Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
Pentest24 positions itself as an enterprise security partner offering cloud-based penetration testing services, covering automated WebApp penetration testing, heuristic website penetration testing, and mobile app penetration testing. Its main methodology includes DAST, and it supports both black-box and white-box testing. The service is aimed at developers, website owners, business stakeholders, and organizations outsourcing security testing needs.
In terms of protection type, Pentest24 is more focused on “detection and validation” than real-time protection. The free plan can perform basic checks such as risk analysis, server-side security headers, technology fingerprinting, TLS/SSL, sensitive files and directories, weak passwords, Cookie flags, and directory traversal. Paid plans progressively add SQL/NoSQL injection, XXE, XPath, XSS, CORS, CSRF, command injection, Webserver/Framework vulnerabilities, SSRF, LDAP injection, file upload vulnerabilities, and reverse proxy bypass testing. Business and Enterprise also include security expert validation, heuristic scanning, full reports, and manual review to reduce false positives.
Pricing is straightforward: Free is free, Starter is 28.99€, Advanced is 31.99€, Professional is 34.99€, Business is 89.99€, and Enterprise requires submitting a request for a quote. The FAQ states that plan lifecycles are calculated based on usage frequency and have no time limit. Reports can be downloaded as PDFs. From Professional onward, developer-focused reports are emphasized, while Business/Enterprise provide management and standard reports. HIPAA and PCI/DSS-related report formats are mentioned, but there is no evidence that the platform itself holds these certifications.
The advantages are its low entry price, coverage of common Web vulnerabilities, clearly tiered plans, and payload and scope information designed to help developers fix issues. Higher-tier plans add human validation, which can help reduce false positives from automated scanning. The drawbacks are that payment methods, company location, service SLA, API/Webhook, SIEM/Jira/SSO, and other enterprise integrations are not disclosed. The claim of “0% false positives” is also a strong statement: the text only indicates expert review, which is not the same as an absolute guarantee of zero false positives in all scenarios.
Pentest24 is suitable for small and midsize websites, development teams, pre-launch security checks, and projects that need an initial OWASP Top 10 validation. For strict compliance requirements, on-site testing, or deeper red-team engagements, additional manual services or a local provider may still be needed. Access from mainland China and payment availability cannot be confirmed from the available content, so china_access can only be marked as unknown. Domestic alternatives in China include DBAPPSecurity, NSFOCUS, Knownsec, Chaitin, and security scanning services from cloud vendors.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on pentest24.net official site.
pentest24.net is an Unknown Security provider. TG4G tracks its product information, an overall rating of 6.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach pentest24.net directly.