BIO compliant
Request Quote
data drive stack IT Security Subscription
Starting prices: € 2000 / month
  • tick sign Manual Pentests
  • tick sign Extended reports
  • tick sign Presentation results
  • tick sign WebSec Certificate
  • tick sign PCI, NEN, ISO and BIO compliant
Request Quote
question mark Other Services
Request Quote


One-time Pentest
WebSec will agree on a fixed price with the client for a full pentest. When choosing this model WebSec will deliver more results, detailed proof-of-concepts and agree with the client on a fixed price. This model has no strings attached to it and is mainly for large businesses such as Financial Institutions who just need to be sure that every function has been covered and is secure!

- Enough Time: All pages and features will be tested.
- More Results: The more testing time, the more results.

- This model could get quite above the budget of the average startup and is therefore not suited for everyone.

Minimum Contract: 1 Week
Minimum Hours: 40 Hours

One-time Pentest

Periodic Pentests
WebSec will agree on a limited amount of hours a month which makes this affordable for even the smallest companies while retaining the same quality and expectations as expected from a full pentest. In addition to pentesting services the client can switch each month between other services from WebSec.

- Affordable: Same rates but less working hours, therefore the price tag can be lower.
- Flexible: Client can switch between a pentest or other services each month.

- One year minimum contract period.

Minimum Contract: 1 Year
Minimum Hours: 16 Hours / a month

One-time Pentest

No Cure No Pay
WebSec will only charge the customer for discovered vulnerabilities, the costs depend on the severity and impact of the vulnerabilities discovered. Request a quote to learn more about the pricing tables for the No Cure no Pay business model.

- Client only pays for discovered vulnerabilities.

- WebSec only tests applications using this model for specific clients who meet certain conditions, contact us for more information.

Minimum Contract: 1 Week
Minimum Hours: 40 Hours

One-time Pentest



We will establish a line of communication with you to discuss your pre-test needs such as the test scope, requirements, disclaimer and contract.

WebSec document checkmarks

We then start planning, during planning we choose a start and end date together and you determine the contact person for the pentest.

WebSec calender

After planning, we will start our security assessment on the agreed date and times to see how well your current systems can withstand today's cyber threats. We always keep the contact informed of updates and notify them immediately if very serious findings are found.

WebSec Laptop malware

After an extensive pentest of your system or website, we start writing our report. We write two reports, a technical report and an executive report. The report contains everything that has been done with your system, which vulnerabilities There are found and detailed explanations of how those findings can be resolved and an executive summary.

WebSec document

We will then make an appointment with you to show our findings and to explain step by step what the findings mean. We do this by not talking too technical, so that everyone can follow it. we will explain clearly how the findings can be resolved.

WebSec delivery

CVE Numbers



SOAP WSDL Parser SQL Code Execution.




Privilege escalation.


TopManage OLK


Account Takeover Exploit.


LabVantage 8.3


Information Disclosure Exploit.




SQL Injection and XSS


0-day [1]


CVE has not been published yet.


0-day [2]


CVE has not been published yet.


0-day [3]


CVE has not been published yet.


Frequently Asked Questions

Who is WebSec?

WebSec is an organization with a mission and a vision that is fully focused on IT security, WebSec is a specialist in the spectrum of offensive security.
WebSec employs specialists who are very advanced in the field of penetration testing, code review and security awareness.

What does WebSec do?

WebSec has ethical hackers (also called IT security consultants, penetration testers or pentesters)
We deploy these colleagues at clients to detect errors and security problems in our clients information systems, networks, applications and servers, in order to optimize their security.
These professionals know the way a hacker works and thinks, this knowledge is used by our security experts to ensure a secure IT environment for our customers.

Where is WebSec located?

We are currently registered at Keurenplein 41, UNIT A6260, 1069 CD Amsterdam, The Netherlands.

When was WebSec founded?

The trade name WebSec has been around for four years, previously registered with the Chamber of Commerce under the name 'OS.SI Consulting B.V.'
Since August 3, 2020, WebSec has become an independent security firm under a parent company 'WebSec Holding B.V.'

Why choose WebSec?

Because WebSec can offer flexibility, diversity, transparency, speed and professionalism for the best quality at unbeatable rates.

We are currently the only IT security organization in the Netherlands that can offer an all-in-one security solution subscription, for instance: our clients with a security subscription can do a security assessment (pentest) in January and a phishing campaign in February without any additional fee.

Additionaly since the minimum contract is one year, we can perform these professional security projects at a lower rate for a fixed amount a month.
Also when our security subscription clients are unsure about what monthly service they require than they have the option to carry the number of hours to the next month, leaving room for larger assignments.

Unlike our competitors we are able to provide the highest possible quality of work, without overcharging our customers or compromising our quality standards.
Therefore guaranteering customer satisfaction and the security & protection of our clients IT environments all year round against the latest known and unknown cyber threats.

WebSec has no waiting times, WebSec can start an assignment immediately after discussing a start date and signing the required legal paper work.
At WebSec there is no such thing as waiting times or extra costs for urgent orders.
WebSec is available by phone 24/7 for our clients and we are ready to intervene in case of security incidents not only within the EU but almost anywhere in the world.

At WebSec we think communication with our customers is very important, we strive to give the most professional experience at all times.
In this way we always keep a close eye on the how, what and when and keep our customers informed of any event.
Our core values are Integrity, Confidentiality and Availability. Therefore our clients never remain in the shadow but always in our spotlight.