Self-Service Security

Order a security assessment today.

Sherlock Forensics offers self-service penetration testing and security audits online starting at $1,500 CAD. Quick Audit covers 1 domain with up to 20 endpoints. Standard Penetration Test covers 1 web app with up to 50 endpoints and 5 external IPs for $5,000 CAD. Comprehensive Assessment at $12,000 CAD includes internal network testing via ShadowTap, a pre-configured device shipped to your office for remote internal penetration testing. Custom quotes available for larger environments.

20+ Years in operation
CISSP Certified examiners
Stripe Secure payment
5-day Audit turnaround
1. Select Service
2. Details
3. Payment
4. Authorization
5. Confirmed

Step 1

Select your service

Quick Security Audit
$1,500 CAD
  • 1 domain or IP address
  • Up to 20 pages/endpoints
  • Automated vulnerability scan + manual expert review
  • PDF report with executive summary and technical findings
  • Report delivered within 5 business days
  • Best for: side projects, MVP launches, vibe-coded apps
Most Popular
Standard Penetration Test
$5,000 CAD
  • 1 web application + associated infrastructure
  • Up to 50 unique endpoints/pages
  • Up to 5 external IP addresses
  • Full OWASP Top 10 + auth + API + business logic testing
  • Manual exploitation, not just automated scanning
  • Detailed findings with severity ratings + remediation roadmap
  • 30-minute debrief call included
  • Timeline: 10-15 business days
  • Best for: startups with production apps, SOC 2 prep
Comprehensive Assessment
$12,000 CAD
  • Full external pentest (same scope as Standard)
  • Internal network pentest via ShadowTap
  • Up to 1 subnet (254 hosts)
  • Social engineering: phishing campaign up to 50 employees
  • Executive summary + technical report
  • MITRE ATT&CK mapped findings
  • 60-minute debrief call + free retest within 90 days
  • Timeline: 15-20 business days
  • Best for: companies with office networks, compliance audits
How Internal Testing Works: ShadowTap

For internal network penetration testing, we ship a pre-configured ShadowTap device to your office. It is a small laptop-sized appliance. Plug it into any network port in your office. It connects back to our lab securely over an encrypted tunnel. From there, our team tests your internal network as if we were sitting at a desk in your office. No VPN configuration, no firewall changes, no IT overhead on your end.

When testing is complete, ship the device back to us. That is it.

ShadowTap was developed by Sherlock Forensics specifically for remote internal penetration testing. It has been used in engagements ranging from 10-person startups to organizations with thousands of internal hosts.

Phishing

Single Campaign
$250 CAD / campaign
  • One AI-powered phishing campaign
  • Thousands of templates via BaitAndPhish.com
  • Click & credential tracking
  • Department breakdown + risk scoring
  • Training recommendations
Best Value

Phishing

Unlimited Campaigns
$3 CAD / user / month
  • Unlimited phishing campaigns
  • Full BaitAndPhish.com template library
  • Continuous monitoring & reporting
  • Trend analysis over time
  • Automated training integration
Need Something Bigger?
Custom Quote

Multiple applications, large internal networks, multi-site assessments, ongoing security programs. 6,700 internal devices? 15 web applications? Continuous penetration testing program? We scope it.

Get a Custom Quote

Step 2

Target details

Company name is required
Contact name is required
Valid email address is required
At least one target URL or IP is required

Step 3

Secure payment

Order Summary

Service
-
Company
-
Targets
-

You will be redirected to Stripe's secure checkout to complete payment. Your card details are processed by Stripe and never touch our servers.

Step 4 - Required

Authorization agreement

Penetration testing requires explicit written authorization from the system owner. This agreement is a legal requirement. Testing cannot begin without it.

Penetration Testing Authorization Agreement

I, the undersigned, hereby authorize Sherlock Forensics ("the Tester") to perform security testing services on the targets specified in this order, subject to the following terms:

  1. I am authorized to grant permission for security testing of the specified targets, either as the system owner or as an authorized representative of the system owner.
  2. The Tester will conduct testing only within the agreed scope and targets.
  3. The Tester will exercise professional care to avoid disruption to production systems, but I acknowledge that security testing carries inherent risks.
  4. All findings will be documented and reported exclusively to the designated contact.
  5. The Tester will handle all data encountered during testing in accordance with applicable privacy legislation, including PIPEDA.
  6. This authorization is valid for 90 days from the date of signing or until the engagement is complete, whichever comes first.
  7. I understand that testing without proper authorization is illegal under the Criminal Code of Canada (Section 342.1). By signing this agreement, I confirm that authorization is properly granted.
Full legal name is required

Order confirmed

-

Your order has been received and authorization agreement recorded. A confirmation email has been sent to your address. Our team will review your submission and begin preparations within 1 business day.

For urgent matters, call 604.229.1994.

Return to Home