Pentest Challenge

How strong is your cybersecurity posture?
Are you willing to run it through the Nexa Pentest Challenge?

We’re putting our 100% success rate to the test*
If our ethical hackers can’t breach your systems, it’s on us.

Book your pentest before April 30st, 2024.

* If our team is able to access any information we’ll provide a full vulnerability report with remediation recommendations prioritized by risk level, starting from $125/hour.


We will identify and exploit vulnerabilities that could be breached by malicious users to help you protect your organization from cyberattacks and improve your cybersecurity posture.

Attack surface

Nexa's team of experienced ethical hackers will conduct a free pentest to your organization, including your systems, networks, applications, and data. We will start by scanning your external assets and then extend the scan to your internal assets. Nexa's vulnerability assessment is conducted from the perspective of a malicious user (attacker) who seeks to compromise the CIA (Confidentiality, Integrity, Availability) of targeted systems.


Work methodology


We use a proprietary methodology to evaluate and diagnose each vulnerability, based on the Open Source Security Testing Methodology Manual (OSSTMM), OWASP Security Testing Guides, and NIST 800-115.


The severity of each vulnerability is classified using CVSS (Common Vulnerability Scoring System) and our proprietary Vulnerability Impact Assessment Tree, which takes into account our knowledge of your business and the experience of our ethical hackers. 

The Vulnerability Impact Assessment Tree

The Vulnerability Impact Assessment Tree is a methodology that helps organizations to understand the potential impact of vulnerabilities in their systems and data. It considers the following factors:

→ The type of compromised information
→ The sensitivity of the information
→ The impact on business operations
→ The likelihood that the vulnerability can be exploited massively

The tree is designed to assign a qualitative metric to each vulnerability, which represents the level of impact that would be generated if the vulnerability were exploited.

This metric is based on the loss of CIA of affected information, the sensitivity of affected information, the impact on business operations, and the likelihood of massive exploitation.

Nexa's Vulnerability Impact Assessment Tree
Funnel of short iterations

Estimated effort

Up to 4 weeks of execution time. Up to 150 hours of work time. Critical findings will be reported as soon as they are discovered using an agile methodology of short iterations to adjust our focus based on the client's knowledge of their business. 

Vulnerability report

A report containing a summary section for non-technical audiences that highlights the key findings and recommendations, and detailed technical documentation that provides step-by-step instructions on how to reproduce vulnerabilities and how to mitigate/remediate them.


→ Peace of mind: our 100% success rate means you can be confident that our ethical hackers will find vulnerabilities in your systems. If we don't, it's on us.

→ Reduced risk of a cyberattack: our pentest will help you identify and fix security vulnerabilities before they can be exploited by malicious actors. This will reduce your risk of a costly data breach or other cyberattack.

→ Improved security posture: our pentest will provide you with a detailed assessment of your security posture. This information can be used to prioritize your security investments and make informed decisions about how to improve your security posture.

→ Increased readiness against a cyberattack: our pentest report will provide you with step-by-step instructions on how to reproduce and mitigate the vulnerabilities we find. This information can be used to improve your incident response capabilities and reduce the impact of a cyberattack.

→ Compliance with regulations: many industries have regulations that require organizations to conduct regular pentests.

Why Uruguay?

Uruguay is emerging as a significant hub for technology startups due to a combination of favorable conditions including:

  • Favorable business norms: Uruguay has a business-friendly environment with low taxes, a stable economy, and a strong rule of law.
  • Skilled workforce: Uruguay has a highly skilled workforce with a strong focus on technology.
  • Governmental support: the Uruguayan government is supportive of the technology sector and has implemented a number of policies to promote innovation and entrepreneurship.

Nexa Cloud SecurElevate can help organizations assess their security posture, identify and mitigate risks, and implement best practices to protect their data and systems.

Why Nexa?

At Nexa, we strive to secure your business infrastructure with solutions as unique as your needs. Our obsession with simple security drives us to discover and neutralize vulnerabilities to accelerate your business growth.

We believe in exceeding expectations, offering more than short-term solutions - we create sustainable and scalable partnerships. We are challenge seekers, our commitments to major technology communities and strategic partners keep us at the forefront to redefine security standards and explore new frontiers in cybersecurity.


If you are interested in this offering, please leave us your contact information below, and we'll get in touch with you.